Hacking Google Chrome OS

Presented at DEF CON 19 (2011), Aug. 6, 2011, noon (50 minutes).

Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company is getting ready to market them to businesses as well as consumers. What's different about Chrome OS and Chromebooks, other than the entire user-experience taking place exclusively in a Web browser (Google Chrome), is everything takes place in the cloud. Email, document writing, calendaring, social networking - everything. From a security perspective this means that all website and Web browser attack techniques, such as like Cross-Site Scripting, Cross-Site Request, and Clickjacking, have the potential of circumventing Chrome OS's security protections and exposing all the users data. Two members of the WhiteHat Security's Threat Research Center, Matt Johansen and Kyle Osborn, have spent months hacking away on Google's Cr-48 prototype laptops. They discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by: • Exposing of all user email, contacts, and saved documents. • Conduct high speed scans their intranet work and revealing active host IP addresses. • Spoofing messaging in their Google Voice account. • Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains. While Chrome OS and Chromebooks has some impressive and unique security features, they are not all encompassing. Google was informed of the findings, some vulnerabilities were addressed, bounties generously awarded, but many of the underlying weaknesses yet remain -- including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot. With the cloud and web-based operating systems poised to make an impact on our computing future, Matt and Kyle ready to share all their never-before-seen research through a series of on-stage demonstrations.

Presenters:

  • Matt Johanson - Application Security Specialist, WhiteHat Security
    Matt Johanson is an application security specialist at WhiteHat Security where he oversees and assessments on more than 250 web applications for many Fortune 500 companies across a range of technologies such as PHP, .NET, Ruby on Rails, and Flash. He was previously a consultant for VerSprite, where he was responsible for performing network and web application penetration tests. Mr. Johansen is also a professor of Web Application Security at Adelphi University and San Jose State University. He recently was part of the cut-score panel for the SANS certification by the GIAC and is the 29th person worldwide to achieve this certification. He holds a Bachelor of Science in Computer Science from Adelphi University. Twitter: @mattjay
  • Kyle Osborn / Kos - Application Security Specialist, WhiteHat Security   as Kyle 'Kos' Osborn
    Kyle 'Kos' Osborn is a web application security specialist at WhiteHat Security. He competes as a Red Team member in the West Coast Collegiate Cyber Defense Competition and has also done work for the US Cyber Challenge by building a CTF for three of the Cyber Camps. Mr. Osborn has also released Open Source security tools to the information security community, notably "Man Just Left of the Middle", which was featured in Dave Kennedy's Social Engineer Toolkit. He attended his first security conference at the age of 16 and was hooked. He firmly believes in sharing information and best practices throughout the security community to promote greater web security for all. He's a regular participants at conferences, including attending more than 20 security events in the last 4 years. Most recently was a featured speaker at Toorcon Seattle, where he spoke about embedded HTML engines in desktop applications. Hacker by day, hacking harder by night. Living in the danger zone. Twitter: @theKos

Links:

Similar Presentations: