Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Attack Vectors Yashin Mehaboobe Security Researcher.

Published byChristine Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "Hardware Attack Vectors Yashin Mehaboobe Security Researcher."— Presentation transcript:

1 Hardware Attack Vectors Yashin Mehaboobe Security Researcher

2 #whoami Security Researcher, Open Security Interested in : Embedded system security Radio/ RTL-SDR research Malware Analysis My little projects (Arcanum, PyTriage) Organizer, Defcon Kerala ( Mar 4. Be there! ) Python aficionado Open source contributor.

3 Why Hardware? More interesting Less well known = easier to exploit More rewarding Usually open entry point into an otherwise secure network It’s awesome!

4 Keys to the kingdom?

5 Usual suspects Wireless LAN Web Applications Client Side exploits Remote exploits Hardware attacks

6 What is covered: The attack of the HID Simulating physical access for fun and profit. IR vector Let TVs be bygones. Radio Radio!= FM or Radio!= WiFi Bus attacks: Unprotected = Easy to pwn (mostly)

7 HIDe it A little bit of physical access is a dangerous thing. Usually physical access = pwning Software can’t protect hardware HID attacks simulate an automated keyboard and mouse =  Attacker gets to run code as if he is physically there.

8 The Rise of the Rubber Ducky USB Rubber Ducky by the Hak5 team. Comes with an automated script creator. Looks like a normal USB drive. Runs the payload burned into the memory when connected.

9 Teensy Arduino clone by PJRC Can emulate an HID device Existing tools like kautilya and SET to generate payloads. Again, multiplatform mayhem

10 DEMO

11 I R TV, Pedestrian lights, Old smartphones Uses one of four: Philips Sony NEC RAW IR Library already available for Arduino

12 Tools of the Trade: Arduino or a similar microcontroller TSOP382 IR receiver IR LED Little bit of mischief

13 IR Attack 1 : Replay Receive the code using TSOP382 Check the code type Transmit accordingly whenever the button is pressed

14 TV-B-Gone Most TVs have predefined poweroff sequence Widely available Create a script that goes through the popular off codes one by one No more pesky TVs

15 DEMO

16 Tangoing with Radio SDR=Software Defined Radio Usually pretty expensive. Until the rise of RTL- SDR Scope=AIS,GSM, ADS-B, GPS you name it.

17 RTL-SDR or cheap radio sniffer Mainly two types: E4000: 52-2200 Mhz R820T: 24-1766 Mhz Software used: GQRX rtl_sdr SDRSharp Log most data broadcast within the frequency ranges

18 Sniffing Radio Traffic AIS (ship transmissions) are easily picked up So is Aircraft broadcasts You can sniff most protocols off the air Decode using baudline Possible attacks against : Home automation systems and car keyfobs Keyfobs are supposed to use rolling key codes “Supposed to”

19 Antennas ● Dependent on the frequency that you want to capture. ● Different types for different purposes: ● Monopole: ACARS,ADS-B, AIS (Airplanes/Ships) ● Rubber Ducky Antennaes for short range ● Discone for wide coverage (More noise)

20 DisconeMonopole Rubber Ducky

21 DEMO TIME!

22 Bus Attacks

23 The Magic Electronic Buses ● Buses are used by components in an embedded system to communicate with each other ● Not secured ● Most commonly used protocols are SPI,I2C and UART ● No authentication ● I2C utilizes addressing

24 Attacking bus protocols ● Sniffing: ● Logic analyzers pick up most of the protocols ● Bus pirate is your friend ● Replay: ● Sniffed sequences can be played back at later times ● Bus pirate is your best friend ● Debug ports: ● UART/JTAG ports are left open for debugging purposes ● Can be used to dump firmware and mess with the memory

25 Here there be Pirates ● Hardware hacker's multitool ● Read/write I2C,SPI,UART ● Midlevel JTAG support ● AVR programmer too! ● Can be accessed via USB.

26 DEMO

27 Thank you! Questions?

28 Contact Details Twitter:twitter.com/yashin.mehaboobe Email:yashinm92 gmail.com

Download ppt "Hardware Attack Vectors Yashin Mehaboobe Security Researcher."

Similar presentations

INDIVIDUAL PROJECT BY R.KARTHIKMANOJ

INDIVIDUAL PROJECT BY R.KARTHIKMANOJ
HARP-B HARP Software Demo July 23 - 25 2001 CAN Node Emulator Using the Vector CAN-Tech CANalyzer Raj Atwal CAN Node Emulator.

HARP-B HARP Software Demo July CAN Node Emulator Using the Vector CAN-Tech CANalyzer Raj Atwal CAN Node Emulator.
Transmitting & Receiving Contents  Hardware for Transmitting & Receiving:By Ryan Caulfield  Software for Transmitting & Receiving: By Todd John  Non-Computer.

Transmitting & Receiving Contents  Hardware for Transmitting & Receiving:By Ryan Caulfield  Software for Transmitting & Receiving: By Todd John  Non-Computer.
Dr Silvio Cesare Qualys. Introduction  Lots of electronic systems  Converging with computing  IT security techniques can be used.

Dr Silvio Cesare Qualys. Introduction  Lots of electronic systems  Converging with computing  IT security techniques can be used.
IR Control Materials taken from a variety of sources including IR Remote for the Boe-Bot by Andy Lindsay.

IR Control Materials taken from a variety of sources including IR Remote for the Boe-Bot by Andy Lindsay.
LOGSYS Development Environment of Embedded Systems Tamás Raikovich Béla Fehér Péter Laczkó Budapest University of Technology and Economics Department of.

LOGSYS Development Environment of Embedded Systems Tamás Raikovich Béla Fehér Péter Laczkó Budapest University of Technology and Economics Department of.
CSCI 1412 Tutorial 1 Introduction to Hardware, Software Parminder Kang Home:

CSCI 1412 Tutorial 1 Introduction to Hardware, Software Parminder Kang Home:
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
OutLine Overview about Project Wii Robot Escaper Robot Problems and Solutions Demo.

OutLine Overview about Project Wii Robot Escaper Robot Problems and Solutions Demo.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Design and Implementation of a Virtual Reality Glove Device Final presentation – winter 2001/2 By:Amos Mosseri, 040806556. Shy Shalom, 043017805. Instructors:Michael.

Design and Implementation of a Virtual Reality Glove Device Final presentation – winter 2001/2 By:Amos Mosseri, Shy Shalom, Instructors:Michael.
Senior Design Project 2004/2005 Web Enabled Calling Number Delivery Daniel St. Clair Barron Shurn Professor Soules 10/28/2004.

Senior Design Project 2004/2005 Web Enabled Calling Number Delivery Daniel St. Clair Barron Shurn Professor Soules 10/28/2004.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:

University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:
1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.

1 Wireless LANs. 2 Introduction Types of Communication Networks. LAN’s Configurations. Wireless Technology. –Definition. –Applications. –Example. Communications.
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Computer Networking Devices Seven Different Networking Components.

Computer Networking Devices Seven Different Networking Components.

Similar presentations

Ads by Google