Hack In The Box 2010 - Malaysia

Mon 25 October 2010 by cedric

Logo Jean-Baptiste, Jean and I were giving a talk at the HITB 2010 conference in Kuala Lumpur (KL). Jean-Baptiste was presenting his work on the analysis of DRM systems. Jean and I talked about the vulnerabilities found on the iPhone, and its security model. We will post shortly on these 2 topics. But for now, let us summarize some of the talks.

Dennis Brown from Tenable Network Security presented again his work on the capabilities to use TOR to hide the Command & Control node(s) of your botnet. It is based on a cool feature of TOR : Hidden Services. It is all the more cool that your infected nodes do not need to have a visible port on the Internet. They can be behind a NAT without any problem. The second aspect to take into account is the fact that most bots usually use the HTTP protocol to phone home and do not support any proxy. Tor2Web can be used as a solution to this problem. Get the slides from HITB website.

The grugq, funded by Coseinc, talked about fuzzing mobile phones (GSM stack) and the GSM network part (i.e. BTS, BSC, MSC as well as HLR or VLR). He detailed all the acronyms and protocol layers that make the analysis of the security of these networks really difficult at first sight: too much documentation, lots of references, all pointing to each others. For those interested in going through this, his advice is to look at the following pieces:

  • Read GSM 04 08 (which defines L3), only : here or direct link
  • Do NOT read all the documents related to GSM, as it would take serious time...
  • Browse OpenBSC source code (in C), then OpenBTS source code (in C++), then OsmocomBB

Some people were quite disappointed as it did not seem he explained everything he had found while testing the security of the network part. Get the slides from HITB website.

Mikko Hypponen, Paul Ducklin, Denis Maslennik and Dr Jose Nazario had a discussion on the "The Future of Mobile Malware & Cloud Computing". To sum things up, it seems that:

  • Mobile malwares are not very numerous for now. However, commercial spywares (such as FlexiSpy) are quite bad. This matches with what we presented about iPhone security and the fact that targeted attacks are really possible these days (private or professionnal).
  • Attackers usually take the "most used" platforms. So right now, Windows XP...That may explain why mobile platforms are not so targeted YET.
  • With mobile devices, the problem is that we can not detect malwares easily (difficult or impossible for an end-user to browse files, list processes or see what an application is really doing)
  • Right now, we have not had any malware in the wild that exploited a vulnerability on mobile devices (at least publicly disclosed). All mobile malwares have been using social engineering methods to make them install.
  • Last but not least, education of end-users takes a lost of time but there will always be some that will click where they should not. This is known for years on regular workstations, no reason to be different with mobiles (with the same success ... or not ;)

For more info, see all HiTB 2010 slides.