Chronicles of DefConAugust 17th, 2012 | Posted by in Events
Jason Staggs is a current participant in True’s formal internship program and attended DefCon20 as part of his internship experience.
DefCon20 blew me away. Being my first hacker conference I was unsure of what to expect. After numerous talks, events, and workshops my mind was spinning with new ideas and future ethical hacking projects. It is hard to say what I enjoyed the most, but the social engineering village did not disappoint. Contestants were able to compete in a live event where they attempted to gain as much information as possible from unsuspecting victims over the phone. A personal favorite was the lock picking competition put on by the Open Organization of Lockpickers (TOOOL). As an avid amateur lockpicker, I greatly appreciated the opportunity to watch professionals teach advanced techniques and hone my skills under their instruction.
Some big-time names were in attendance this year – Bruce Schneier, Kevin Mitnick, and even General Keith Alexander, the man in charge of the NSA and the U.S. Cyber Command, to name a few. The talks I found most interesting were those involving reverse engineering proprietary protocols or binary files without system or device knowledge. This included talks about manipulating the ATC system, reverse engineering smart meters, and fuzzing NFC enabled devices on smart phones.
Below are quick summaries of my favorite talks attended.
Ang Cui, a security researcher at Red Ballon Security, presented on a firmware reverse engineering framework called Firmware Reverse Analysis Konsole (FRAK). This framework is intended to help security researches find bugs and vulnerabilities in firmware in a more automated fashion as opposed to static binary analysis, which can otherwise be a long and tedious process. During the talk, Ang demonstrated how his FRAK framework is used to unpack, analyze, modify, and then repack a Cisco IOS image. (Check back later for a link to watch this talk.)
Michael Perklin gave a talk on anti-forensics techniques that could be used to complicate and prolong a legal E-discovery case. The idea presented was that the use of nonstandard file formats and systems can greatly increase the time investigators will spend on gathering digital evidence from devices, thus increasing the chance of a settlement because of the amount of man hours and financial costs involved to find useable evidence. Some of the more notable anti-forensics techniques discussed included using non-standard RAID configurations, file signature masking, modifying known good system files and program files in a minor way that renders any “known good file hash list” useless, scrambling MAC times, and even how the use of Lotus Notes can slow down examiners. (Check back later for a link to watch this talk.)
By far the most interesting talk I attended had to do with airplanes and the Air Traffic Control (ATC) System. Brad Renderman gave a talk on his research on the security of the ATC’s Automatic Dependent Surveillance Broadcast System (ADS-B), which I found astonishing. ADS-B is a surveillance technology used for tracking aircraft, which also sends information such as aircraft ID, altitude, latitude/longitude, bearing, and speed. This system is able to produce far more useable information than traditional radar systems that have been used over the years. The United States is mandating the majority of aircraft operating within its airspace be equipped with some form of ADS-B by 2020. Currently, ADS-B is being utilized all over the world. Unfortunately, ADS-B is unencrypted and unauthenticated, allowing virtually anyone to eavesdrop and listen on the 1090Mhz frequency and decode transmissions from aircraft in real-time. It was also demonstrated that it is just as easy to spoof data over this system, allowing injection of data. This could allow the generation of fake aircraft to be shown on ADS-B based radars. Obviously, this would cause huge problems for ATC. Hopefully, the research presented here will get the FAA and others to address the flaws that are currently present within this system. (Check back later for a link to watch this talk.)