Some feedback from the 28C3 conference

Fri 13 January 2012 by cedric

Here is a summary of the talks I attended during CCC. The talks were given in 3 simultaneous tracks, so some choices had to be made. All in all, this is one of the best conferences I attended and I can only recommend it. The slides will be made available little by little. The live video streaming and the video downloads, ready only a few days later, are excellent resources to watch.

802.11 Packets in Packets (PIP)

Travis Goodspeed shows us a new class of attack. He exploits the way wireless physical layers work. These attacks are possible because:

  • wireless physical layers need to handle interference phenomenon: a wave in the air can interfere with others (so that the receiver cannot decode either correctly)
  • the receiver considers received data to be "valid" when they are "consistent", i.e. when they "look" like valid data

In practice, an interference creates more often invalid consecutive bytes than invalid isolated bits. If the (beginning of the) layer 1 of the packet is corrupted, the state machine (looking for the synchronization pattern) will look for the synchronization bit pattern later, which maps to the upper layers that are controlled by the attacker. Consequently, part of the data of the layer 7 can be interpreted as a layer-1 packet ("Packet In Packet").

This type of attack is "standard compliant" because there is no way to check the packet's integrity. Moreover, even if the vulnerability is at layer 1, the attacker may not need any radio transceiver, and can be physically distant (e.g. from the Internet).

Applications are quite limited:

  • it only works on an open WiFi spot (without encryption: WPA or WEP are not vulnerable)
  • it also works with the ZigBee technology (but there is no real-life application due to the peripherals involved)

All in all, it was an excellent talk.

Data Mining, the Israeli Population Cencus

Yuval Adam describes his analysis on the databases that leaked in 1998, 2001, 2002, 2004 and 2006, unveiling information on Israeli citizens from 1948 to 2006.

  • last name, first name
  • date of birth
  • marital status
  • parents
  • address, phone number

Other information can be inferred when comparing databases from one year to another:

  • new record: person who is born or immigrant (depending on his/her date of birth)
  • record updated: last name updated, phone number updated, address updated or deceased person
  • record deleted: ? The author confess not having any response to that...This is left to the interpretation of the reader...

His presentation shows that data interpretation is not always an easy task... (with such a leak, is the database legitimate, or was it tempered with ? if so, why ?)

Defending Mobile Phones

Karsten Nohl details his 3-year continuing work on the subject.

He uses the well-known projects:

  • OpenBTS to create a "fake" GSM antenna
  • OsmocomBB to flash a customized firmware on mobile phones

Three type of attacks are detailed:

  • impersonation: sniffing enough data in order to spoof the targeted phone
  • interception: sniffing a conversation and enough data to be able to decrypt it
  • tracking: sniffing enough data to geolocalize the targeted phone

See GSM map for results (European only for the moment).

Datamining for Hackers - Encrypted Traffic Mining (TM)

Stefan Burschka uses an interesting approach based on physics and mathematics in order to get information on a ciphered stream, without trying to decrypt it.The attacker sniffs packets, then analyzes them to deduce some characteristics of the content.

He takes Skype as an example because from the outside it is an opaque blob. He develops his presentation on this product.

Slide 11 of his presentation corresponds to a graph of IP-packet sizes:

  • there is an important load of data at the beginning, due to Skype self-learning functionality. It helps optimizing the following conversation
  • the stream type is audio so there are discussion breaks. However, in Skype, there is always some traffic, even when nobody talks
  • the minimal packet size is 3 and corresponds to an internal ping
  • the packet size in one way is more important than the other way. It means the 1st person talks more than the 2nd

A transfer function exists between the audio stream and IP packets.

Is there a way to infer if this is a man or woman that talks? How can we understand that from a packet?Considering a phrase from person A, is there a way to recognize this same phrase from person B?

Two persons saying the same phrase do modify neither the signal size nor the signal/silence presence. To do so, the author uses mathematical models (especially the Kalman filter). Consequently, if we can guess the phrase, we can create a model and we will be able to detect this sentence in 83% of cases under certain conditions...

In order to avoid that, a randomly generated padding should be added.

Stefan Burschka was a very good speaker.

Introducing OsmoCom GMR

Sylvain Munaut's talk deals with the new OsmoCom GMR project. The goal of this project is to develop a stack for satellite phones (as OsmoComBB is for the GSM). It started in July 2011 and it is currently possible to sniff some management frames (not ciphered).

What needs to be done next:

  • understand the A5/1 cipher algorithm (not the same as the GSM A5/1)
  • understand the AMBE audio codec (proprietary)
  • handle the transmission
  • etc.

Very promising.

Cellular protocols for mobile Internet

Harald Welte shows us the acronyms used in all GSM/GPRS/UMTS technologies. To get started with the subject is not an easy task, because of the many documents from the 3GPP standard that cross-reference each others. The goal of this presentation is precisely to show this diversity in order to help researchers get started with the subject.

The author specifies that he deliberately left aside the complexity of layer 1 in order to detail the other layers. We will remember the schemes containing the network stacks with all layers. They are detailed for the "control plan" (traffic management) as well as the "user plan" (data) for the GSM, GPRS and UMTS technologies...

Reverse Engineering USB devices

Drew Fisher demonstrates a classic method to develop a driver for a USB device. Using a hardware USB sniffer or the functionality of Windows/Linux, the author sniffs the proprietary communication protocol on top of the USB protocol. He determines the following fields:

  • magic number: field that is often repeated
  • length: field that is followed with a byte count corresponding to its value
  • sequence number: field that is incremented
  • timestamp: field that is sent by an endpoint and "weirdly" coincides with the time evolving

He underlines that reverse engineering tools allowing to detect or help humans to do this task would be useful...

In the end, we either understand the whole protocol or we are able to replay the bits that we did not understand in order to make it "work"!At last, he advises to use the libUSB library to access USB from userspace while prototyping the driver. It serves to not have to reload the driver every time you recompile your code.

Scada & PLC vulnerabilities

Tiffany Rad shows the results of a 2-month research period (!). Using an arbitrary access to the network of a prison, she is able to modify the behavior of a prison PLC in order to:

  • make it open the prison's doors
  • without any alarm being triggered

The scenario we consider is a USB stick plugged into a computer of the network, triggering the infection. The first reaction of prisons was to say that there is no problem since their network is not connected to the Internet. However, in practice, they discovered several cases where it was actually connected...

To get this attack working, one only need $500 for the hardware + $2000 for the software (also available on the Internet...) Finally the most difficult part was to get the right version of the software (among almost 80)

Very nice conference, I hope to get back there next year !