Grand Idea Studio » Security

Perspectives from the L0pht

Admin — Thu, 20 May 2010 18:01:41 +0000

For nearly a decade, Joe Grand of Grand Idea Studio was a member of the infamous hacker collective known as L0pht Heavy Industries in Boston, Massachusetts. Starting in the early 1990s as a clubhouse for local hackers to store computer equipment, tinker with projects, and just hang out, the L0pht (spelled ell-zero-ph-t) ended up as seven close-knit friends changing the face of computer security vulnerability research and disclosure. [ continue ]

Hacks and Attacks: Examples of Electronic Device Compromise

Admin — Thu, 20 May 2010 00:35:06 +0000

As engineers, we have a responsibility to learn from problems of the past in order to better equip ourselves for designs of the future. This session presents the typical hardware hacking process and some high-profile attacks against electronic devices such as microprocessors, smartcards, and parking meters. [ continue ]

Hardware is the New Software

Admin — Sun, 11 Oct 2009 20:11:39 +0000

Society thrives on an ever increasing use of technology. Electronics are embedded into nearly everything we touch. Hardware products are being relied on for security-related applications and are inherently trusted, though many are completely susceptible to compromise with simple classes of attacks that have been known for decades. [ continue ]

Smart Parking Meters

Admin — Thu, 30 Jul 2009 17:45:36 +0000

Throughout the United States, cities are deploying “smart” electronic fare collection infrastructures. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves. [ continue ]

Hardware Hacking Training Courses

AdminII — Thu, 01 Nov 2007 00:55:47 +0000

Grand Idea Studio’s training courses, taught exclusively by Joe Grand, focus on hands-on learning and aim to provide a fun, educational experience. All courses can be tailored for a specific audience or objective. Please visit the Events page for currently scheduled sessions or contact us for more information. [ continue ]

RFID Security

Admin — Wed, 27 Sep 2006 00:44:52 +0000

This presentation details RFID (Radio Frequency Identification) technology and its overarching security vulnerabilities. It begins with an overview of RFID architecture, standards, and common uses and implementations. The rest of the presentation focuses on security risks and practical attacks used to compromise an RFID system. [ continue ]

Exploring Security Problems in Hardware Devices

AdminII — Fri, 01 Apr 2005 00:56:57 +0000

Most users treat a hardware solution as an inherently trusted black box. “If it’s hardware, it must be secure,” they say. This presentation explores a number of classic, historical security problems with hardware products, including access to stored data, privilege escalation, spoofing, and man-in-the-middle attacks. Technologies commonly used in the network and computer security industries are examined, including access control, authentication tokens, and network appliances. Some of the devices mentioned in this presentation have since been updated to prevent the discussed attacks. [ continue ]

Understanding Hardware Security

AdminII — Fri, 15 Oct 2004 00:57:46 +0000

This presentation serves as an introduction to embedded security. Designing offensively may be your best protection against attack, so we discuss how to reduce the number of vulnerabilities in your hardware designs and how to evaluate the threats against your products. [ continue ]

A Commentary on Adopting Security Technologies

AdminII — Sat, 18 Sep 2004 00:59:35 +0000

We, as a population, have become so dependent on technology that we often forget the major risks associated with using it. This commentary discusses the problem as it relates to the computer security industry and examines the need for proper understanding, scrutiny, and testing of new security technologies before they are released into a live environment. [ continue ]

Advanced Hardware Hacking Techniques

AdminII — Sat, 31 Jul 2004 01:00:32 +0000

This presentation looks at advanced hardware hacking and reverse engineering techniques. We’ll examine the steps taken by designers to incorporate security into their hardware products and then discuss ways to attack them. [ continue ]

A Historical Look at Hardware Token Compromises

AdminII — Thu, 29 Jul 2004 01:01:58 +0000

This presentation examines the details behind successful hardware attacks of early authentication tokens: two USB devices and one iButton device. We’ll be looking at the methods used to compromise the devices and gain access to private data stored on them without having legitimate credentials. Our attacks were based on an approach of using only common, off-the-shelf tools, yet we still succeeded in defeating the security features. Both USB devices have since been updated to prevent the attacks mentioned in this presentation. While learning from history is important to avoid repeating the same design mistakes, we’ll also look at some of the newer authentication tokens and hypothesize about potential attacks. [ continue ]

Mobile Device Insecurity

AdminII — Fri, 21 May 2004 01:03:02 +0000

This presentation serves as an introduction into the classes of security problems in mobile devices, including system password retrieval, debugging modes, and synchronization interfaces of Palm, Pocket PC, and Psion/Symbian platforms. Attack vectors and malicious code risks are examined, as are key recommendations for securing mobile devices in the face of these problems. [ continue ]

A Hacker’s Top 10 Guide to Protecting Enterprise Systems

AdminII — Wed, 07 Apr 2004 01:04:19 +0000

Implementing proper computer security in your enterprise systems can only occur after an understanding of attack threats and risks, as no one solution is suitable for every organization. This presentation, based on Microsoft’s “The Ten Immutable Laws of Security,” discusses high-level security concepts and solutions. [ continue ]

Secure Hardware Design for Embedded Systems

AdminII — Tue, 30 Mar 2004 01:05:16 +0000

The design of secure hardware is often overlooked in the product development lifecycle, leaving many devices vulnerable to hacker attacks resulting in theft of service, loss of revenue, or a damaged reputation. Many times, products must be redesigned after a harmful incident, which raises overall development costs and increases time-to-market. This paper focuses on general concepts for secure hardware design coupled with practical examples. Topics in this paper include recommendations on incorporating security into the product development cycle, attack and threat models, and design solutions for enclosure, circuit board, and firmware layers. [ continue ]

Tribble

AdminII — Mon, 16 Feb 2004 01:06:17 +0000

Tribble is a hardware expansion card that can reliably acquire the volatile memory of a live system to removable storage. The hardware device directly accesses memory and does not require any software to be loaded (which could overwrite possible evidence). [ continue ]

Wireless Site Survey

AdminII — Thu, 25 Sep 2003 01:07:15 +0000

One of the main benefits of wireless LANs is that they provide an easy method to access your network from anywhere inside your organization, but this is also one of the biggest problems. This presentation discusses ways to properly review your wireless infrastructure so that you can understand potential security risks and remain in control of your network. We examine tools and techniques for mapping wireless LANs and reining them in, along with suggestions and recommendations for maintaining a secure wireless LAN infrastructure. [ continue ]

pdd (Palm dd)

AdminII — Sat, 29 Jun 2002 01:08:39 +0000

pdd (Palm dd) is a Windows-based tool for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or “snapshot” of the Palm device’s memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors. [ continue ]

Decoding the Mobitex Protocol

Admin — Fri, 18 Jan 2002 22:49:29 +0000

This paper examines the Research In Motion RIM 950 and RIM 957 BlackBerry Wireless Handhelds and details the process and tools required to capture data transmissions, decode the wireless Mobitex protocol, and retrieve all e-mail and associated attachments that are sent from Internet Edition devices. [ continue ]

Authentication Tokens: Balancing the Security Risks with Business Requirements

AdminII — Thu, 20 Sep 2001 01:10:28 +0000

Stolen passwords represent a significant threat to today’s enterprise. It has become apparent that a simple username and static password combination to login to a system is not adequate to protect most business information. As the corporate network is increasingly used to store disparate levels of company confidential information, there is a need for user access control. Authentication tokens are hardware or software devices that generate dynamic one-time passwords through the use of a mathematical function. This report examines the business needs, deployment strategies, and security risk scenarios of hardware vs. software-based token technologies. No single technology will provide the ultimate solution for every situation, and there are advantages and disadvantages to the use of each type. [ continue ]

Ointment

AdminII — Tue, 14 Aug 2001 01:12:19 +0000

Ointment exploits a design problem with the Palm OS Debug Mode and the use of weak obfuscated system passwords. Ointment will emulate the Palm OS serial link protocol (SLP) and the ‘export’ and ‘reset’ commands of the Palm OS Console Debug Mode, retrieve the encoded password block from the “Unsaved Preferences” database of the target device, and decode and display the resultant ASCII password. [ continue ]

Security Analysis of the Palm Operating System

AdminII — Tue, 14 Aug 2001 01:11:28 +0000

Portable devices, such as Personal Digital Assistants (PDAs), are particularly vulnerable to malicious code threats due to their widespread implementation and current lack of a security framework. The presented research provides detail into specific scenarios, weaknesses, and mitigation recommendations related to data protection, malicious code, virus storage, and virus propagation. [ continue ]

Palm OS Password Lockout Bypass

AdminII — Fri, 02 Mar 2001 01:12:59 +0000

The Palm Operating System (OS) Security application provides “system lockout” functionality in which the Palm device will not be operational until the correct password is entered. The password is also used to protect and hide records by marking them as “Private.” A backdoor exists in Palm OS which provides source and assembly level debugging of executables and the administration of databases existing on the physical device. [ continue ]

DS1991 MultiKey iButton Dictionary Attack

AdminII — Fri, 19 Jan 2001 01:14:06 +0000

Dallas Semiconductor’s (now Maxim Integrated Products) iButton devices are hardware tokens deployed globally in applications such as cashless transactions, stored-value debit/electronic wallets, software copyright protection, user authentication, and access control. Each dime-sized device contains a 64-bit unique identifier and various sizes of memory storage.The DS1991 makes use of three distinct passwords to protect three secure data areas within the device. The discovered vulnerability, detailed in this advisory, potentially allows an attacker to determine the passwords used to protect these secure areas, thus gaining access to the protected data. Depending on the application, such data could include financial information, data representing monetary units, or user registration/identification information. [ continue ]

RSA SecurID Algorithm Cryptanalysis

AdminII — Tue, 02 Jan 2001 01:14:50 +0000

This short paper examines several discovered statistical irregularities in functions used within the RSA Security’s SecurID algorithm: the time computation and final conversion routines. Where and how these irregularities can be mitigated by usage and policy are explored. The primary concern is the possibility to generate a complete cycle of tokencode outputs given a known secret, which is equivalent to the cloning of a token device. [ continue ]

SafeWord e.iD Palm Authenticator PIN Extraction

AdminII — Fri, 15 Dec 2000 01:15:39 +0000

Secure Computing’s SafeWord is a user authentication and access control suite which uses various hardware and software token devices for the creation of dynamic, one-time passwords. The e.iD Palm Authenticator, which runs on a Palm handheld device, generates the one-time-password response. A Palm OS .PDB file is created for each user and loaded onto their Palm device. By gaining access to the .PDB file, the legitimate user’s PIN can be determined within hours through a series of DES encrypt-and-compares. [ continue ]

Attacks on USB Hardware Token Devices

AdminII — Fri, 13 Oct 2000 01:18:27 +0000

This paper presents the methods used to attempt access to private data stored in Universal Serial Bus (USB) hardware authentication tokens without having legitimate credentials. We look at the current state-of-the-art products of the commercial world. Our research is based on an approach of using only common, off-the-shelf tools, yet we still succeed in defeating the security features and gaining access to private data. We also examine other areas that may be susceptible to attack. Countermeasures and design changes that will enhance the security of such devices are proposed. [ continue ]

Palm OS Password Retrieval and Decoding

AdminII — Wed, 27 Sep 2000 01:19:07 +0000

Palm OS devices offer a built-in Security application which is used for the legitimate user to protect and hide records from unauthorized users by means of a password. In all basic built-in applications (Address, Date Book, Memo Pad, and To Do List), individual records can be marked as “Private” and will only be accessible if the correct password is entered. It is possible to obtain an encoded form of the password, determine the actual password due to a weak, reversible encoding scheme, and access a user’s private data. In order for this attack to be successful, the attacker must have physical access to the target Palm device. [ continue ]

iKey 1000 Administrator Access

AdminII — Fri, 21 Jul 2000 01:21:49 +0000

Rainbow Technologies’ iKey 1000 is a portable USB device providing authentication and digital storage of passwords, cryptographic keys, credentials, or other data. Administrator access to the iKey 1000 is provided with the MKEY (Master Key) password and allows device initialization, configuration, and access to all data stored on the key. [ continue ]

eToken R1 Private Information Extraction

AdminII — Fri, 05 May 2000 01:22:56 +0000

Aladdin Knowledge Systems’ eToken is a portable USB authentication device providing access control for digital assets. By using any industry-standard device programmer to modify the unprotected external memory, the user PIN can be changed back to the default PIN. The attack requires physical access to the device circuit board and will allow all private information to be read from the device without knowing the PIN number of the legitimate user. [ continue ]

Compromising Voice Messaging Systems

AdminII — Wed, 03 May 2000 01:24:04 +0000

Voice mail systems and answering machines are an important part of the corporate information flow. However, they are frequently left unprotected and are overlooked when security assessments are performed. Access to these systems may yield valuable information and may assist attackers to further their attacks on the company’s computer infrastructure. This brief paper introduces the concept and methodologies of compromising voice mail systems and answering machines, provides vendor specific characteristics to aid in voice mail compromise, and contains a reference of related news reports, security advisories, and software tools. [ continue ]