The BlackPage

February 16, 2006

The BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community.

On The BlackPage: Taking Apart Black Boxes
by Jeff Moss posted February 16, 2006

There is growing emphasis on reverse engineering in the security community. There is also an increasing interest in hardware hacking. As more people gain understanding of the art and techniques of these disciplines, they are collectively revealing soft spots in the security of what were previously opaque systems. From closed-sourced, proprietary software to peripheral devices, we are finally seeing in-depth, third-party security reviews.

FX has turned his attention to BlackBerry devices with outstanding results. Mikko Kiviharju has done a really nice analysis of Microsoft's consumer finger-print scanner to understand why it is not recommended for security applications. Mikko's analysis details a path that could be used to analyze other finger-print scanner devices and reveals secrets about how biometric analysis is being done by one of the dominate companies in the space. Philippe Biondi and Fabrice Desclaux dug deep into Skype to uncover secret vodoo of the Skype security model, protocols and counter-measures that have been bandied about. I hope these presentations are the tip of the iceberg in a growing trend of detailed third-party review. As the defense of obfuscation slowly crumbles, vendors have little choice but to build more secure systems from the very beginning.

These trends mirror what we have seen on the training side of Black Hat. Years ago Halvar Flake was the only one teaching reverse engineering. Now we have about a half dozen instructors teaching various aspects of reverse engineering and its applications. On the hardware side, Joe Grand offered our first hardware hacking class at last year's Black Hat Briefings in Las Vegas with great success. Joe will be teaching two classes again this year in Las Vegas, and we expect to see growth in the hardware security over the next few years.

Hacking fingerprint scanners - why Microsoft's Fingerprint Reader is not a security feature

by Mikko Kiviharju posted February 16, 2006

6.11.
The Fingerprint Reader arrived finally. Now here's a curious disclaimer from MS: this should not be used as a security feature. Like buying a car and told it's no good for driving! Tried to find the reason- no luck yet... maybe I'll try looking into it tomorrow.

9.11.
Hey, just found out that Griaule makes an SDK that uses Microsoft's Fingerprint reader. You can also save _encrypted_ images to the disk with that. Maybe that's the same format as Microsoft uses...

Made a few tests, the encrypted images USE THE SAME BL***Y KEY every time! Scan two times, subtract, and lo and behold: out comes the original fingerprint! Greaaaat key management, guys...

Hmmm, to come to think of it, subtracting should produce a black image, but hey, biometric scans are never alike! And thanks to Digital Persona's good hardware, two scans are well rotated, scaled, moved and whatnot to the same position, so the differences are only the different grey-level values in the scan.

Also looks like the encryption mode is OFB: tried erasing the encrypted picture from places and exactly those places were decrypted to garbage. From encryption point of view, it would have been better if they used CFB/CBC, that at least would have given garbage out of the subtraction. Well, you can't have everything.

13.11.
Okay, I've just realized that USB-sniffers probably come in software, too, waaay cheaper it seems. Installed the one in today. It sure does generate a lot of cr... log files. From the looks of it, mostly zeroes are coming out from the reader. That CAN'T be encrypted data. Have to filter the good stuff out.

15.11.
Man, there are a lot of USB-specific stuff going in and out the reader. Building a good filter was a good idea, especially, when the SCANS BLURT OUT AS IS. No crypto at all, no siree. I wonder, prolly no keys either...

16.11.
Well that took a lot of matching. Damned image headers and type-messages... ok, but there's simply just not enough room or variety for the keys to be there. So checkmate, MS, no cipher, no key management, no nuttin'.

Silver Needle in the Skype

by Philippe Biondi & Fabrice Desclaux posted February 16, 2006

It is a piece of software with many layers of obfuscation, that can bypass firewalls, record your microphone, find your proxy credentials in your profiles, whose communications are encrypted and benefit from a peer to peer architecture, that can be found on many computers of governmental organisations or research laboratories. What is it? The latest backdoor? A spyware from an evil organisation?

No. It is used by your grandmother to call her sister. It's a VOIP program. It's Skype.

Many things have been said on Skype. The level of obfuscation suggests the existence of hidden dark secrets and has given birth to so many myths that we needed to go and see what was really was on. This presentation is about what we found in the belly of the beast.

upcoming events

USA Briefings & Training 2007
July 28-August 2
Las Vegas

Japan Briefings & Training 2007
October 23-26
Tokyo

DC Briefings & Training 2008
February
Washington DC Area

Europe Briefings & Training 2008
March 25-28
Amsterdam

USA Briefings & Training 2008
August 2-7
Las Vegas

the BlackPage Archives
See past BlackPage articles.


the BlackPage archives
Black Hat Logo
(c) 1996-2007 Black Hat