Download presentation
Presentation is loading. Please wait.
Published byKerry Haynes Modified over 8 years ago
1
Copyright © 2015 Cyberlight Global Associates Cyberlight GEORGIAN CYBER SECURITY & ICT INNOVATION EVENT 2015 Tbilisi, Georgia19-20 November 2015 Hardware Vulnerabilities - Attack Techniques and Mitigation Strategy John Ruby Cyberlight Global Associates Georgian Security Analysis Center, Tbilisi, Georgia
2
Copyright © 2015 Cyberlight Global Associates Cyberlight What are we talking about? A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware. Hardware attacks are “relatively new” addition to the threat matrix Can be classed in 2 categories Exploit 1 or more vulnerabilities that exist in shipped products Use/rewrite firmware/control chips to spread malware Requires more sophisticated attack techniques but also much harder to detect Longer detection time => increased data vulnerability Much harder to remove (for example, most current anti-malware software can not detect firmware level malware, or remove it … … and then help you restore the firmware to its original state)
3
Copyright © 2015 Cyberlight Global Associates Cyberlight “Old school” hacking Evolution of “Traditional” methods of “unauthorized access”: Physical access Stolen/obtained passwords or backdoors(War Games - 1983) Unauthorized terminal/system use(The Italian Job - 1969) Physical manipulation of the device by the attacker(Terminator 2 - 1991) Network access Physical access no longer required Stolen/obtained passwords still effective backdoors Exploit operating system vulnerabilities(Sneakers – 1992) Exploit software vulnerabilities (web server, database, etc.) Network access + offensive tactics Viruses – often executable files, requires user execution(Independence Day – 1996) Worms – take advantage of system processes to move unaided (via various network transport functions) Trojan Horses – harmful software that looks like something legitimate
4
Copyright © 2015 Cyberlight Global Associates Cyberlight Familiar Tactics & Techniques As security people we know the common means attacker try to gain access: E-mail Links & Attachments Phishing / Spear-phishing (becoming more and more detailed!) Direct attacks on public facing servers Exploit web servers and internet-facing databases 3 rd party attacks (attack the site that serves the advertising to the site users visit)
5
Copyright © 2015 Cyberlight Global Associates Cyberlight Familiar Tactics & Techniques (2) You can educate people … but people still like “free”. Online they see: Get your favorite movie without paying … … just download my free “movie viewer” to bypass the copy protection Don’t pay for software – get it free on The Pirate Bay or similar “sharing” sites Get the actual software Or a download a “license key generator”
6
Copyright © 2015 Cyberlight Global Associates Cyberlight Hardware Vulnerabilities Number of exploits increasing Technically more challenging to implement but … Forums on the deep-web discuss the “how” Tools made available for trade or purchase Advice on writing new exploits freely available Components most vulnerable USB connections (BadUSB exploit, NetUSB vulnerability) Memory (FDR, Rowhammer) Wireless Access Points (massive firmware vulnerabilities) Exploits are easy to implement Many brands remain unpatched EVEN AFTER the vendor was notified of the vulnerability EVEN AFTER the vendor releases a firmware update
7
Copyright © 2015 Cyberlight Global Associates Cyberlight Who has the resources to do this? National Government Legitimate business Organized crime
8
Copyright © 2015 Cyberlight Global Associates Cyberlight Wireless Access Points Known vendors with vulnerabilities D-Link NetGear TP-Link Trendnet ZyXEL proably others as well Over 100 separate products identified (as of October 2015) One exploit involves executing completely valid administrative HNAP actions (Yes, the affected models have no safety in the firmware to prevent unauthenticated users from doing this.)
9
Copyright © 2015 Cyberlight Global Associates Cyberlight Sample – a simple exploit script
10
Copyright © 2015 Cyberlight Global Associates Cyberlight Memory exploits Multiple attack vectors Certain functions allow unchecked direct memory access (for example, plugging in certain external devices) Via DMA, code on the attached device can be used to flip 1’s to 0’s or 0’s to 1’s in memory … allowing the attacker to intercept certain processes and impose a predetermined result. The Rowhammer USB exploit rewrites bits of memory in the same locations, causing leaks that bypassing most operating system protections. (Works even better in virtualized environments.)
11
Copyright © 2015 Cyberlight Global Associates Cyberlight Mitigation 1.Look at vulnerabilities in Vendor hardware. Don’t _ask_ the vendor about their firmware update/patch process Research how the vendor actually performs 2.Patch your firmware Be as vigilant as you are with your software Determine if you also need to update software (operating systems) of your hardware 3.USB devices Easily compromised at this point It’s not just malware in memory on the drive; it’s malware on the control chips on the USB drive Know your supplier (Does the device come from a location where malware / hacking is not prosecuted or worse, state endorced?) Learn to think of USB memory as disposable.
12
Copyright © 2015 Cyberlight Global Associates Cyberlight Thank you Cyberlight Global Associates John Ruby jr@cyberlightglobal.com mobile: 595 55 10 09
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.