Physical Access (Still) Rules
Thought we were done with top-tier mobile talks at Black Hat USA 2013 Brefings? Hardly. Here's another three brand new lectures from the rapidly expanding Briefings line-up for the July show at Caesar's Palace in Las Vegas, where we also bring together state of the art 2 and 4-day trainings, plus a major Sponsor Hall with the industry's biggest firms, new Sponsored Workshops from some notable companies, and much more.
As we nudge up on Friday's early registration deadline, we've laid out one more set of standout talks, now expanding on the defacto rule, ‘Physical Access Rules!" We have a couple of blockbusters to showcase. Let's check them out:
- In 'Mactans: Injecting Malware into iOS Devices via Malicious Chargers', Billy Lau, Chengyu Song, and Yeongjin Jang explore a particularly surprising exploit. Have you ever plugged your phone into one of those charging stations at an airport? At least according to the information revealed here, that may not be the best idea. This talk will show how to compromise an iOS device within one minute using a malicious power charger. Additionally, the authors will show how they successfully exploited current Apple devices (not jailbroken), and hid their software the same way Apple hides its own software on the device. They end by recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
- Next up is 'Multiplexed Wired Attack Surfaces', where-in Michael Ossmann examines a particularly clever hack. Once again, the complexity of modern electronics reveals surprising attack vectors. In this case, manufacturers often multiplex several wired interfaces onto a single connector. These interfaces are still live when they ship to the consumer. As Ossmann notes in his abstract: "We'll show you how you can get a shell on a popular mobile phone via its USB port without using a USB connection, and we will release an open source tool for exploring multiplexed wired interfaces."
- Finally, we have 'Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions' by Andy Davis, whose utility can be summed up quite succinctly. USB connectors are everywhere, and this little plug can become an inside view into the device. This talk is about using techniques to analyze USB stack interactions to provide information such as the OS running on the embedded device, the USB drivers installed and devices supported. Along the way, it'll cover some of the more significant challenges faced by researchers attempting to exploit USB vulnerabilities - using a legitimate, high-profile Windows 8 USB bug recently discovered by the presenter (MS13-027) as an example.
And we're getting close to the Friday deadline for early registration, so we must leave you! More information about Black Hat USA 2013 is available now on the official website -- and a near-final reminder here that early, reduced-rated registration is open until May 31st.