I was excited on Day Two of SecTor to finally meet Mikko Hypponen, the chief antivirus researcher working for F-Secure Antivirus. Mikko has been working for decades in the security field and has great expertise in the area of antivirus, malware and cybercrime attacks. One highlight of his talk was a demo of the attack on RSA, which used a zero-day vulnerability in Adobe Flash to penetrate the company’s internal network. F-Secure researchers showed great persistence in spending half a year tracking down the particular file used in the attack.
.
The “sophisticated cyber attack”, as Mikko ironically noted, was a simple social engineering email requesting the user to open a file attachment. The attachment appeared as a legitimate Excel file, but it had a booby-trapped Flash file within it that exploited the 0day vulnerability. The main target of the attack was believed to be Northrop Grumman, which deployed SecurID tokens in their company. Once RSA was compromised, SecurID was as well.
The talk on NFC (near field communication) quickly made it clear this was a unique feature, not an extension of RFID or similar. NFC is highlighted especially in android devices and is getting hype with Google’s virtual wallet that will rely on the NFC protocol, obviously drawing much interest towards the technology’s security guarantees. NFC tags will be capable of basic crypto calculations but there is no requirement that information sent through the air is encrypted. The only guarantee is that 4cm is the max distance to create a communication link with another device or NFC tag. Theoretically once a link is created, 4cm is no longer the cut-off distance, making sniffing easier.
.
To setup NFC in a homebrew environment the libnfc library is needed as well as a few devices: touchatag reader, mifare DESFire EV1 (or similar), and an oscilloscope at 13.56 MHz. More information can be found at Mulliner.org and in the article, “Practical Attacks on NFC Enabled Cell Phones”. Physical attacks on NFC tags are a large problem. Simply cover up a legitimate tag with a small signal blocking foil and place your own on top to skim data. The talk also pointed out a malformed tag null pointer exception that is as yet unexploitable, and an interesting use of droid’s intent filters. Any droid app can register itself as capable of handling an intent, like opening a map. If a NFC tag sends data under the map intent, the user will have to chose the app to handle the data. With custom app icons, a malicious app is indistinguishable from a legitimate one. The talk ended with an appropriate and catchy acronym, NFC: aNother Freaking attaCk vector.
.
All in all, there were some extremely interesting talks, and I wish I could have attended even more of them. SecTor has been an outstanding conference, and I was privileged to be able to attend the event.
.
SecurityXploded was official media partner of SecTor 2011 and it was our great pleasure to bring forth detailed coverage of the event !