More Talks From 35C3

Here are some more cool talks from 35C3 that I watched online after the event. This text is a continuation of my previous post about the last Congress.

Without further ado, here we go.

Talks

Compromising online accounts by cracking voicemail systems

Speaker: Martin Vigo
Description: 35C3 Fahrplan
Video: 35C3 Media

Martin started the presentation by talking about tricks for hacking voicemail PINs that he learned from ezine articles written in the 80s. He then checked which ones of those are still practical today. Many telephone operators use default and predictable PINs for voicemail, and many people don't bother to change them. Even if the victim changed their PIN, looking at statistics for most commonly used PINs, you can significantly increase brute-forcing chances.

Then he proceeded to the practical applications. Many services (Paypal, Snapchat) will let you authenticate/reset password based on the code you receive by phone call. If you control the victim's voicemail, you can effectively take over their entire account. Another application would be bypassing two factor authentication (2FA). Martin found that some high profile services were vulnerable (e.g Google).

Inside the AMD Microcode ROM

Speakers: Benjamin Kollenda, Philipp Koppe
Description: 35C3 Fahrplan
Video: 35C3 Media

Benjamin and Philipp reverse-engineered the microcode of ARM processors (kind of a firmware for the CPU). Microcode is typically closed-source and is thought of as "secret", "only Intel/AMD knows what it does". These guys also broke the update authentication process and after that they were able to play around with the microcode, change instructions, etc.

As part of the research, they did an implementation of an address sanitizer (tool that checks for invalid memory accesses) as a CPU instruction.

Snakes and Rabbits - How CCC shaped an open hardware success

Speakers: Tim 'mithro' Ansell, Andrew 'bunnie' Huang
Description: 35C3 Fahrplan
Video: 35C3 Media

More specifically a history of two open video capture projects, TimVideos by Tim and NeTV2 by bunnie (also see the crowdfunding campaign).

A Christmas Carol - The Spectres of the Past, Present, and Future

Speakers: Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella
Description: 35C3 Fahrplan
Video: 35C3 Media

A summary of Spectre/Meltdown-style attacks... As a pastiche of "A Christmas Carol". They even hired a choir. Just see for yourself.

There are so many variants of Spectre/Meltdown that I won't even try to summarize them here. They also described some new attacks I think.

Provable Security

Speakers: FJW and Lukas
Description: 35C3 Fahrplan
Video: 35C3 Media

Subtitled: "Or how I learned to stop worrying and love the backdoor". I was expecting a talk about proofs in security in general, but this talk was about cryptographic proofs.

The speakers emphasized carefully defining the security model (sometimes defining the security model is more difficult than the proof itself) and they also stressed that for your security proof you need to assume that certain primitives are secure. There are many real-world primitives that we believe are secure for which no proof exists.

Enclosure-PUF

Speakers: Christian Zenger, David Holin, Lars Steinschulte
Description: 35C3 Fahrplan
Video: 35C3 Media

Tampering resistance/detection.