Five hot topics to be discussed at Black Hat and Defcon
way of doing DNS that provides a level of confidence that computers connected to the Internet are what they actually claim to be.
McMillan notes that about two weeks ago, ICANN presided over the first cryptographic signing of a root server with a DNSSEC key. DNSSEC is not yet widely supported, but ICANN hopes that by signing a root zone, it will spur others to support the protocol in their server and client software.
Researchers like Kaminsky say that widespread adoption of DNSSEC could curb many online attacks. “We’ve been looking at how DNSSEC is going to address not only DNS vulnerabilities, but some of the core vulnerabilities we have in security,” Kaminsky said in an interview. “We’re not going to solve all of those problems with DNSSEC… but there’s an entire class of authentication vulnerabilities that DNSSEC does address.”
3. Mobile bugs. Kraken is open-source GSM cracking software that has just been completed, and GSM security researchers are going to unleash the Kraken at Black Hat this year, in what could ultimately become a major headache for U.S. and European mobile network operators. “Combined with some highly optimized rainbow tables (lists of codes that help speed up the encryption-breaking process), it gives hackers a way to decrypt GSM calls and messages,” McMillan notes.
What Kraken does not do is pull the calls out of the air. There is another GSM-sniffing project, however — called AirProbe — that is looking to make that a reality. The researchers working on these tools say that they want to show regular users what spies and security geeks have known for a long time: that the A5/1 encryption algorithm used by carriers such as T-Mobile and AT&T is weak, and can be easily broken.
“Why break GSM encryption when you can simply trick phones into connecting with a fake basestation and then drop encryption?” McMillan asks. This is just what Chris Paget plans to demo in Las Vegas this week, where he says he will invite conference attendees to have their calls intercepted. Should be a fun demo, if it is legal. Paget thinks it is. He has also developed what he calls the “world record” for reading RFID tags at a distance — hundreds of meters — which he will be discussing at a Black Hat talk.
Another researcher, known only as The Grugq, will talk about building malicious GSM network base stations and components on mobile devices. “Trust us, you’ll *want* to turn off your phone for the duration of this talk,” the talk’s description reads.
McMillan writes that on a week that was kicked off with Citibank’s admission that it had messed up security on its iPhone app, another talk to watch will be Lookout Security’s “App Atttack,” which will shed light on insecurities in mobile applications.
4. Industrial nightmare. Siemens experienced this month the pressures of responding to a real-world SCADA (supervisory control and data acquisition) attack, when someone unleashed a sophisticated worm attacking its Windows-based management systems (“Malicious virus targets SCADA systems,” 20 July 2010 HSNW; and “Siemens: Removing SCADA trojan may disrupt power plants,” 26 July 2010 HSNW). SCADA experts say that Siemens was just unlucky, and that this type of attack could easily have taken down any of the company’s competitors, too. McMillan writes that there are plenty of security issues plaguing industrial control systems — so many that they are getting their own track at Black hat this year.
Over the past ten years, Jonathan Pollet, the founder of Red Tiger Security, has run security assessments of more than 120 SCADA systems, and he will talk about where security vulnerabilities are most likely to crop up. Pollet says that many networks have developed a no man’s land between IT and industrial systems — computers that are often at risk because nobody seems to take complete ownership of them.
Pollet will talk about where these bugs show up in the infrastructure — his company has collected data on 38,000 vulnerabilities — and the types of exploits that have been written for them. “You don’t have to wait for zero-day vulnerabilities, ” he said. “There are already a lot of exploits out there.”
5. Wildcard. McMillan asks whether there will be a few wildcards sprung on the conferences’ participants: Will the Zero for Owned group, who hacked Dan Kaminsky and others on the eve of last week’s show, return? Will the feds or AT&T stop Paget from messing with GSM? Will an irate ATM vendor launch a last-minute legal challenge to Barnaby Jack’s talk? Will Defcon’s Social Engineering contest cause someone in the financial services industry to blow a gasket? “Who knows, but in Vegas, expect the unexpected,” he answers.
