The 32nd Chaos Communication Congress (32C3) in Hamburg has concluded, after four great days filled with hacking, beer and currywurst. The talks covered topics as diverse as software security, quantum cryptography, privacy, space exploration and much more.
Below are just a few of the talks that I found interesting, together with some comments and additional links and resources.
Hardsploit: A Metasploit-like tool for hardware hacking
A complete toolbox for IoT security
Presented by Julien Moinard and Gwénolé Audic.
It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products. Hardsploit is a complete tool box (hardware & software), a framework which aims to:
- Facilitate the audit of electronic systems for industry ‘security’ workers (consultants, auditors, pentesters, product designers, etc.)
- Increase the level of security (and trust !) of new products designed by the industry
This session is an introduction of the Hardsploit hardware hacking tool. Julien Moinard and Gwénolé Audic talk about the design of both the hardware and software, the process of going from prototypes to the final version of the board. They also show some examples and actual use cases of the Hardsploit tool.
Hardsploit is a bit like an FPGA-based mix between the Bus Pirate, Travis Goodspeed’s GoodFET and Joe Grand’s JTAGulator. With Hardsploit, you will be able to interact with different chips to dump memory, analyze data on serial and parallel buses and more. Being based around an FPGA instead of an MCU, and having a total of 64 I/O pins, makes the Hardsploit a flexible tool with potential for some really nice extension modules in the future.
It also comes with a nice GUI, which definitely looks like a step up from the Bus Pirate command line console. Another really handy feature is the assisted visual wiring used when connecting to a target. One pin at a time - the GUI will tell you what to connect to on the target, and an LED will light up to show the corresponding pin on the Hardsploit board. No more looking up color sheets and tables online to try to make sense of the different Bus Pirate versions (and different cables with reversed colors), and no more guessing if RX means MISO or MOSI in a certain context.
A gentle introduction to post-quantum cryptography
Presented by djb and Tanja Lange.
Last year your friend Karen joined the alternative music scene and sent you a sound track. The government is recording everything, and this year announced that alternative music is a gateway drug to terrorism (see http://www.theguardian.com/australia-news/2015/sep/25/radicalisation-kit-links-activism-and-alternative-music-scene-to-extremism). Fortunately, Karen encrypted the email.
Given the massive current research effort into quantum computing, it’s not too far-fetched to assume that we will have universal quantum computers (as opposed to, for example, the highly specialized quantum annealing computer by D-Wave which can only solve certain optimization problems) within five to ten years. When that time is here, how will the cryptographic systems currently in use be affected? (Spoiler: Pretty much all public-key cryptography will be completely broken). Djb and Tanja Lange explain why and how, and show some potential alternatives that will help keep data safe in the future. They also talk about some non-obvious improvements in cryptoanalysis brought on by quantum computing - for example more efficient algorithms which reduce the complexity of breaking symmetric crypto. The Q&A session at the end is also worth watching.
Presented by Trammell Hudson. Thunderstrike 2 was previously presented at DEF CON 23 and Black Hat 2015.
Last year at 31c3 we disclosed Thunderstrike, the first firmware attacks against Macbooks.
Thunderstrike 2 is a really nice (and scary) combination of five previously disclosed UEFI vulnerabilities. The talk starts out with a brief history of UEFI, after which Trammell Hudson dives right into the details of the vulnerabilities. The Thunderstrike 2 worm itself can spread through both software and hardware (over thunderbolt). For example, if a thunderbolt ethernet adapter is plugged into an infected laptop, that thunderbolt device will now be infected as well. Plugging it into a new, clean, system will spread the infection. The talk has plenty of case studies and exploit examples, with technical explanations, and some mitigations for good measure.
- YouTube mirror
- Trammell Hudson’s page about Thunderstrike 2
- Trammell Hudson’s annotated version of the 31C3 Thunderstrike talk
- Thunderstrike 2 panel at DEF CON 23
- Thunderstrike 2 at Black Hat
There were of course many more interesting talks in addition to the ones listed above. If you think that hacking credit card terminals sounds like fun, “Shopshifting” by Karsten Nohl, Fabian Bräunlein and dexter is a good watch. I can also highly recommend “the other” crypto talk, “Logjam: Diffie-Hellman, discrete logs, the NSA, and you” by J. Alex Halderman and Nadia Heninger.
But wait, there’s even more! All the videos from Black Hat USA 2015 were uploaded over the holidays, and can now be enjoyed in the comfort of your own home.