Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 21st year providing attendees with the very latest in research, development and trends. This six day event begins with four days of intense technical training for security practitioners of all levels (August 4-7) followed by the two-day main conference featuring Briefings, Business Hall, Arsenal, and more (August 8-9)
(Source: Black Hat Conference USA 2018)
1) KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
Speaker: Liang Chen
n this talk, we will introduce the concepts essential to our bugs, which includes: - Indirect DMA features exposed to iOS userland - The implementation of IOMMU memory protection - Notification mechanism between GPU and Apple Graphics driver The next part will cover two bug details: one in DMA handling with host virtual memory, and another out-of-bound write issue caused by potentially untrusted userland read-only memory. Lastly we talk about how we combine two flaws across different Apple Graphics components to achieve reliable kernel code execution from iOS application sandbox.
2) LTE Network Automation Under Threat
Speaker: Altaf Shaik, Ravishankar Borgaonkar
The control and management of mobile networks is shifting from manual to automatic in order to boost performance and efficiency and reduce expenditures. Especially, base stations in today's 4G/LTE networks can automatically configure and operate themselves which is technically referred to as Self Organizing Networks (SON). Additionally, they can auto-tune themselves by learning from their surrounding base stations. This talk inspects the consequences of operating a rogue base station in an automated 4G/LTE network. We exploit the weaknesses we discovered in 4G/LTE mobile phones and SON protocols to inject malicious packets into the network. We demonstrate several attacks against the network and discuss mitigation from the mobile network operators perspective.
3) Back to the Future: A Radical Insecure Design of KVM on ARM
Speaker: Baibhav Singh, Rahul Kashyap
The KVM Hypervisor is part of the Linux kernel and by default it is enabled on all supported ARM system. In ARM architecture KVM is implemented through split-mode virtualization and runs across different privileged CPU modes. This talk will discuss about the design and a security issue in a way Linux kernel initializes the KVM Hypervisor. An attacker having access to host EL1 can execute code in EL2. This security issue can be exploited by an attacker to install a Hypervisor root kit on ARM system.
Speaker: Oliver Schranz
This talk shows how FExM permits automated distributed fuzzing of applications; crash exploitability classification; and is equipped with a web front end for navigating security issues in a convenient way. Our work automatically retrofits fuzzing into the security development lifecycle.
5) Stealth Mango and the Prevalence of Mobile Surveillanceware
Speakers: Andrew Blaich, Michael Flossman
In this talk, we will unveil the new in-house capabilities of a nation state actor who has been observed deploying both Android and iOS surveillance tooling, known as Stealth Mango and Tangelo. The actor behind these offensive capabilities has successfully compromised the devices of government officials and military personnel in numerous countries with some directly impacting Western interests. Our research indicates this capability has been created by freelance developers who primarily release commodity spouse-ware but moonlight by selling their own custom surveillanceware to state actors. One such state actor has been observed deploying Stealth Mango and this presentation will unveil the depth and breadth of their campaigns, detailing not only how we watched them grow and develop, test, QA, and deploy their offensive tooling, but also how operation security mistakes ultimately led to their attribution.
6) Exploitation of a Modern Smartphone Baseband
Speaker: Marco Grassi, Muqing Liu, Tianyi Xie
In this talk, we will explore the baseband of a modern smartphone, discussing the design and the security countermeasures that are implemented. We will then move on and explain how to find memory corruption bugs and exploit them. As a case study, we will explain in details our 2017 Mobile Pwn2Own entry, where we gained RCE (Remote Code Execution) with a 0-day on the baseband of a smartphone, which was among the target of the competition. We exploited successfully the phone remotely over the air without any user interaction and won $100,000 for this competition target.
Your Complete Guide To Top Talks @Black Hat Conference 2018 (USA)
Get your FREE Guide on Top Talks @ Black Hat Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at Black hat Conference into a single guide. Get your Free copy today.
Comments