As long as computers slavishly follow human-coded instructions there will exist exploits, some very clever, that coerce the systems into behaving outside of their intended parameters. Today's quartet of Black Hat Europe 2014 highlights all explore instances of such digital hoodwinks, with some more serious than others.
These days, the number-one, most commonly dispensed security tip is probably "enable two-factor authorization." And indeed, it's a good idea and does stop the bad guys... right? Quite often, certainly, but not always, and in his Briefing Two Factor Failure, Ryan Lackey will show you some of the vulnerabilities -- both glaring and subtle -- found in many 2FA systems, some of which sacrifice security for usability. He'll wrap by disclosing a new mobile phone-based attack, and discuss best 2FA deployment practices.
Conventional wisdom warns against putting all one's eggs in a single basket, yet the WebKit web-rendering engine is dominant across many major platforms. To be fair, Apple, Google et all have done a good job of hardening it over the years, such that critical vulnerabilities like heap overflows are difficult to achieve. Difficult, but not impossible. WebKit Everywhere: Secure or Not? will show that defeating WebKit-based applications is still feasible, demonstrating two new exploits to achieve remote code execution, on desktop and mobile.
Name a game and we'll show you people who cheat, and cheating's perhaps most endemic in online videogames. Ever since the dawn of online gaming developers have engaged in an technological arms race with players who would cheat, and todays cheats -- and anti-cheats -- grow increasingly complex. External anti-cheat libraries offer developers some relief, but Next Level Cheating and Leveling Up Mitigations will explore how centrally managed anti-cheat servers offer an ideal target for attackers.
Finally, return-to-user (ret2usr) attacks take advantage of the weak separation of kernal context from user space to redirect corrupted kernel pointers to controlled user-space data. Several kernel-hardening approaches attempt to prevent this, as well as new hardware features from Intel and ARM. But ret2dir: Deconstructing Kernel Isolation will demonstrate that fundamental OS design choices still allow for conditions of implicit sharing, opening the door to complete circumvention of both software and hardware kernel isolation protections. Dubbed ret2dir, this attack could potentially be blocked in Linux by implementing an exclusive page frame ownership scheme.
Intrigued? We hope so! Head on over to Black Hat Europe 2014's registration page to get your attendance plans in order.