The years come and go, and the names of the security researchers shift around year to year, as do the form factors and devices where the vulnerabilities reside that make the biggest news. For instance, in years past the lion’s share of the security attention was spent on operating system, network, database, and web application security – and there was certainly plenty of that this year. But over the years more and more of the attention has swung to other areas of the software and system stack.
In years past, attention has been paid to hacking ATM machines, medical devices, air traffic control systems and more. This year, the bulk of concentration focused on the vulnerabilities within automobile software, mobile devices, and flaws involving the Internet of Things, firmware, and SDN Switches. With all of that in mind, here are my picks for the biggest risks exposed this year at Black Hat 2015.
As Wired reported in Andy Greenberg’s story, Hackers Remotely Kill a Jeep on the Highway—With Me in It, Greenberg traveled to St. Louis to, as he put it, be Charlie Miller and and Chris Valasek’s “crash-test dummy” to see what the pair had been up to on car hacking research. Greenberg wasn’t disappointed. In the Jeep Cherokee they used as the test system, the researchers managed to take over the client control system, change the radio station, flip on the windshield wipers, and eventually, for the main event, paralyze the car on stage.
This wasn’t the only car that fell last week, according to this Kim Zetter Wired story Researchers Hacked a Model S, But Tesla’s Already Released a Patch.
I don’t think I’m going out on a limb predicting that as cars become autonomous, software driven (literally) and connected that we are going to see more and more on automobile software vulnerabilities and that secure automobile software design is going to be a topic making headlines for years to come.
Certifi-gate, as it’s dubbed, refers to a previously unknown vulnerability in the architecture of popular mobile Remote Support Tools (RSTs). The role of RSTs is self-explanatory, and they are used by the vast majority (if not all) Android device manufacturers and telecommunication providers. The flaw, announced at Black Hat USA 2015, is actually a number of vulnerabilities in authorization approaches for the RST apps and the Android device. Exploiting the flaw would enable attackers to gain full access to the device and act as if they were the device user.
It is widely said that information, or knowledge, is power. And who can argue? That’s what makes this hack of Globalstar satellite transmissions so scary. The messages are used to track whatever needs to be tracked: ships, planes, trucks – virtually anything remote and of value. Imagine the stealing of a truck of expensive high-end televisions, but a compromise of the GPS tracking system reports back to the enterprise that the truck is safe and on schedule.
The flaw and proof of concept attack was accomplished using publicly available information and took advantage of, essentially, the lack of encryption and ability to inject data into the Satellite communication stream.
While security of IoT is often discussed in regard to how devices can be hit with denial of service attacks or to cause damage to the physical world – but it is rarely discussed as a way to steal data. Last week Ang Cui of Red Balloon Security showed how “it's possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks,” wrote Tim Greene.
This means attacks can be levied out against IoT devices that have poor security. The attack works by rapidly flipping on and off the outputs from chips on a printer, and sending the signal capable of being received by a standard ham radio.
Oh noes: Mac Zero-day Firmware Exploits
With a demonstration last week, it was shown that malware certainly can dig deep into Apple Macs. Dubbed Thunderstrike 2, researchers Xeno Kovah and Corey Kallenberg from LegbaCore, as well as Trammell Hudson from Two Sigma Investments, detailed how compromised devices could infect the firmware of a Mac by connecting through Apple’s Thunderbolt interface. While not entirely new, the attack furthers a firmware vulnerability that was made known earlier this year.
According to the researchers, Apple patched a number of – but not all – of the flaws that make the firmware attack possible.
In order to spread, the worm travels and infects systems like worms always have: trick users into inserting the worm onto their system somehow, and then any Mac that connects to the compromised Thunderbolt device will become infected itself.
We’re mostly all familiar with software-defined networks (SDNs) and all of the associated benefits. But research presented at Black Hat 2015 last week by founder of Hellfire Security, Gregory Pickett, detailed several attacks are possible against SDNs using the Open Network Install Environment. The three network operating systems that Pickett focused on were Cumulus Linux, Mellanox OS, and Switch Light. A comprised switch is a very serious breach as it enables attackers to install malware on the devices, which could be used to either sniff an enormous amount of traffic, or possibly be used to denial of service the network.
Pickett’s white paper on the research is available here, Abusing Software Defined Networks.
This certainly isn’t an all-encompassing list, but I think it’s a number of the most interesting and far-reaching research demonstrated last week. What would your picks be?