Black Hat, Day 1: Cracking GSM and skimming ATMs
Day 1 at Black Hat brought some outstanding talks. The day started off with David Hulton (aka h1kari, also the producer of ToorCon) and Steve (from THC), who presented on "Cracking GSM". It was quite interesting due to the tie-in that David has with Pico and their use of FPGAs (Field Programmable Gate Array).
Basically, they were able to capture GSM traffic -- the traffic most of our cell phones use -- and decrypt that traffic. They reverse-engineered the encryption process and then used the FPGAs to increase the speed of the whole process by an amazing amount. I don't have the exact numbers, but let's just say it went from impossible to potentially done in 30 seconds. As always, David is brilliant. The talk, while complex, was easy to follow and understand and the audience had some great questions.
The next talk I watched was a presentation by my good friends Billy Rios and Nitesh Dhanjani called "Bad Sushi". I have to say that this was the best talk of the whole day -- completely unique and untouched upon by previous research. Basically they were able to track down phisher's and paint a picture of the ecosystem and economy that drives phishing. It was unbelievable the lack of sophistication used in a majority of these attacks, yet they are still so successful. This seems to be contrary to the corporate belief that phishers are elite hackers with hardcore ninja hacking skills. They also moved into a process called ATM skimming whereby people retrofit ATM machines with their own hardware that is actually able to capture card swipes and pin entries, while still maintaining the functionality of the original ATM device. This was unbelievable to see, and I honestly believe I'll never use an ATM machine again. Also of note, it was clear that phishing is not really the major concern; identity theft is the concern, and the people exploiting this are using any means possible.
Rob Carter and I followed up the "Bad Sushi" talk with our talk on "URI Use and Abuse". More of the same research you've seen us talk about over the last year with a fresh set of vulnerabilities including a format string flaw on the Mac OS X. I won't elaborate much and toot my own horn, but the talk went really well and the audience seemed to be entertained and engaged. I can't begin to mention how much of an honor it was to speak at Black Hat again. I can remember saying when I was younger that if I ever spoke at Black Hat, I'd know that I had made it in the security world, right after watching David Litchfield present at my first ever Black Hat. Today, we delivered our presentation while Litchfield was in the next room talking about Oracle security -- a bit of a surreal experience really.
That's all for today and I'm off to the bar to celebrate a great day!