Just arrived home from Washington, DC where I attended and presented at the Black Hat DC Briefings. I was fairly busy throughout the briefings and didn't make it to as many presentations as I hoped, but I thought I'd detail a few of the more interesting ones.
Presentations of Interest
David Hulton and Steve, Pico Computing, Inc.
David and Steve's presentation on GSM cracking definitely received the most attention of the briefings. While the A5/1 GSM cipher has seen its share of attacks in the past, the presenters showed how it could be cracked with a price tag accessibile to the average joe. Using about \$1000 worth of equipment including a USPR (Universal Software Radio Peripheral) to capture the encrypted streams and FPGAs to do the actual cracking, they demonstrated that the A5/1 cipher could be cracked in about half an hour. Scaling the system up with more FPGAs results in even faster cracking time. Fun stuff, I need to get my hands on a USPR ASAP.
Side Channel Analysis on Embedded Systems
Job DeHaas, Riscure
Job from Riscure presented some slick demos of side channel attacks on embedded devices. Side channel attacks are well-known throughout the crypto community but Job kept it interested by detailing some of the trends observed as tamper resistance is becoming more prevalent in consumer devices. The neat part was getting to see the actual sensor device used to monitor the side channel and feed the leaked information to the box doing the analysis. Apparently the new FIPS 140-3 certification standard will require some level of resistance against side channel attacks.
Jason Larsen, IOActive, Inc.
The best presentation, in my opinion, was Jason Larson's from IOActive on SCADA security. Unlike all the other uninformed, full-of-hype, dooms-day, live-free-or-die-hard SCADA presentations I've seen, this one came from someone who dealt with the systems day-to-day for the past five years. After smashing a bunch of SCADA myths through some entertaining Hollywood clips, the rest of the presentation focused on how physical damage can realistically be achieved through an attack on a SCADA system. Jason also let out a few interesting gems about existing SCADA attacks that have happened but were not publically announced. Apparently, there's been at least four cases of extortion where an attacker gained control over a SCADA control system and demanded payment. And, in all four cases, the attacker was paid out. Also included was the video leaked from DHS showing a huge generator literally jumping off the ground and spewing out steam after an attack.