ELF Parsing Bugs by Example with Melkor Fuzzer
Too often the development community continues to blindly trust the metadata in Executable and Linking Format (ELF) files. In this paper, Alejandro Hernández walks you through the testing process for seven applications and reveals the bugs that he found. He performed the tests using Melkor, a file format fuzzer he wrote specifically for ELF files.
A Survey of Remote Automotive Attack Surfaces
By looking at each car’s remote attack surface, internal network architecture, and computer controlled features, we are able to draw some conclusions about the suitability of the vehicle to remote attack. This doesn’t mean that the most susceptible looking isn’t in fact quite secure (i.e. coded very securely) or that the most secure looking isn’t in fact trivially exploitable, but it does provide some objective measure of the security of a large number of vehicles that wouldn’t be possible to examine in detail without a massive effort. It also provides…
Video: Building Custom Android Malware for Penetration Testing
By Robert Erbes @rr_dot In this presentation, I provide a brief overview of the Android environment and a somewhat philosophical discussion of malware. I also take look at possible Android attacks in order to help you pentest your organization’s defenses against the increasingly common Bring Your Own Device scenario. http://youtu.be/68D7CjkgYt8
A Wake-up Call for SATCOM Security
Satellite Communications (SATCOM) play a vital role in the global telecommunications system. IOActive evaluated the security posture of the most widely deployed Inmarsat and Iridium SATCOM terminals. IOActive found that malicious actors could abuse all of the devices within the scope of this study.
Car Hacking Made Affordable
This research focuses on reducing the barrier to entry for automotive security assessments. The goal is to increase the number of security researchers working in this area by providing step-by-step information on how to evaluate, test, and assess Electronic Control Units (ECUs) without requiring a vehicle. To accomplish the work described in this paper, you only need inexpensive electronics and an ECU. Most, if not all, of the equipment and vehicle parts can be acquired from third-party sources, such as eBay or Amazon.
Adventures in Automotive Networks and Control Units
Previous research has shown that an attacker can execute remote code on the electronic control units (ECU) in automotive vehicles via interfaces such as Bluetooth and the telematics unit: http://www.autosec.org/pubs/cars-usenixsec2011.pdf. This paper expands on the topic and describes how an attacker can influence a vehicle’s behavior. It includes examples of mission critical controls, such as steering, braking, and acceleration, being manipulated using Controller Area Network (CAN) messages.
Best Practices for using Adobe Reader 9.0
Adobe products have long touted how they enable organizations to collaborate and share information in heterogeneous environments. However, a recent stream of vulnerabilities identified in Adobe products has caused a great deal of concern about the overall security threat associated with using these products. IOActive security experts offer suggestions for how to best protect your computer.
Compromising Industrial Facilities from 40 Miles Away
This paper reviews the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions. We also demonstrate some attacks that exploit key distribution vulnerabilities, which we recently discovered in every wireless device developed over the past few years by three leading industrial wireless automation solution providers. These devices are widely used by many energy, oil, water, nuclear, natural gas, and refined petroleum companies.
Reversal and Analysis of the Zeus and SpyEye Banking Trojans
Although the core functionality of SpyEye is similar to its main rival Zeus, SpyEye incorporates many advanced tricks to hide its presence on the local system. This document includes a deep technical analysis of the bot’s advanced hooking and injection mechanisms, as well as its core functionality used to hijack and steal user information. Zeus is an advanced piece of malware, so getting it to a reversible state was not a trivial exercise since it incorporates multiple layers of custom, portable, executable encryption. IOActive reverse engineers stripped each encryption layer…
Traffic Analysis on Google Maps with GMaps-Trafficker
This paper describes a high-level approach to identifying which geographical coordinates a user sees on Google Maps when using an SSL-encrypted channel. Provided you have built the correct profile, the GMaps-Trafficker tool allows you to identify which geographical coordinates a user is looking at on Google Maps, even though the user is accessing Google Maps over SSL.