RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards.
Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become
the solution to every new problem, and we can't seem to get enough of them....
This talk will look at the underlying technology, what it's being used for, how it works and
why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly,
how this off-the-shelf technology can be used against itself... Software and Hardware tools
and techniques will be discussed and demonstrated, and a range of exploits examined in detail.
This presentation will cover a new prototype developed in Symantec Resarch Labs to run
kernel-mode drivers from user-mode. This technology is primarily intended to sandbox a
rootkit driver and monitors its activities. Utilizing this technique, the rootkit driver's
activities can be controlled. Rather than utilizing emulation, the rootkit code is run
directly on the native hardware but at ring 3. When the rootkit tries to utilize privileged
instructions or read/write/execute kernel-mode memory, the faults are captured and proxied
into the kernel, allowing the rootkit to function normally while at the same time preventing
the rootkit from escaping the sandbox. The presentation will discuss the technology behind
the prototype and demo the tool in action.
This presentation intends to discuss a new class of attack termed Permanent Denial Of Service (PDOS)
targeted against embedded devices. Specifically, a particular manifestation of PDOS will be discussed
which targets the firmware update mechanisms of embedded devices, such abuses of flash update mechanisms
to cause PDOS conditions have been named Phlash attacks (cuz every attack needs a ‘ph’ right!). Phlash
attacks targeting both the flash update mechanisms of devices, and the structuring of the binary firmware's
themselves will be discussed in a generic way. The presentation will also discuss the development of a generic
fuzzing framework called PhlashDance, which aims to assist in the automatic identification of PDOS
vulnerabilities across an extensible range of embedded devices. Beyond the pure technicalities of how
Phlash attacks may be mounted, the presentation will also discuss why such novel attack vectors will be
of particular concern to technology vendors, and the difficulties being faced in responding to and mitigating
such vulnerabilities.
Traditionally, we see scripts usage limited to web applications. However, many applications
today support the use of embedded scripts in their file formats. And we are observing more
and more of such file formats being exploited by malware creators. In this presentation,
we will look at some of the new file formats being used to hide malicious scripts,
and discuss some possible ways to detect them.
