PacSec 2016 Speakers
"Smashing the Jars"
Anthony Kasza, Palo Alto Networks,
Due to the cross compatible nature of Java applications, malware authors are able to write one implant which will execute on any system. The ability to control a Windows or a Macintosh system with a single malware family is an attractive capability making Java a viable choice for attackers targeting multisystem environments. This presentation will discuss the current threat landscape around Java based malware, analysis tools and techniques, as well as how to build detections organizations can use to better protect themselves.
Java based threats are used by threat actors of varying skill levels. Opportunistic, financially motivated, and targeted attacks have all made use of Java based malware. Considering historic and current trends in these types of threats can assist organizations in building more efficient detections.
"Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-Driving Vehicles"
Chen Yan + Wenyuan Xu + Jianhao Liu, Zhejiang University, Qihoo360,
To improve road safety and driving experiences, autonomous vehicles have emerged recently, and they can sense their surroundings and navigate without human inputs. Although promising and proving safety features, the trustworthiness of these cars has to be examined before they can be widely adopted on the road. Unlike traditional network security, autonomous vehicles rely heavily on their sensory ability of their surroundings to make driving decision, which opens a new security risk. Thus, in this talk we examine the security of thesensors of autonomous vehicles, and investigate the trustworthiness of the 'eyes' of the cars. In this talk, we investigate sensors whose measurements are used to guide driving, i.e., millimeter-wave radars, ultrasonic sensors, forward-looking cameras. In particular, we present contactless attacks on these sensors and show our results collected both in the lab and outdoors on a Tesla Model S automobile. We show that using off-the-shelf hardware, we are able to perform jamming and spoofing attacks, which caused the Tesla's blindness and malfunction, all of which could potentially lead to crashes and greatly impair the safety of self-driving cars. To alleviate the issues, at the end ofthe talk we propose software and hardware countermeasures that will improve sensor resilience against these attacks.
"New wave of Cyber terror in the Korea Financial Sector"
Kyoung-Ju Kwak, Korea Financial Security Institute,
Several years ago, the largest banks in South Korea were attacked by APT(Advanced Persistent Threat) and stopped service for several hours and employees' PCs were entirely destroyed. In 2016, There was the new wave of Cyber terror. It isn't attacking the Banks or Company directly. They're trying to find vulnerability from the security solution which is used by large company employees or most Korean who uses Internet Banking service. As the result of the attack, certificate for code sigining used by major security company is leaked out and malware signed by the certificate was spread out to people and companies.
"Demystifying the Secure Enclave Processor"
Mathew Solnik, OffCell Research, @Remarks
The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors.
"Science Fiction Becomes Reality: Emerging Threats in our Connected World"
Mickey Shkatov + Jesse Michael, Intel Security Advanced Threat Research,
In our modern world, smart devices with wireless network connectivity providing enhanced user experiences have become central parts of our lives, but with those new capabilities come new threats and vulnerabilities. Let us walk you through a day in the life in our connected world and along the way, we will discuss and demonstrate real vulnerabilities weâ ve discovered in new and unexpected places.
Takeaways from this talk are that with our modern world of pervasive wireless network connectivity in devices we use every day, new threats are emerging and shifting the security landscape in unexpected ways and we need to think outside of the box to defend ourselves and others. This talk includes a couple of "world's first" live and working demonstrations of dumping physical memory over the air and IVI ransomware, it also includes a smart home ransomware demo using a touch screen router and a Belkin WeMo.
*note: Due to various circumstanses, speakers, topics, date and stage order may be changed without notice.