Archives of POC2015

 

 Andrei Costin, “Security of Embedded Devices' Firmware - Fast and Furious at Large Scale”

 

 Brian Gorenc, Abdul-Aziz Hariri, Jasiel Spelman, “Analyzing Arcane Attack Vectors: Adobe Reader's Logical Way to SYSTEM”

 

 Celil UNUVER & Ebubekir KARUL, “Breaking Font Parsers”

 

 Florian Grunow, Felix Wilhelm, “Hacking IBM’s GPFS”

 

 Fyodor Yarochkin, Vladimir Kropotov, “Pearls of Non-exploitation Based Recon Tactics”

 

 Gilgil, Yeongsik Moon, “Wireless(WPA) Network Based Packet Dissecting”

 

 Huang Lin, Yang Qing, “Low-cost GPS Spoofing by SDR Tools”

 

 Jeremy Brown, “Hacking Virtual Appliances"

 

 Liang Chen, Shuaitian Zhao, “OS X kernel is as strong as its weakest part"

 

 Maria Garnaeva & Denis Makrushin, “THE ANSWER TO THE QUESTION "WHO?" WAVES OF VICTIMS OF THE ATTACKS MORE THAN AN ANSWER TO THE QUESTION "HOW?"”

   

 MJ0011, “Heading beyond the Edge of Windows 10 Security”

   

 Pangu, “Hacking from iOS8 to iOS9”

   

 SinCity, “What if Fire Sale occurs in Korea?”

   

 SysSec@KAIST, “Breaking VoLTE, not VoIP”

   

 Thegrugq, “Cyberwar of Nation State Level”

   

 Wenyuan Xu, “Imperfections of Accelerometers Make Smartphones Trackable”

   

 Yuji Ukai, “Cyber security required to protect human life”

   

Events of POC2015

Belluminar by POC

Belluminar is the hacking contest of POC. Belluminar is from ‘Bellum’(war in Latin) and ‘seminar’. It is not a mere hacking contest but a kind of festival consisted of contest & seminar. This year, only invited teams can join Belluminar. Each team can show its ability to attack what other teams want to protect and can defend what others want to attack. Belluminar is composed of a CTF(1st day or half day more) and a seminar for the solution about challenges(2nd day). 

- Each team must make two challenges that other teams will attack.
- Each team can apply new protection techniques.
- Each team can apply its own protection techniques.
- However, each team must prove it can exploit its own challenges.



Power of XX by SISS & HackerSchool

Who can show the power of XX this year? 'Power of XX' is the only one hacking contest for women. Especially, the winner(s) of Power of XX this year, can get a chance to participate in PHDays2015 CTF final round in Moscow, Russia. Also, air tickets and hotel accomodations for 4-5 members will be offered by PHDays, too. We hope you can have the chance.
  - Qualification Round: Oct 10, Sat 10:00 - 18:00 (KST) / Online
  - Final Round: 11.6, Thu 09:00 - 17:00 / The-K Seoul Hotel POC Event Hall, South Korea
  - E-mail: SISSofsookmyung@gmail.com
  - Website: http://www.powerofxx.com

 
KIDS CTF by SISS & HackerSchool

'KIDS CTF' is a hacking contest for kids: Elementary school & middle school students in Korea. This event encourages young boys and girls to study information security and make ethical attitudes themselves.
  - When: Oct 31, Sat 10:00 - 18:00 (KST) / BoB Center, South Korea
  - E-mail: SISSofsookmyung@gmail.com
  - Website: http://www.kidsctf.com

          

Andrei Costin, “Security of Embedded Devices' Firmware - Fast and Furious at Large Scale”

Andrei Costin is a Computer Science graduate of the Politehnica University of Bucharest where he did his thesis work in Biometrics and Image Processing. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and also was a senior developer at a specialized firm programming various GSM/UMTS/GPS sub-systems. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family and is known as the "printer guy" for his "Hacking MFPs" and "Hacking PostScript" series of hacks & talks at various international conferences. Lately he was spotted security-harassing airplanes with ADS-B hacks, though no planes were harmed during the experiments. He is passionate about security in a holistic fashion. Currently he is a PhD candidate with EURECOM in field of "Security of embedded devices".

[Abstract] Embedded systems are omnipresent in our everyday life and are becoming increasingly present in many computing and networked environments. For example, they are at the core of various Common-Off-The-Shelf (COTS) devices such as printers, video surveillance systems, home routers and virtually anything we informally call electronics. The emerging phenomenon of the Internet-of-Things(IoT) will make them even more widespread and interconnected. Cisco famously predicted that there will be 50 billion connected embedded devices by 2020.

Given those estimations, the heterogeneity of technology and application fields, and the current threat landscape, the security of all those devices becomes of paramount importance. In addition to this, manual security analysis does not scale. Therefore, novel, scalable and automated approaches are needed.

In this talk, we present several methods that make *the large scale security analyses of embedded devices* a feasible task. We implemented those techniques in a scalable framework that we tested on real world data.

First, we collected a large number of firmware images from Internet repositories and then performed simple static analysis. Second, since embedded devices often expose web interfaces for remote administration, therefore we developed techniques for large scale static and dynamic analysis of such interfaces. Finally, identifying and classifying the firmware files, as well as fingerprinting and identifying embedded devices is difficult, especially  at large scale.

Using these techniques, we were able to discover a large number of new vulnerabilities in dozens of firmware packages, affecting a great variety of vendors and device classes. We were also able to achieve high accuracy in fingerprinting and classification of both firmware images and live devices.

This material is both important and innovative because it addresses the more and more pressing matter of securing/hacking the IoT, hence the embedded devices themselves. Moreover, it's envisioned that the topic will go in the next few years from important to critically important.

This material is definitely innovative because it will provide technical aspects of security research by combining several interesting research directions:
  - non-x86 emulation (and the caveats)
  - some aspects of static and dynamic analysis
  - machine learning
  - device fingerprinting

This material is significant because it will present the results, knowledge and insights that resulted from three years of experimentation and work using systematic, methodological and academic approaches.

Audience will be presented with technical knowledge, demos, insights, lessons learned and open challenges.
          




Brian Gorenc, Abdul-Aziz Hariri, Jasiel Spelman, “Analyzing Arcane Attack Vectors: Adobe Reader's Logical Way to SYSTEM”

Brian Gorenc is the manager of Vulnerability Research with Hewlett-Packard Security Research (HPSR). In this role, Gorenc leads the Zero Day Initiative (ZDI) program, which is the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world’s most popular software. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions.

Prior to joining HP, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter (JSF) program. In this role, he led the development effort on the Information Assurance (IA) products in the JSF’s mission planning environment.

Abdul-Aziz Hariri is a security researcher with Hewlett-Packard Security Research (HPSR). In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative (ZDI) program, which is the world's largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development.

Prior to joining HP, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team. During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, “Portrait of a Full-Time Bug Hunter”.

Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint. Jasiel's focus started off in the networking world but then shifted to development until transitioning to security. He has a BA in Computer Science from the University of Texas at Austin.

[Abstract] Adobe Reader’s JavaScript Application Programing Interfaces (APIs) offer a rich set of functionality for document authors. These APIs allow for processing forms, controlling multimedia events, and communicating with databases -- all of which provide end-users the ability to create complex documents. This complexity provides a perfect avenue for attackers to take advantage of weaknesses that exist in Adobe Reader’s JavaScript APIs.

In this talk, we provide insight into both the documented and undocumented APIs available in Adobe Acrobat and Adobe Reader. Several code auditing techniques are shared to aid in vulnerability discovery, along with numerous proofs-of-concept that highlight real-world examples. We also detail how to chain several unique issues together to obtain code execution in a privileged context. Finally, we describe how to construct an exploit that achieves remote code execution without the need for memory corruption.

The talk also covers the Shared Memory attack surface in Adobe Reader and Acrobat. These applications utilize a Shared Memory region to support its Updater functionality. We describe weaknesses that existed in this Shared Memory region and how the updater capabilities can be abused. Finally, we step through an exploit for CVE-2015-5090 that achieves SYSTEM-level escalation of privileges using the weaknesses in this Shared Memory region.




Celil UNUVER & Ebubekir KARUL, “Breaking Font Parsers”

Celil Unuver is co-founder & principal security researcher of SIGNALSEC Ltd. He is also organizer of NOPcon. His areas of expertise include Vulnerability Research & Discovery, Exploit Development and Reverse Engineering. He has been a speaker at CODE BLUE Japan, CONFidence, Swiss Cyber Storm, c0c0n, DefCamp, Kuwait Info Security Forum. He enjoys hunting bugs and has discovered critical vulnerabilities affect well-known vendors such as Adobe, Microsoft, HTC, IBM, Novell etc.

Ebubekir Karul is a security researcher at SIGNALSEC Ltd. He is mainly interested in reverse engineering, windows internals, malware research. He is also an undergrad student in Physics faculty of Marmara University.

[Abstract] Miyamoto Musashi says there is more than one path to the top of the mountain. Many researchers have targeted Windows Kernel with TTF before and TTF is a hot topic in vulnerability research. We see TTF exploits targeted Windows Kernel used by APT groups. However, bug hunters didn’t spend too much time to fuzz TTF parsers of user-mode applications. Thus, client-side popular applications have a lot of bugs in rendering TTF files.

In this talk, we are going to explain quick internals of TTF format and some hints about fuzzing TTF file format. We will discuss which applications handle TTF files to identify possible targets for bug hunters. Next, we're going to introduce a structure-aware TTF fuzzer that we developed and used in a short period. We will also show some vulnerabilities (e.g. ZDI-CAN-3102) discovered by the fuzzer.




Florian Grunow, Felix Wilhelm, “Hacking IBM’s GPFS”

Florian Grunow holds a Bachelor’s degree in Medical Computer Sciences and a Master’s degree in Software Engineering. He used to work in hospitals and got an inside view on how the daily work of healthcare professionals dealing with IT looks like. He now works as a Senior Security Analyst at ERNW in Heidelberg, Germany, with a focus on application security.

Felix Wilhelm

[Abstract] The IBM General Parallel File System (IBM GPFS) is a high performance cluster file system powering some of the world's biggest super computers. Customers range from major three letter agencies to cloud providers and many universities around the globe. This makes it a prime target for attackers as not only the data stored in the file system is valuable, but also the machines running the GPFS are quite powerful, too and are integrated in the core infrastructure.

Besides presenting a detailed overview of the GPFS architecture and the flaws that come with it, we walk through the discovery and exploitation of multiple bugs that looked simple at first but developed to a very special journey into the guts of GPFS.

After a short technical analysis of GPFS we will be showing a local privilege escalation through a format string bug that is exploited in a very creative way. We will then perform a remote root exploit for IBM's GPFS and in addition a local kernel exploit.

To close the session we will discuss the disclosure timeline and the patch provided by IBM, which does not solve the problems directly.




Fyodor Yarochkin, Vladimir Kropotov, “Pearls of Non-exploitation Based Recon Tactics”

Fyodor Yarochkin is currently a Senior Threat Researcher at VArmour and a Ph.D. candidate at EE, NTU. His strong technical background combined with his fluency in Russian, English, and Chinese, has allowed him to become a world expert on cyber crime, especially on monetization schemes and the role of digital currencies. An early Snort developer, he frequently speaks at security conferences, including BlackHat US '13 '10 '05, BlackHat Singapore '01, BlackHat HK '01, BlueHat '10, RusCrypto '14, HITCon '14 '13, HoneyCon '14, HITB KL '12, HITB AMS '13, PHDays '14 '13, GroundZero '13, ZeroNights '12 '11, OWASP India '12, Hacklu '12, Nullcon '11, ACAMS APAC '11, SyScan TW '11 '10, OWASP Asia '08 '07, VNSecurity '07, XCon '06 '03, HITB '05 '04, SyScan '05, Bellua '05, Ruxcon '03. 

Vladimir Kropotov is an independent security researcher and Monitoring (SOC) team lead at Positive Technologies. His main interests lie in network traffic analysis, incident response, botnet investigations, and cybercrime. He is a frequent speaker at a number of conferences including HITB, CARO, PhDays and ZeroNights. 

[Abstract] This talk will walk through several case studies of in the wild reconnaissance activities and explain techniques, tactics and primarily objectives of non intrusive network discovery,particularly prevalent in targeted attacks.




Gilgil, Yeongsik Moon, “Wireless(WPA) Network Based Packet Dissecting”

Gilgil is a system programmer experienced in network traffic analysis. He has worked for a nubmer of network security companies making L7 switch appliance.

Yeongsik Moon is a student in the Department of Convergence Security at Kyonggi University and a member of K.knock. Currently He is working on a project about "bypass WIPS defense" at the BOB 4th.

[Abstract] Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, WEP. Wireless(WAP) packets can be dissected if only a hacker is able to figure out EAPoL(Extensible Authentication Protocol over LAN) frames and WPA key. This time, let me show you how wireless packets are dissected into Ethernet frame and how a hacker acquires victim's personal information.




Huang Lin, Yang Qing, “Low-cost GPS Spoofing by SDR Tools”

HUANG Lin is a wireless security researcher, from Unicorn Team of Qihoo 360 China. Before entering Qihoo, she worked for telecom operator, for 9 years, as a wireless researcher. Her interests include the security issues in wireless communication, especially the cellular network security, and also other problems in ADS-B, GPS, Bluetooth, Wifi, and automotive electronics. She is one of the earliest users of USRP in China, and keeps active in SDR/USRP research and development since 2006. In 2009, She wrote one free e-book for GNU Radio training, which is very popular in China.

YANG Qing is the team leader of Unicorn Team in Qihoo 360 Technology Co. Ltd. He has rich experiences in wireless and hardware security area, including WiFi penetration testing, cellular network interception, IC card cracking etc. His interests also cover embedded system hacking, firmware reversing, automotive security, and software radio. He is the first one who reported the vulnerabilities of WiFi system and RF IC card system used in Beijing subway.

[Abstract] It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning information. There are many companies provide commercial GPS emulators, which can be utilized by attackers to do GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF / HackRF. This makes the attack cost very low. It may influence all the civilian GPS chipset.

In this presentation, the basic GPS system principle, signal structure, mathematical models of pseudo-range and Doppler effect will be introduced. Some demos will be given to show the influence of GPS spoofing on cellphones, cars, drones etc.




Jeremy Brown, “Hacking Virtual Appliances"

Jeremy Brown is a security researcher focused on application security, largely involved in vulnerability research and development. He has gained extensive software security experience working at a large software company for several years on various projects including exploit mitigations, scalable fuzzing and kernel security. Other interests include static analysis, penetration testing and all things fascinating in the field of computer security.

[Abstract] Virtual Appliances have become very prevalent these days as virtualization is ubiquitous and hypervisors commonplace. More and more of the major vendors are providing literally virtual clones for many of their once physical-only products. Like IoT and the CAN bus, it's early in the game and vendors are late as usual. One thing that it catching these vendors off guard is the huge additional attack surface, ripe with vulnerabilities, added in the process. Also, many vendors see software appliances as an opportunity for the customer to easily evaluate the product before buying the physical one, making these editions more accessible and debuggable by utilizing features of the platform on which it runs. During this talk, I will provide real case studies for various vulnerabilities created by mistakes that many of the major players made when shipping their appliances. You'll learn how to find these bugs yourself and how the vendors went about fixing them, if at all. By the end of this talk, you should have a firm grasp of how one goes about getting remote root on appliances.




Liang Chen, Shuaitian Zhao, “OS X kernel is as strong as its weakest part"

Liang Chen and Shuaitian Zhao are members of Keen Team.

[Abstract] With the popularity of Apple's system, many OS X kernel vulnerabilities were discovered by fuzzing IOKit. OS X kernel exploitation technology has developed in the past few years, yet recent Apple patches have mitigated most of those technology to avoid generic address leak as well as zone Feng Shui approaches, which, as a result, make harder to exploit OS X kernel vulnerabilities. 

In the first part of this talk, we will show several vulnerabilities discovered by KeenTeam whose details have never been published before. Then we conclude about several root causes to Apple IOKit driver's weakness, and how to take advantage of those weakness to find bugs more efficiently. 

The second part will cover how to exploit a vulnerability in such case, and how to pave a road from crash to root with the presence of Apple’s new mitigation.




Maria Garnaeva & Denis Makrushin, “When the anonymity ends for darknets”

Maria Garnaeva & Denis Markrushin are members of Global Research and Analysis Team of Kaspersky.

[Abstract] In this track we will discuss the methods and tools that can be used by an attacker, who wants to get information about the user, his behavior and who implements not only trivial traffic analysis on the output nodes, but also combines the rendering features, onion-resources vulnerabilities exploitation and some misconfigurations of Tor Browser.

Tor with their "Onion" routing and I2P with "garlic" routing attracts more and more users as they are able to hide large volumes of traffic and important security events. Many researches show that the current implementation of the "network on top of the network" impugns the traditional idea about anonymous Internet.

We'll discuss what can be discovered about the darknet residents using some techniques and who may benefit from it. We will show what type of information can be leaked through JavaScript functions which are not added to blacklist by Tor Browser developers. Considering the attacking scenario also in the context of onion resources, we can come to the conclusion that the output nodes operation, vulnerable sites and darknet onion-doorways can produce the psychological portrait of the typical resident of the darknet. Also we will provide a little bit tasty statistics about Tor users and their behavior in the darknet.




MJ0011, “Heading beyond the Edge of Windows 10 Security”

MJ0011 is the general manager in the Department of Core Security at Qihoo360 Technology. He leads the vulnerability research team 360Vulcan which has achieved hundreds of CVEs from Microsoft/Apple/Adobe and won the Pwn2Own2015 IE target.

[Abstract] Starting from Windows 10 Tech Preview version to July's RTM release, Microsoft never stops the pace of pursuing the most secure operation system by adding more security features to the system. It includes Control Flow Guard, Font Mitigations, Symbolic Link Mitigations and Virtualization Security ( Credential Guard & Device Guard). Besides, Microsoft has introduced a new Edge browser with more strict security policies and features compared to Internet Explorer. However, New bugs will always be found in new "security" code. 

This presentation will cover two main aspects. First, I will summarize the new security features in Windows 10 and some security failures in the newly added code. Second, I will focus on an unpatched sandbox escape bug in Edge browser. This bug has been denied by Microsoft, but I will present how this vulnerability and an unpublished RCE vulnerability can be used to completely compromise the new Edge browser remotely. Over the past 6 months , I have been working hard on persuading Microsoft to fix the sandbox escape vulnerability, however ,the communication was not as smooth as I excepted.




Pangu, “Hacking from iOS8 to iOS9”

Team Pangu consists of several senior security researchers and focuses on mobile security research. Team Pangu is known for the multiple releases of jailbreak tools for iOS 7, iOS 8, and iOS 9. Team Pangu actively shares knowledge with the community and presents the latest research at well known security conferences including BlackHat, CanSecWest, POC, and Ruxcon. 

[Abstract] From iOS 8 to iOS 9, Apple made significant process in security. This talk will elaborate new security features and significant security changes from iOS 8 to iOS 9. In particular, this talk will share the details of kernel vulnerability exploited by Pangu9, the first untethered jailbreak tool for iOS 9, and discuss the roadmap of creating a successful kernel exploit defeating all mitigations.




SinCity, “What if Fire Sale occurs in Korea?”

The team 'SinCity' was founded in August, 2015.The members of the team SinCity are Seo-Yun Choi, Sang-Min Lee, Woo-Won Kang, Seoung-Oh Seo, Ho-Jung Han, Nikolay Akatyev and Jae-il Lee. Recently, SinCity is doing research about IoT, embedded system and network of Smart Home and SCADA systems. 

[Abstract] You can see ‘Fire Sale’ on DieHard4.0. Fire Sale is an all-out cyberwarfare attack that performs a three-stage systematic attack on a nation's computer infrastructure. We will prove that Fire Sale can occur in Korea.




SysSec@KAIST, “Breaking VoLTE, not VoIP”

Hongil Kim is a Ph.D. candidate in System Security Laboratory from Korea Advanced Institute of Science and Technology. He received his M.S. and B.S. in electrical engineering from KAIST. He has broad interests in system security. Especially, He is mainly working on cellular network system and mobile device security.

Dongkwan Kim is a student in a master's degree in the Department of Electrical Engineering at KAIST. He is interested in various fields of security: cellular network, embedded devices, sensing and actuation systems. He is now working on designing secure architecture of cellular network, and building a spoofing detection and prevention framework for sensing and actuation systems. He has been working on several embedded devices such as automobiles, smart TVs, network routers, and femtocells. He participated in several hacking CTFs (DEFCON, Codegate, Whitehat Contest, HDCON) as a member of KAIST GoN. He holds a BS from KAIST (2014) in CS. 

[Abstract] Long Term Evolution (LTE) is becoming the dominant cellular networking technology, shifting the cellular network away from its circuit-switched legacy towards a packet-switched network that resembles the Internet. To support voice calls over the LTE network, operators have introduced Voice-over-LTE (VoLTE) that dramatically changes how voice calls are handled both from the user equipment and the infrastructure perspective. We find that this dramatic shift opens up a number of new attack surfaces that have not been previously explored. To call attention to this matter, this paper presents a systematic security analysis.

Unlike the traditional call setup, VoLTE call setup is controlled and performed at the Application Processor (AP), using the SIP over IP. A legitimate user who has control over AP can potentially control and exploit the call setup process to establish a VoLTE channel. This combined with the legacy accounting policy (e.g., unlimited voice and the separation of data and voice) leads to a number of free data channels. In the process of unveiling the free data channels, we identify a number of additional vulnerabilities of early VoLTE implementations, which lead to serious exploits, such as caller spoofing, over-billing, and denial-of-service attacks. We identify the nature of these vulnerabilities and concrete exploits that directly result from the adoption of VoLTE. We also propose immediate countermeasures that can be employed to alleviate the problems. However, we believe that the nature of the problem calls for a more comprehensive solution that eliminates the root causes at mobile devices, mobile platform, and the core network.




Thegrugq, “Cyberwar of Nation State Level”

Thegrugq 





Wenyuan Xu, “Imperfections of Accelerometers Make Smartphones Trackable”

Wenyuan Xu received her B.S. degree in electrical engineering with the highest honor from Zhejiang University in 1998, an M.S. degree in computer science and engineering from Zhejiang University in 2001, and the Ph.D. degree in electrical and computer engineering from Rutgers University in 2007. She is a professor in the college of Electrical Engineering, Zhejiang University, and an associate professor in the Department of Computer Science and Engineering, University of South Carolina. Her research interests include wireless networking, network security and privacy. Dr. Xu is a co-author of the book Securing Emerging Wireless Systems: Lower-layer Approaches, Springer, 2009. She received the United State NSF Career Award in 2009 and was selected as the 1000 Young talents of China in 2012. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she currently serves as the associate editor of EURASIP Journal on Information Security, Ad Hoc & Sensor Wireless Networks (AHSWN). 

[Abstract] As mobile begins to overtake the fixed Internet access, ad networks have aggressively sought methods to track users on their mobile devices. While existing countermeasures and regulation focus on thwarting cookies and various device IDs, this talk submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users. We believe that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus. The differences in responses are subtle enough that they do not affect most of the higher level functions computed on them. Nonetheless, upon close inspection, these fingerprints emerge with consistency, and can even be somewhat independent of the stimulus that generates them. Utilizing accelerometer fingerprints, a crowd-sourcing application running in the cloud could segregate sensor data for each device, making it easy to track a user over space and time. Such attacks are almost trivial to launch, while simple solutions may not be adequate to counteract them. 





Yuji Ukai, “Cyber security required to protect human life”

Yuji Ukai is the chief executive officer of FFRI, Inc, known as a technical opinion leader in Japanese security industry.

After completing his Ph.D. in computer science at the National University of Tokushima, he began his employment at Kodak research and development center in Japan where he worked on research and development for digital device and embedded security.

In 2003, he moved to United States and started working on development of vulnerability scanner product at eEye Digital Security as a Senior Software Engineer. He also worked for research of vulnerability analysis, vulnerability auditing, malware analysis, embedded system security, P2P network security, etc. as a Senior Research Engineer at eEye research group. In 2007, he moved back to Japan and became a co-founder of Fourteenforty Research Institute, Inc. Over the last several years, he discovered many critical security vulnerabilities affecting various software products as well as pioneered vulnerability analysis and exploitation of embedded system based on real time operating systems.

[Abstract] Cybercrime targeting financial fraud is increasing worldwide. And it has given a big damage to the economy. Countermeasures will become more necessary because monetary damage caused by cybercrime will increase. However, damage is not only money.We are concerned that it would be threatening human life in the future.

New cybercrime threats would emerge behind IoT. If a particular IoT device is attacked, the damage will extend to human life. For example, we are concerned about carjacking from remote. We should be researching security against such threats.

In this talk, we introduce overview of our research about code execution theory on vehicle ECU and threat analysis of IoT platform. 





Organizer


Partner Company






Copyright(c) 2006 ~ Powerofcommunity All rights reserved.