Breaking the Security of Physical Devices

Presented at Black Hat USA 2014, Aug. 6, 2014, 5 p.m. (60 minutes).

In this talk, I look at a number of household or common devices and things, including a popular model car and physical security measures such as home alarm systems. I then proceed to break the security of those devices. The keyless entry of a 2004/2005 popular make and widely used car is shown to be breakable with predictable rolling codes. The actual analysis involved not only mathematics and software defined radio, but the building of a button pushing robot to press the keyless entry to capture data sets that enable the mathematical analysis. Software defined radio is not only used in the kelyess entry attack, but in simple eavesdropping attacks against 40mhz analog baby monitors. But that's an easy attack. A more concering set of attacks are against home alarm systems. Practically all home alarm systems that had an RF remote to enable and disable the system were shown to used fixed codes. This meant that a replay attack could disable the alarm. I built an Arduino and Raspberry Pi based device for less than $50 dollars that could be trained to capture and replay those codes to defeat the alarms. I also show that by physically tampering with a home alarm system by connecting a device programmer, the eeprom data off the alarm's microcontroller can be read. This means that an attacker can read the secret passcode that disables or enables the alarm. In summary, these attacks are simple but effective in physical devices that are common in today's world. I will talk about ways of mitigating these attacks, which essentially comes down to avoiding the bad and buying the good. But how do you know what's the difference? Come to this talk to find out.


Presenters:

  • Silvio Cesare - Qualys
    Silvio Cesare is a researcher, writer, and presenter in industry and academia. He is the author of the academic book "Software Similarity and Classification" published by Springer. He has spoken at multiple industry conferences including Black Hat, Ruxcon, Auscert, and Cansecwest. He holds a Doctorate from Deakin University in Australia. He has also worked in industry within Australia, France, and the United States. This work includes time as the scanner architect of Qualys - now the world's largest vulnerability assessment company. At present, he is again at Qualys in developing next-generation malware protection based on his University research. In 2008, he was awarded $5000 USD tied 3rd prize for the highest impact vulnerability reported to security intelligence company IDefense for an implementation specific IDS evasion bug in the widely deployed Snort software. He has a Bachelor of Information Technology and a Master of Informatics by research from CQUniversity where he was awarded with two academic prizes during his undergraduate degree, a University Postgraduate Research Award full scholarship during his Masters degree and an award for the highest achieving PhD student during his candidature.

Links:

Similar Presentations: