Seeing Inside the Encrypted Envelope

Presented at REcon 2019, June 28, 2019, 1 p.m. (60 minutes)

Closed-source software often uses proprietary encrypted protocols to communicate with servers and peers. A common problem when evaluating the security of such software is gaining access to the underlying unencrypted protocol so that traffic can be analyzed and altered. This talk explores solutions for this problem.

This talk will describe the tooling used to find vulnerabilities in messaging and videoconferencing apps including WhatsApp, Facebook Messenger, Telegram, Signal and FaceTime. It will discuss the possible approaches for viewing and modifying encrypted protocols, why certain approaches were selected and lessons learned.

Presenters:

• Natalie Silvanovich
  Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is browser security, including script engines, WebAssembly and WebRTC. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

Links:

• https://cfp.recon.cx/reconmtl2019/talk/JRBNCA/
• https://infocon.org/cons/REcon/REcon 2019 Montreal/REcon 2019 Montreal videos/Natalie Silvanovitch.Seeing Inside the Encrypted Envelope-M8rga9e8H27Ee.mp4

Similar Presentations:

• AppSec USA 2017 / Beyond End-to-End Encryption: Threats Models For Secure Messaging
• Black Hat USA 2019 / Messaging Layer Security: Towards a New Era of Secure Group Messaging