In their Black Hat panel on "war-texting," Don Bailey and Matthew Solnik, researchers from iSec Partners, will discuss finding mobile-networking vulnerabilities in automobiles that would allow an attacker to unlock them and turn the engine on remotely. Bailey devised a method for exploiting the GSM network to send malicious SMS (Short Message Service) communications that can upload data and transmit information.
"War-texting" is a variation of "war-driving," where people drive around in autos with devices designed to discover and intercept signals from unprotected wireless LANs. With war-texting, they are intercepting messages sent between servers and autos.
Dillon Beresford, a security researcher at NSS Labs, will be presenting his work on exploiting Siemens Simatic S7 process logic controllers. The talk, originally scheduled for the TakeDownCon security conference in May, was withdrawn after Siemens worried about potential ramifications if he publicized the vulnerabilities before they could be patched. At Black Hat, Beresford is expected to cover new vulnerabilities and demonstrate how attackers can impersonate the communication control used by the industrial control systems.
Researcher Dino Dai Zovi is performing a detailed audit of the security mechanisms and features in iOS 4 for his presentation. Dai Zovi will be making recommendations on what organizations can do when deploying iOS devices to their employees.
Independent security researcher James Arlen will discuss the threat of attacks on high-frequency trading systems. The rapid evolution of these systems has limited effective security oversight, Arlen says.
Trading systems execute trades in microseconds, which would be a problem for most IT departments because most security products have operational latencies measured in milliseconds, according to Arlen. Traditional IT environments are just too slow to handle the risks facing high-frequency trading systems.
And finally, Moxie Marlinspike, founder of start-up Whisper Systems, will discuss issues in the SSL (Secure Sockets Layer) and the fragile certificate authority infrastructure. The attack on root certificate authority Comodo, in which an attacker managed to issue valid certificates for domains belonging to Google, Yahoo, Skype and other companies, highlighted some of these issues.
Marlinspike will release a client-side software tool for Firefox that enables users to avoid having to rely on the certificate authority infrastructure to determine which sites were trusted and authentic.
Some newer cars have features that allow you to turn off the car alarm, unlock the doors and even start the engine using your mobile phone. You may have seen the TV commercials where a father unlocks a car and starts the engine for his daughter when in fact he’s on a business trip and not even in the same city as the vehicle. My first thought was ”I hope they have good security.”
Well, researchers have figured out how to hack into the system. They say it took them 2 hours to figure out how to intercept the wireless messages between the car and the network and then recreate them on a laptop. They plan on demonstrating the process at a hacker convention. Their presentation is called “War Texting: Identifying and Interacting with Devices on the Telephone Network.”
The researchers, Don Bailey and Mathew Solnik call this technique ‘war texting’ after another wireless technique, ‘war driving’ (http://ow.ly/5Q2SI) which involves driving around cities looking for data on wireless networks. Here’s the complete war texting article: http://ow.ly/5Pgl2
If you think that’s scary, consider this:
Bailey says the same technique could be used to knock out power grids and water supplies. The car alarm and some control devices (SCADA) on critical infrastructure are connected to public phone networks. It seems there isn’t much security. In many cases these systems were created before phone security became a problem. Now remote manipulation of these control systems using phones and laptops is possible. Bailey says “Now I can make your water undrinkable. That’s scary.” Here’s the article: http://ow.ly/5Q2Q2