25th edition of the Chaos Communication Congress

Date : February 04, 2009

The "Chaos Communication Congress" is a conference organized each year by the "Chaos Computer Club" in Berlin in the area of security and hacking. The 25th edition of this conference took place from December 27th to 30th , 2008, under the slogan "Nothing to hide".

The 80 presentations of this conference were very diverse, with some topics quite anecdotic (voting machine weaknesses, garage door hacking, etc...), but also the announcement of new vulnerabilities (MD5, DECT, etc...). The present article details the most noticeable presentations of this event.


Hacking the i-Phone

The restrictions set by Apple on the iPhone aims at preventing the users from running programs of their choice on this device. The first iPhone generation, released in June 2007, was easier to crack and it took only a few months to the research group formed at this occasion to do it. The iPhone 3G however is more robust and a long term solution has not been proposed. This presentation analyses the internal architecture of the iPhone, its security mechanisms, as well as the techniques discovered to bypass them.

http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html

http://www.heise-online.co.uk/news/25C3-Cracks-in-the-iPhone-security-architecture--/112321

 

Why were we so vulnerable to the DNS vulnerability?

Dan Kaminsky talks again in this presentation on the surroundings of the DNS flaw discovered last year and in particular on the work done by the various actors before publishing the details.

As a reminder, the evolution if this flaw was monitored in the crisis response hub called "DNS vulnerability": https://wws.cert-ist.com/eng/hub/failledns/.

http://events.ccc.de/congress/2008/Fahrplan/events/2906.en.html

 

TCP denial of service vulnerabilities

Several reports mentioning possible vulnerabilities in the TCP protocol had been released last fall. During the CCC, Recurity Labs researchers presented attack scenario on TCP, as well as some possibilities to block them. According to them, most of the problems lay in the protocol implementations, but are however facilitated by design errors in the protocol itself.

As a reminder, the evolution if this flaw was monitored in the crisis response hub called "TCP DOS": https://wws.cert-ist.com/eng/hub/tcpdos/.

http://events.ccc.de/congress/2008/Fahrplan/events/2909.en.html

http://www.heise-online.co.uk/news/25C3-More-light-shed-on-denial-of-service-vulnerabilities-in-TCP--/112324

 

Analyzing RFID security

This presentation analyses the weaknesses and the security level of RFID tags and cards, as these tools are more and more used for access control (buildings, rooms, cars or electronic devices). Karsten Nohl takes the example of the Mifare Classic cards to show the complexity of RFID systems and explain what the possible attacks are. He also provides an open-source tool that enables to test the security on these systems, as well as an RFID reader.

http://events.ccc.de/congress/2008/Fahrplan/events/3032.en.html

http://www.heise-online.co.uk/news/25C3-Many-RFID-cards-poorly-encrypted--/112336

 

DECT

The DECT (Digital Enhanced Cordless Telecommunication) standard is one of the main protocols used in the wireless telephony area. This protocol uses the standard encryption mechanisms to authenticate bases and terminals and to encrypt the data transfer. The researchers who made this presentation have shown that is was possible to bypass these encryption features on these devices in order to spoof the phone calls, using a simple VoIP card (23 euros) and a Linux computer.

http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html

http://www.heise-online.co.uk/news/25C3-Serious-security-vulnerabilities-in-DECT-wireless-telephony--/112326

 

CISCO IOS attack and defense

This presentation, made by a researcher of Phenoelit, aims at making a state of the art regarding the security of the Cisco IOS operating system: attacks passed, present and future, most common bugs, classes of vulnerabilities and their exploitation and the latest methods and techniques. The researcher presents a method allowing to exploit the code of the software used during the reboot of the operating system (method that could work on most of Cisco IOS devices).

http://events.ccc.de/congress/2008/Fahrplan/events/2816.en.html

http://www.heise-online.co.uk/news/25C3-Reliable-exploits-for-Cisco-routers--/112323

 

Predictable RNG in the vulnerable Debian OpenSSL package

This presentation deals with the flaw discovered in the random number generation used for SSL on Linux Debian and derived systems (Ubuntu, Knoppix…). The speaker, who discovered the flaw, analyses the consequences as well as the possibilities of exploitation.

This vulnerability is described in the CERT-IST/AV-2008.222.

http://events.ccc.de/congress/2008/Fahrplan/events/2995.en.html

 

MD5 considered harmful today

This presentation regarding a vulnerability in the MD5 hashing algorithm was very expected, due to the media attention and its possible consequences. It allows a remote attacker to create a fake X509 certificate that will be recognized by many certificate authorities and spoof the content of Internet sites. The demonstration made uses a set of 200 Sony Playstation 3 consoles, which computation power was used to calculate a certificate that will have the same hash as a legitimate certificate (MD5 collision).

A message regarding this vulnerability was sent on the "Vuln-Coord" mailing list: VulnCoord-2008.040.

http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html

http://www.heise-online.co.uk/news/25C3-MD5-collisions-crack-CA-certificate--/112327

 

Nokia Curse of Silence

In parallel of this conference, a researcher (Tobias Engel) made the demonstration of an attack targeting mobile phones running the Symbian S60 operation system. The attack, named « Curse of Silence », allows a malicious person to block thanks to a specially crafted SMS message, the SMS messages reception service on the victim phone, preventing thus the future reception of SMS or MMS messages.

A message regarding this vulnerability was sent on the "Vuln-Coord" mailing list: VulnCoord-2009.001.

http://berlin.ccc.de/~tobias/cos/s60-curse-of-silence-advisory.txt

http://www.heise-online.co.uk/news/25C3-MD5-collisions-crack-CA-certificate--/112327


This conference ended the 2008 year already rich in events, and as shown by the large number of topics and technologies covered. It is very likely that the upcoming year will also be full in term of security. And if all these technologies are not always monitored by the Cert-IST, it is worth mentioning that security research targets many varied domains.


For more information:

Chaos Communication Congress : http://events.ccc.de/

 

Previous Previous Next Next Print Print