February 16, 2006 - Taking Apart Black Boxes
by Jeff Moss
There is growing emphasis on reverse engineering in the security community. There is also an increasing interest in hardware hacking. As more people gain understanding of the art and techniques of these disciplines, they are collectively revealing soft spots in the security of what were previously opaque systems. From closed-sourced, proprietary software to peripheral devices, we are finally seeing in-depth, third-party security reviews.
FX has turned his attention to BlackBerry devices with outstanding results. Mikko Kiviharju has done a really nice analysis of Microsoft's consumer finger-print scanner to understand why it is not recommended for security applications. Mikko's analysis details a path that could be used to analyze other finger-print scanner devices and reveals secrets about how biometric analysis is being done by one of the dominate companies in the space. Philippe Biondi and Fabrice Desclaux dug deep into Skype to uncover secret vodoo of the Skype security model, protocols and counter-measures that have been bandied about. I hope these presentations are the tip of the iceberg in a growing trend of detailed third-party review. As the defense of obfuscation slowly crumbles, vendors have little choice but to build more secure systems from the very beginning.
These trends mirror what we have seen on the training side of Black Hat. Years ago Halvar Flake was the only one teaching reverse engineering. Now we have about a half dozen instructors teaching various aspects of reverse engineering and its applications. On the hardware side, Joe Grand offered our first hardware hacking class at last year's Black Hat Briefings in Las Vegas with great success. Joe will be teaching two classes again this year in Las Vegas, and we expect to see growth in the hardware security over the next few years.
Hacking fingerprint scanners - why Microsoft's Fingerprint Reader is not a security feature
by Mikko Kiviharju posted February 16, 2006
The Fingerprint Reader arrived finally. Now here's a curious disclaimer from MS: this should not be used as a security feature. Like buying a car and told it's no good for driving! Tried to find the reason- no luck yet... maybe I'll try looking into it tomorrow.
Hey, just found out that Griaule makes an SDK that uses Microsoft's Fingerprint reader. You can also save _encrypted_ images to the disk with that. Maybe that's the same format as Microsoft uses...
Made a few tests, the encrypted images USE THE SAME BL***Y KEY every time! Scan two times, subtract, and lo and behold: out comes the original fingerprint! Greaaaat key management, guys...
Hmmm, to come to think of it, subtracting should produce a black image, but hey, biometric scans are never alike! And thanks to Digital Persona's good hardware, two scans are well rotated, scaled, moved and whatnot to the same position, so the differences are only the different grey-level values in the scan.
Also looks like the encryption mode is OFB: tried erasing the encrypted picture from places and exactly those places were decrypted to garbage. From encryption point of view, it would have been better if they used CFB/CBC, that at least would have given garbage out of the subtraction. Well, you can't have everything.
Okay, I've just realized that USB-sniffers probably come in software, too, waaay cheaper it seems. Installed the one in today. It sure does generate a lot of cr... log files. From the looks of it, mostly zeroes are coming out from the reader. That CAN'T be encrypted data. Have to filter the good stuff out.
Man, there are a lot of USB-specific stuff going in and out the reader. Building a good filter was a good idea, especially, when the SCANS BLURT OUT AS IS. No crypto at all, no siree. I wonder, prolly no keys either...
Well that took a lot of matching. Damned image headers and type-messages... ok, but there's simply just not enough room or variety for the keys to be there. So checkmate, MS, no cipher, no key management, no nuttin'.
Silver Needle in the Skype
by Philippe Biondi & Fabrice Desclaux posted February 20, 2006
It is a piece of software with many layers of obfuscation, that can bypass firewalls, record your microphone, find your proxy credentials in your profiles, whose communications are encrypted and benefit from a peer to peer architecture, that can be found on many computers of governmental organisations or research laboratories. What is it? The latest backdoor? A spyware from an evil organisation?
No. It is used by your grandmother to call her sister. It's a VOIP program. It's Skype.
Many things have been said on Skype. The level of obfuscation suggests the existence of hidden dark secrets and has given birth to so many myths that we needed to go and see what was really was on. This presentation is about what we found in the belly of the beast.
Information in Unusual Places
I agree with Mariusz Burdach when he says that volatile memory analysis will be used more often in the future to find evidence. This is often the only place where advanced code resides. At Black Hat Federal he will release two tools to analyze Windows and Linux memory images, which is a great step forward in the effort to bring these techniques to a wider audience... read more
Disinfecting Your Phone Without Lysol?
I suggest securing your smart phone before attending Black Hat Federal next week or any other time you go out. Sophisticated attackers are now starting to concentrate on mobile platforms. We will soon see attacks going from primitive to advanced, especially considering almost all “important” people now own a smart phone... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules