25th Chaos Communication Congress
Opening Black Boxes
One trend you couldn't fail to notice was the inroads that hackers have made into hardware black boxes. Collien Mulliner, from Fraunhofer SIT, demonstrated telephone vulnerabilities, investigating buffer overflows in Symbian OS in the process.
Harald Welte took this a step further in his guide to dismantling smartphones. More and more high-end mobile devices have two controllers: an Application Processor (AP) that handles application control, and a Baseband Processor (BP) that handles wireless activity and phone calls.
Despite increasing numbers of SDKs for the AP – or for higher-level layers, such as Google Android – manufacturers are still reticent when it comes to hardware, which is all the more reason for Welte & Co. to investigate the hardware more closely. Many telephones have debugging soldering points for the JTAG interface on their PCBs. With more than a little dexterity and a trusty soldering iron, hackers can attach and fire up a serial console (Figure 5).
Whereas the first days of the congress were colorful and entertaining, but lacking in novelties, the organizers pulled a security ace out of their sleeves on the final day. After all, data tourists used to visit Berlin to marvel over the latest vulnerabilities. An international team of researchers and hackers disclosed how they had exploited a known, but widely ignored, MD5 vulnerability, with a couple of hundred dollars, and 200 PlayStations to create a CA keypair that was indistinguishable from the real thing.
There was no answer to the question of whether investigation authorities have purchased CA certificates yet to comply with the BKA (Germany's Federal Criminal Police Office) rules introduced at the beginning of 2009. At the end of the event, our verdict was mixed – overfilled rooms, a variety of topics, and an audience that was wide awake but still slightly puzzled as to whether it was currently witnessing the sell-out of freedom on the network.
Buy this article as PDF
Kernel king admits his tone has alienated volunteers, but says the demands of the process require directness.
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.