Users assume the underlying hardware and software system, mobile antivirus, password managers and encryption technology will protect them from malicious attacks on their communications. Upcoming research at the HITB Security Conference in Amsterdam suggests to think twice before trusting mobile security blindly and shows that security is not a final product, but rather a bumpy process.
To secure communication via mobile devices, layered security includes secure mobile network devices. In Femtocell Hacking: From Zero to Zero Day, Korean security researcher Jeonghoon Shin takes a closer look at how to audit Femtocells – small, low-power cellular base stations typically designed for home use and now being introduced to service customers all over the world. He will show how to commandeer the device to expose SMS, voice, and call data packets sent and received through the exposed femtocell.
Many security professionals consider Signal to be the most trusted secure messaging and voice application. After Vault 7 was released, Signal creator Moxie Marlinspike has confirmed that the technology is working as designed and its encryption is not broken. Markus Vervier, a security researcher from Germany, will discuss Hunting For Vulnerabilities in Signal on the second day of the conference.
In addition to presenting the general architecture of Signal, its attack surface and tools to analyze it, Markus will also be demonstrating how he found vulnerabilities in the Signal Android client. A bug in the underlying Java libsignal library can be used to crash Signal remotely to subsequently bypass the MAC authentication for certain attached files, and to trigger memory corruption bugs.
Vulnerabilities in Android password managers
When it comes to password management, we are constantly told to make it as complex as possible. There are only so many complex passwords a human brain can memorize before we seek automation, thus the increasing use of password manager applications.
A team of security researchers from the Fraunhofer Institute for Secure Information Technology conducted research on 15 of the most popular Android password manager applications. In their talk Extracting All Your Secrets: Vulnerabilities in Android Password Managers, Stephan Huber, Steven Arzt and Siegfried Rasthofer will present the findings of their research, including various vulnerabilities which enable them to have unauthorized access to the app and, more importantly, leading them to obtain sensitive information including the master password that protects the secured vault of passwords and credentials.
Vulnerabilities in hardware are rarer to find and more difficult to resolve than in software. One of the most serious hardware bugs in recent years was Rowhammer. Victor van der Veen, PhD candidate in the VUSec group at the Vrije Universiteit Amsterdam, researched the vulnerability and drew international attention with the publication of Drammer in October 2016.
Drammer is an attack that exploits the Rowhammer hardware vulnerability by using the Flip Feng Shui (FFS) exploitation technique, to manipulate data in memory without accessing it. Drammer resulted in the first Android root exploit that requires no user permissions and relies on no software vulnerability. In his talk Drammer: The Making-Of, Victor will present Drammer from a hacker’s perspective and share trial and error stories of flipping bits.