Must-see talks from 2015's Chaos Communication Congress hacker conference
Image by Thorsten Schroeder
This year's Chaos Communication Congress (32C3: Gated Communities) featured four days of superb talks and discussions on hacking and politics, and lucky for those who couldn't attend, the legendary infosec conference already has its talks recorded and ready to view online.
Much ado was made about the talk on train hacking and the passionate panel on Wassenaar. The talk that caught that caught my eye was "New memory corruption attacks" (printbf), which some are seeing as the drop of a "new" attack vector, and likely has a handful of attackers doing a happy dance well into 2016. My favorite talk, though more entertaining than purely technical, was Ryan Lackey's history of data havens, notably the Haven.co project.
Previous CCC coverage highlights:
- Invasive phone tracking: New SS7 research blows the lid off mobile security
- Researcher describes ease to detect, derail and exploit NSA's Lawful Interception
There were so many presentations this year, it's hard to know where to start. Do peruse our shortlist of recommendations below, and definitely look at CCC's 32C3 talks and videos, which are available to watch here on its media website. Note that the last few talks aren't edited yet due to a snafu, but watch @32C3streaming for updates (or watch them unedited here).
Talk: New memory corruption attacks: why can't we have nice things?
If you want to have your mind somewhat blown about this topic, skip to the last ten minutes of this talk:
Memory corruption is an ongoing problem and in past years we have both developed a set of defense mechanisms and novel attacks against those defense mechanisms. Novel defense mechanisms like Control-Flow integrity (CFI) and Code-Pointer integrity (CPI) promise to stop control-flow hijack attacks. We show that, while they make attacks harder, attacks often remain possible. Introducing novel attack mechanisms, like Control-Flow Bending (CFB), we discuss limitations of the current approaches. CFB is a generalization of data-only attacks that allows an attacker to execute code even if a defense mechanism significantly constrains execution.
More info: printbf talk materials See also: Rowhammer.js: Root privileges for web apps?
This final-day talk is still unedited, but it's well worth watching the video here on CCC's "relive" page. Infosec professionals Salton Arthur Massally, Harold Valentine Mac-Saidu, Francis Banguara, and Emerson Tan give an amazing presentation on how local hackers innovated to create an information management system that played a critical part in stopping Ebola in Sierra Leone:
In the face of apocalyptic scenario, a company made up of local hackers took on the unprecedented challenge of building, implementing and running a huge Management Information System and Mobile payments system to keep the health system from collapsing. This talk will show how this was achieved with Open Source Software, second hand laptops, hacked voter registration machines, second hand smartphones and some very smart and determined young people used to achieving great things with none of the resources we take for granted.
Talk: Replication Prohibited
If you've worried about people using 3D printers to make copies of keys, then this talk is an all-you-can-eat buffet of bad news. It's also an early wake-up for organizations who rely on old-fashioned physical security measures to protect IP. Presenter Eric Wustrow writes:
Physical keys and locks are one of the oldest security mechanisms still employed today. In this talk, we will discuss how 3D printing keys enable attacks against many modern lock systems. We will describe projects researchers and hobbyists have done involving 3D printed keys, and present our own research on automating several of these attacks in order to demonstrate how easy they are to do.
Talk: Datahavens from HavenCo to Today
Ever want to have your own island, that was its own country, in order to protect your own damn data? You're not the only one. This talk is so much fun, and gives previously unseen insight into how powerful data distribution is as a tool for resisting censorship. Ryan Lackey explains:
Datahavens have long been discussed as a solution to user security and Privacy needs. Instinctively, the idea of physical locations where servers for communications, financial Privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach.
Talk: The Great Train Cyber Robbery
ICS hacking is all the rage: For background, read Nuclear nightmare: Industrial control switches need fixing, now:
For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. ... Railroads is a complex systems and process automation is used in different areas: to control power, switches, signals and locomotives. At this talk we will analyze threats and vulnerabilities of fundamental rail-road automation systems such as computer based interlocking, automatic train control and automatic train protection.
Talk: Collect It All: Open Source Intelligence (OSINT) for Everyone
Researcher M. C. McGrath has a lot to offer when it comes to putting together profiles, which is either unsettling, instructive for privacy nerds and raising awareness, risk assessment, or just extremely helpful for reporters, detectives, and more. McGrath's own description says:
Governments post reports and data about their operations. Journalists publish documents from whistleblowers. But there is a third type of open data that is often overlooked- the information people and companies post about themselves. People need jobs. Companies need to hire people. Secret prisons do not build themselves. By making it feasible for anyone to collect public data online in bulk and exploring ways to effectively use this data for concrete objectives, we can build an independent, distributed system of accountability.
Talk: "="" class="c-regularLink" target="_blank" rel="noopener nofollow">The Perl Jam 2
Hacker Netanel Rubin first describes his talk as "tl;dr EXPLOIT ALL THE PERL. AGAIN." Further, he explains, "After last year's Perl crackdown, I decided I have to take the Perl abuse to the next level. This time I focused on Perl's core, or more specifically, the referencing mechanism, and shattered the security of most Perl CGI projects in the world."
Further recommendations:
- Thunderstrike 2
- #GOIBlocks - Technical observations about recent internet censorship in India
- Collect It All: Open Source Intelligence (OSINT) for Everyone
- Hardsploit: A Metasploit-like tool for hardware hacking
- My Robot Will Crush You With Its Soft Delicate Hands!
- Cyber all the Wassenaars
Special thanks to Max Fiestl at the Peerlyst blog for his tips on CCC talks.