More Talks From 35C3
Here are some more cool talks from 35C3 that I watched online after the event. This text is a continuation of my previous post about the last Congress.
Without further ado, here we go.
Compromising online accounts by cracking voicemail systems
Martin started the presentation by talking about tricks for hacking voicemail PINs that he learned from ezine articles written in the 80s. He then checked which ones of those are still practical today. Many telephone operators use default and predictable PINs for voicemail, and many people don't bother to change them. Even if the victim changed their PIN, looking at statistics for most commonly used PINs, you can significantly increase brute-forcing chances.
Then he proceeded to the practical applications. Many services (Paypal, Snapchat) will let you authenticate/reset password based on the code you receive by phone call. If you control the victim's voicemail, you can effectively take over their entire account. Another application would be bypassing two factor authentication (2FA). Martin found that some high profile services were vulnerable (e.g Google).
Inside the AMD Microcode ROM
Benjamin and Philipp reverse-engineered the microcode of ARM processors (kind of a firmware for the CPU). Microcode is typically closed-source and is thought of as "secret", "only Intel/AMD knows what it does". These guys also broke the update authentication process and after that they were able to play around with the microcode, change instructions, etc.
As part of the research, they did an implementation of an address sanitizer (tool that checks for invalid memory accesses) as a CPU instruction.
Snakes and Rabbits - How CCC shaped an open hardware success
A Christmas Carol - The Spectres of the Past, Present, and Future
A summary of Spectre/Meltdown-style attacks... As a pastiche of "A Christmas Carol". They even hired a choir. Just see for yourself.
There are so many variants of Spectre/Meltdown that I won't even try to summarize them here. They also described some new attacks I think.
Subtitled: "Or how I learned to stop worrying and love the backdoor". I was expecting a talk about proofs in security in general, but this talk was about cryptographic proofs.
The speakers emphasized carefully defining the security model (sometimes defining the security model is more difficult than the proof itself) and they also stressed that for your security proof you need to assume that certain primitives are secure. There are many real-world primitives that we believe are secure for which no proof exists.