LAS VEGAS — The 2011 Black Hat security conference is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever.
Here’s my list of this year’s can’t-miss presentations:
1. Exploiting Siemens Simatic S7 PLCs
Dillon Beresford (right), a security researcher at NSS Labs, has already courted controversy with this topic. The talk was originally scheduled for the TakeDownCon security conference in May but was withdrawn after some bigwigs (including the Department of Homeland Security) got nervous about the pre-patch disclosure ramifications.
At Black Hat, Beresford is promising to cover newly discovered Siemens Simatic S7-1200 PLC vulnerabilities and to demonstrate how an attacker could impersonate the Siemens Step 7 PLC communication protocol using some PROFINET-FU over ISO-TSAP and take control.
Beresford is a brand-name security researcher in the SCADA world. Earlier this year, he developed an exploit for one of the most popular high performance production SCADA/HMI software applications in China which is widely used in power, water conservancy, coal mine, environmental protection, defense and aerospace.
Because security holes in Siemens’ PLCs played a key role in the success of the mysterious Stuxnet worm, Beresfords’s Black Hat disclosures is sure to raise eyebrows.
2. Hacking Google Chrome OS
Google + the cloud + web applications is a recipe for a fun security cocktail.
In the last few months, two members of the WhiteHat Security’s Threat Research Center — Matt Johansen and Kyle Osborn — hacked away at Google’s Cr-48 prototype laptops and discovered a slew of serious and fundamental security design flaws.
Now, they are sharing their findings with the Black Hat audience, promising to discuss security holes that could expose users to the following types of attacks:
- Exposing of all user email, contacts, and saved documents.
- Conduct high speed scans their intranet work and revealing active host IP addresses.
- Spoofing messaging in their Google Voice account.
- Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains.
Johansen and Osborn said Google was informed of the findings and has already fixed some vulnerabilities they plan to discuss many of the underlying Google Chrome OS weaknesses that remain — including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot.
3. Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption
When Dino Dai Zovi speaks about Apple and security, you stop and listen.
Best known for his successful hijack of a MacBook at the CanSecWest hacker conference, Dai Zovi has now turned his attention to Apple’s iOS, the smartphone platform that powers iPhones and iPads.
Dai Zovi performed a detailed audit of the security mechanisms and features of iOS 4 and will share his findings on things like Trusted Boot, Mandatory Code Signing, Code Signing Enforcement, Sandboxing, Device Encryption, Data Protection, and (as of iOS 4.3) Address Space Layout Randomization.
The security assessment focused on the concerns of an enterprise considering a deployment of iOS-based devices or allowing employees to store sensitive business data on their personal devices so we can expect to hear about the real-world implications of using iPhones and iPads in the enterprise.
Dai Zovi is promising to document the risks of a lost device or a remote iOS compromise through a malicious web page or e-mail and, based on the strengths and weaknesses identified, make concrete recommendations on what compensating measures an organization can and should take when deploying iOS-based devices for business use.
4. Exploiting the iOS Kernel
Stefan Esser is best known for his epic work around PHP security but if you’ve been following his Twitter stream lately, you’d notice the German researcher has taken a liking to Apple’s iOS platform.
In this Black Hat session, Esser is promising a deep-dive discussion of kernel level exploitation of iPhones. It will include details on previously disclosed kernel vulnerabilities, the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows.
Esser also plans to look closely at the kernel patches applied by iPhone jailbreaks to provide an understanding of how certain security features are deactivated. He also plans to release a tool that allows the selectively de-activation some of certain kernel patches for more realistic exploit tests.
* Image via Sebastian Bergmann (Flickr CC 2.0)
5. Hacking Androids for Profit
The growing popularity of smart phones has generated a predictable surge in security research around mobile platforms and this year’s Black Hat agenda contains quite a few good presentations.
This talk, by Riley Hassell and Shane Macaulay, puts Android under the microscope with a promise to reveal new threats to Android Apps and discuss known and unknown weaknesses in the Android OS and Android Market.
The researchers will discuss the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace.
Next — SSL and authenticity, water meter vulnerabilities, hacking medical devices…
