CanSecWest: Day 1 Recap

CanSecWest: Day 1 Recap

The annual CanSecWest conference began on a sunny day in beautiful (but often rainy) Vancouver, British Columbia with well-known host Dragos Ruiu sporting an unusually flashy outfit.

Without further ado, the conference was underway.

Fighting Next-Generation Adversaries with Shared Threat Intelligence – Jacob West

To kick off the conference, this talk painted a bleak picture of the current state of information security skills and the lack of automation and collaboration within the industry. While having security courses given to students is a good thing, a more important one is to start software developers on the right path from the get-go. This was referred to as “robust programming” where coding with security in mind rather than coding for something that works, would solve many of our current security issues.

USB Flash Storage Threats and Threat Mitigation in an Air-Gapped Network Environment – George Pajari

This was a highly anticipated talk because of the recent badBIOS revelations. The presenter demonstrated a way to mitigate many of the security risks associated with using USB drives to transfer data to air-gapped systems.The method used an intermediate system called “sheep dip” where potentially hostile drives could be plugged in. The system would then only take the data and copy it onto another USB drive that could be plugged into the sensitive air-gapped machine. The idea is that any exploit (i.e. Stuxnet) would be stopped at the “sheep dip” system. However, a member from the audience asked a very pertinent question: what if the “sheep dip” system got compromised?

 No Apology Required: Deconstructing Blackberry 10 – Zach Lanier, Ben Nell

The two authors started with some tongue in cheek comment about how Canadians apologize for everything, before diving into Blackberry’s security. The talk was quite technical, describing how apps run with the same UID but within a separate GID (group ID). They talked about Blackberry’s .BAR format and listed some tools for testing purposes (BB Simulator, QNX software dev tool). They also evoked the ‘Balanced’ security technology to separate personal and corporate information, although they said it was simply based on file permissions.

Revisiting iOS Kernel (In)Security – Tarjei Mandt

This very detailed presentation dug deep into Apple’s Pseudorandom Number Generator (PRNG) on iOS 6, iOS 7 and briefly on OS X from seed generation (by iBoot) to seed recovery. It listed three areas of interest: kernel mapping, stack check guard and zone cookies. The author was very knowledgeable on this topic and did a live demo where he showed how to recover a seed using a technique known as backtracking. In addition to this method, he said that a robust PRNG should also resist direct crypto output attacks.

The Real Deal of Android Device Security: the Third Party – Collin Mulliner, Jon Oberheide

In an entertaining presentation, the two researchers laid the cards on the table by exposing how the fragmentation problem (in their study they listed 4,312 models) affecting Android has some serious impacts on security. They mapped out the ecosystem consisting of the Android Open Source Project (AOSP), the OEMs, and the carriers which all struggle with their own problem. Fragmentation also makes it hard to predict whether a vulnerability will affect another model, even if it is running the same Android version.

 Exploring RADIUS – Brad Antoniewicz

The last talk of the day was technical but made accessible by a colourful presenter. Radius is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. It is popular within enterprises for things such as corporate VPNs, etc. The speaker showed existing “fuzzing” tools used to detect vulnerabilities and some of his own. He also did a demo on how to exploit a Cisco appliance and execute arbitrary code on the target server by simply sending a command sent over a wireless network.

Day 1 was wrapped up by conference organizer Dragos, who hinted at some winners to the PWN2OWN competition who will be revealed the next day.



Jérôme Segura

Principal Threat Researcher