Key-logger, Video, Mouse: How to turn your KVM into a raging key-logging monster

Presented at 32C3 (2015), Dec. 27, 2015, 5:15 p.m. (60 minutes)

Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field? Well, that’s what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday’s dirty coffee cup. The little grey box that is most commonly known as ‚KVM‘. The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster. We will safely guide you through the embedded wastelands, past unknown IC’s, to explore uncharted serial protocols and unravel monstrous obfuscation techniques. Walking along the misty firmware woods of 8051 assembly we will challenge ambiguous functions, and confront undebuggable environments. Finally, we will present a live demo of our POC code and show you that air-gapped networks might not be as segregated as you imagined. You will witness that malware code could actually reside outside your computer, persisting through reboots, wipes, formats, and even hardware replacements. You might laugh, you might cry, but one thing is certain – you will never look at your KVM the same as before Our presentation will guide the audience trough an entire research project process: from the choice of a research subject, the learning stage, trough the many failures along the way, and until a complete success is finally achieved. Our research process provides useful insights for both entry-level and experienced researchers in the hardware hacking area. This research sheds light on a brand new field that has yet to be uncovered by the security community. We believe that CCC, as one of the world’s largest security convention, will provide the most suitable stage to share our research story and its implications. And finally, this talk is the product of a long research project which was both fulfilling and exciting, we are confident the audience will relive our experiences throughout the presentation.

Presenters:

• Yaniv Balmas
  Yaniv is a software engineer and a seasoned professional in the security field. He wrote his very first piece of code in BASIC on the new Commodore-64 he got for his 8th birthday. As a teenager, he spent his time looking for ways to hack computer games and break BBS software. This soon led to diving into more serious programming, and ultimately, the security field where he has been ever since. Yaniv is currently working as a security researcher at Check Point Software Technologies where he deals mainly with analyzing malware and vulnerability research.

Links:

• https://fahrplan.events.ccc.de/congress/2015/Fahrplan/events/7189.html

Similar Presentations:

• DEF CON 23 (2015) / Key-Logger, Video, Mouse - How To Turn Your KVM Into a Raging Key-logging Monster
• Black Hat USA 2011 / Virtualization Under Attack: Breaking out of KVM
• DEF CON 19 (2011) / Virtualization Under Attack Breaking out of KVM