Wednesday, January 19, 2011

BlackHat DC 2011: Inglourious Hackerds

Washington DC, USA, January 2011.

We are currently at the awesome BlackHat DC event, with hundreds of attendees coming from many different countries worldwide. We were invited here for the BlackHat Briefings, in order to give a talk, called "Inglourious Hackerds, Targeting Web Clients".

It was a pretty nice opportunity for us to explain some of our tricks related to client-side attacks in a web environment. For example, we talked about the vulnerabilities we found in 2010, that could allow you to either hack a remote web browser, or to counter-attack, etc.
Indeed we explained how we got some 0days against multiple different devices, by either fuzzing or pentesting those tools with  a blackbox behavior, exactly like when we do penetration tests on highly sensitive places for our customers.

When we are asked to launch a huge penetration test against an infrastructure, it does happen that we find unknown vulnerabilities, for example on  embedded devices like VOIP stuff, IP Camera, Phones, Access Points, etc. Why? Because it seems that IT has become more and more complex, with money issues and time issues. In this business world, where money does matter, you can easily have some people who will make low level errors that can lead to vulnerabilities. This is what we found recently on an IP Camera widely used for surveillance on earth.

In 2010, we also found security vulnerabilities on handled devices, like Apple iPhone, Apple iPod, Apple Safari Windows, Apple Safari MacOSX, Apple iPad, RIM BlackBerry, HTC Windows, Google Android... During our humble talk here in Washington DC, we tried to give information about how we found those concepts of exploits, thanks to the behavior of the handled devices that always try to analyze the data received in HTML web pages.

As a great surprise, we got the sharp people from RIM company, who accepted to come during our talk, in order to explain how they got rid of this vulnerability. M.Stone Adrian came and easily gave details about how they successfully handled the vulnerability we found against BlackBerry devices.

Thanks to his explanation, and to the meeting we had with Kymberlee Price from RIM, the attendees were able to understand how complex it might be to either mitigate such a vulnerability, or to patch it. Most of the unknown problems in the public, are related to the tests done by the carriers, worldwide.

You cannot just create a patch and then push it over the Internet. You also have to be sure about the results, so that nobody would get blocked with the brand new version.

For us, it was really interesting to meet some of the people from RIM who worked on the vulnerability we found, after months of discussions through emails. Internet is great, but meeting people in real life remains the best way to exchange... Luckily, we also got someone from Apple in our room.

Here are some references about the vulnerabilities found by TEHTRI-Security and explained during this talk at BlackHat Washington DC 2011:
We never shared the source code that could help at building an exploit against those devices, so that the customers would not be vulnerable because of a dangerous full disclosure, and we hope that our help to Apple and RIM allowed to improve the security of the Internet, with its never ending cyber conflicts worldwide.

Thanks again to BlackHat family for this opportunity, in this tremendous city...