The 31st Chaos Communication Congress (31C3) ended just 3 days ago, and there were several interesting talks.
They have got live streaming of the event over the web, as well as encourage you to use an external player with RTMP or HLS support. The video streams were very reliable and best of all, it’s available in HD. In comparison, I tried the Apple live event once and it was really crappy. For one, the HLS1 URL is not publicly available , so someone had to dig that out and post it. Even after that, the audio stream was (I believe, unintentionally) a mix of both English and Chinese simultaneously.
The 31C3 video recordings were also uploaded very quickly after the event. This is much quicker than other events such as Black Hat (although as an attendee, you do get a copy of the stuff on a DVD). A really big kudos to the organizers and the video production team!
If you don’t have time to listen to each and every talk, here are a few selected talks that were interesting to me, as well as a short summary to see if it’s worth 30 or 60 minutes of your time.
A full list of talks can be found here: http://media.ccc.de/browse/congress/2014/index.html
“SS7: Locate. Track. Manipulate.”
Tobias Engel talks about Signalling System #7 (SS7), a dated routing protocol used in the core of mobile phone networks. SS7 is an old protocol (not unlike BGP) with no mutual authentication, and some parties in the network believe whatever you tell them, without questions. This issue is similar to how BGP routes were propagated and YouTube traffic was diverted into a black hole in 2008.
Tobias covers various messages in the SS7 protocol, how some messages can be used for tracking you, as well as record phone conversations without your knowledge. Some companies have already been using their access into the SS7 network to track users using these techniques mentioned in the talk.
You can be tracked down to an individual mobile cell by using just your phone number. These cell IDs can then be looked up using databases like the ones used by Google and Apple, which can resolve these cell IDs to provide your approximate location without using GPS. He also observed some legitimate uses for such SS7 requests from a German operator. There also exists a method which can potentially record or redirect your calls without your knowledge using the gsmSCF (GSM Service Control Function).
He also performs a demo in which he can control whether calls to a particular number are redirected to another 3rd party, or allowed to go through to the original recipient.
Pro tip: never display the number on your slide or screen — the audience will call you.
This is a follow-up talk to SS7 talk above, which Karsten particularly focuses on interception of calls and SMS text messages. Encryption keys are also exchanged over SS7, for example when handing over calls to a new zone, or making calls in a visiting country. If the keys are provided to someone who is not authorized to receive it, decryption of calls can occur. He shows a video of a demo of how SMSes can be decoded, by querying the encryption key from SS7 and capturing the RF traffic physically near the phone.
He also firmly believes that while SS7 is an old protocol, it can be fixed. Just like how the Internet is based on old protocols, but we have added SSL/TLS, firewalls and other security measures.
Lastly, he talks about IMSI catchers and how they work. He touched on gsmmap.org that was launched previously and the crowd-sourced detection of attacks on various mobile networks. He also unveils a new tool, SnoopSnitch, an Android app that uses debug data from the Qualcomm baseband to check for vulnerabilities and suspicious activities in mobile networks. Using such a tool, one can be warned of suspicious activities on the mobile network such as empty pages or silent SMSes. SnoopSnitch is also an open-source project.
Slides are available here.
“Practical EMV Pin interception and fraud detection”
This talk focuses on EMV (Europay, MasterCard, Visa) security. EMV cards are the newer ones with a “chip” on it, as opposed to the magnetic stripe which can be easily cloned. With these cards, the banks/issuers have shifted the liability of fraudulent transactions to the merchants and customers.
Andrea Barisani shows practical attacks against such cards, such as PIN interception, and how transactions can be performed without even knowing the PIN. He also describes what banks can already do (but are not doing) to detect and stop such fraudulent transactions.
There’s also a demo of how a card can be charged without knowing the PIN, showing that this “EMV security” should not be relied upon, and there is still a chance of customers’ cards being charged without their knowledge.
Peter Laackmann and Marcus Janke talk about techniques to open various types of chips. They go through various types of chips, for example special ones like optical sensors or fingerprint sensors where the chip die is directly exposed, or those with a UV window such as old EPROMs.
Those chips with exposed dies don’t really require preparation work, as they can be observed directly with a microscope. Older chips can be viewed with little magnification or the naked eye, but newer chips require higher magnification.
They briefly describe why you would want to look at the chip die, which chemicals are needed as well how to obtain them, and what you can do after revealing the chip (attack vectors).
“Fernvale: An Open Hardware and Software Platform…”
bunnie and xobs talk about how they can use the Chinese style of intellectual property sharing in order to create better innovation in the Western world. It all came about when he saw the $12 phone in Shenzhen and all these manufacturers could freely toy around with designs based around Mediatek chips like the MT6250 (260MHz ARM core). Whereas in the Western world, we were playing around with Arduinos and other smaller micros because there’s no easy way to get access to documentation and code samples for higher-end ARM chips. You will need to sign an NDA or promise a large quantity purchase first to get access.
They create a platform called “Fernvale”, which is based on the MT6260, and describes a methodology for getting access to the wealth of information available on the Internet, without infringing on copyrights and IP (and attracting law suits). To aid with reverse-engineering, xobs created an environment called fernly, containing basic commands like
hexdump that are run on the processor itself. It’s also integrated with a QEMU target and radare2. (Incidentally, this reminds me of Micah Scott’s coastermelt project, which is an IPython interface to a beach head on the Bluray drive.) Some of the information required to initialize the chip are found in public sources and translated into scriptic scripts, a language that discourages casual copy-paste but instead forces the developer to re-express facts (facts are not copyrightable).
Check out the post on bunnie’s blog here, released shortly after their talk. His blog post also contains a link to the slides. If you reverse-engineer, you might also want to check out your rights in the reverse engineering FAQ by the EFF.
“Thunderstrike: EFI bootkits for Apple MacBooks”
Trammell Hudson explains how the EFI boot ROM on your Mac can be infected. He’s the guy who worked on the Magic Lantern firmware hack for Canon cameras as well, which I use in my DSLR.
In this talk, he describes how to modify the EFI boot ROM in Apple machines, as well as reverse-engineered the layout and contents of the SPI flash chip that holds this “ROM”. He also looked into the feasibility of writing to the flash chip while the system is active (i.e. after the system has been booted). One demonstrated approach was using the Option ROM of Thunderbolt devices. Thunderbolt devices are basically PCIe devices, which could contain Option ROMs that are run when the system boots up. If you have used PCI(e) RAID cards, this is basically the part where you press some key to invoke a TUI to configure the RAID volumes.
If you don’t like to watch the talk, you can also read the article on his website, spliced with slides from the talk: https://trmm.net/Thunderstrike_31c3
“Iridium Pager Hacking”
Iridium pagers are one-way devices that receive and display pages from just about anywhere in the world. They have a network of 66 satellites, and each satellite is in line-of-sight for about 8 minutes.
Sec and schneider show that even if you don’t have much experience with RF transmissions, you can still learn along the way, provided that you have a Ettus USRP that worked so you don’t get demotivated after not being able to receive any signals. They describe how they managed to capture the RF signals from the satellites (not as easy as hoped), reverse-engineered the protocol using some scraps of information available on the Internet, and managed to intercept messages for a period of time.
The creators assumed that RF is relatively secure because it cannot be easily sniffed:
The complexity of the Iridium air interface makes the challenge
of developing an Iridium L-Band monitoring device very difficult
and probably beyond the reach of all but the most determined adversaries.
An important take-away here is to encrypt everything, especially RF signals, which can be picked up easily and everywhere.
“Preserving Arcade Games”
This is quite an illustrated and entertaining talk on the history of various arcade hardware.
Ange Albertini also describes the various copy protection that is used in the hardware, such as encryption and suicide memory. The part about the protection CPU and their effects on the various games were hilarious. You should really watch the talk for yourself.
In the end, they got lucky due to a game being released in both encrypted and unencrypted versions. He talks about how they slowly managed to gain access to the hardware, dump the ROMs, decrypt them, and finally preserve them.
The slide deck is available on Speaker Deck, but you should really watch the video of the talk.
djb and Tanja Lange start the talk with a gentle introduction to elliptic curve cryptography (ECC) by talking about “Clock cryptography” then extend this idea to elliptic curves.
They talk about various types of elliptic curves (Edwards, Montgomery) and the pitfalls involving the implementation of their addition & multiplication operations. They also talk about how curves can be chosen to prevent this from happening, and that the NIST ECC curves are prone to implementation errors. They are proposing SafeCurves for standards, so take a look if you are interested in which ECC curves are considered “safe” or relatively straightforward to implement.
Watch this talk if you would like to understand more about ECC. Also, visit the companion site to the talk here: http://ecchacks.cr.yp.to/. The slides are available in the “signature djb format” here.
- HTTP Live Streaming is natively supported by iOS and I guess subsequently on Mac OS ↩