IBM/Trusteer Rapport: Does IBM (I)ntentionally (B)ackdoor (M)achines?

Presented at 44CON 2019, Sept. 12, 2019, 2:30 p.m. (59 minutes)

Despite my best efforts in 2011, IBM/Trusteeer Rapport is still doing the rounds in the UK banking community. Having concentrated on what was at that time OS-X related issues with only hints at the Windows issues, no one seemed to pick up the mantle to prove the remainder of Trusteer Rapport nothing more than snake oil. In the intervening years Trusteer have been hard at work improving their backdoors after their acquisition by IBM for a cool $1 billion in September 2013, quite the price to pay indeed. In this talk I’ll cover the historical state of, what was, the MacOS implementation since a recent disclosure resulted in IBM/Trusteer fixing the issues by performing a simple ‘rm -rf’ of the Kernel components (CVE-2018-1985) and the current state of play for the Windows components, the result of which is hopefully the ‘rm -rf’ of the Windows components.


  • Neil Kettle - Digit Labs
    Neil was testing various writing products when he found a pair of special sunglasses. Wearing them, he saw the world as it really is: people being bombarded by media and government with messages like “Stay Asleep”, “No Imagination”, “Nobody got fired for buying IBM”. Even scarier is that he is able to see that some usually normal-looking people are in fact ugly aliens in charge of the massive campaign to keep Trusteer Rapport installed. At the very first 44CON he came to chew bubble gum and kick ass. In 2019 he’s back… And he’s all out of bubble gum.


Similar Presentations: