25th Chaos Communication Congress
Opening Black Boxes
One trend you couldn't fail to notice was the inroads that hackers have made into hardware black boxes. Collien Mulliner, from Fraunhofer SIT, demonstrated telephone vulnerabilities, investigating buffer overflows in Symbian OS in the process.
Harald Welte took this a step further in his guide to dismantling smartphones. More and more high-end mobile devices have two controllers: an Application Processor (AP) that handles application control, and a Baseband Processor (BP) that handles wireless activity and phone calls.
Despite increasing numbers of SDKs for the AP – or for higher-level layers, such as Google Android – manufacturers are still reticent when it comes to hardware, which is all the more reason for Welte & Co. to investigate the hardware more closely. Many telephones have debugging soldering points for the JTAG interface on their PCBs. With more than a little dexterity and a trusty soldering iron, hackers can attach and fire up a serial console (Figure 5).
Whereas the first days of the congress were colorful and entertaining, but lacking in novelties, the organizers pulled a security ace out of their sleeves on the final day. After all, data tourists used to visit Berlin to marvel over the latest vulnerabilities. An international team of researchers and hackers disclosed how they had exploited a known, but widely ignored, MD5 vulnerability, with a couple of hundred dollars, and 200 PlayStations to create a CA keypair that was indistinguishable from the real thing.
There was no answer to the question of whether investigation authorities have purchased CA certificates yet to comply with the BKA (Germany's Federal Criminal Police Office) rules introduced at the beginning of 2009. At the end of the event, our verdict was mixed – overfilled rooms, a variety of topics, and an audience that was wide awake but still slightly puzzled as to whether it was currently witnessing the sell-out of freedom on the network.
Buy this article as PDF
Should you trust an online service to store your online passwords?
New B+ board lets you build cool things without the complication of a powered USB hub.
Redmond rushes in to root out alleged malware haven.
New initiative will bring futuristic virtual reality effects to the web surfing experience.
Dyreza malware launches a man-in-the-middle attack that compromises SSL.
New cloud combines worldwide access with local attention to data security.
FOSS community acts to protect freedom of choice for laptop devices.
Authorities in 16 countries take action against users of the imfamous BlackShades malware tool.