Great Crypto Failures

Presented at VB2016, Oct. 5, 2016, 4:30 p.m. (30 minutes).

"There is a theory which states that if ever anyone discovers exactly how to properly use cryptography, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened." Cryptography is no longer a niche malware feature. It has become the weapon of choice to subject victims to extortion, perform covert communications, achieve stealth and much more. Almost no crimeware bag of tricks is complete without a nasty ransomware binary somewhere in it. Like any other dangerous weapon, cryptography should be handled with care; in the wrong hands, it can easily become a double-edged sword - and, in fact, it does. There appears to be no upper bound for how ill-designed cryptography can be. Whenever you think you have seen the worst of it... well, you better think again. Our talk will showcase several real-world cryptographic disasters encountered by our researchers. Some are more well-known than others, but all have had consequences - for the attacker as well as their victims. Trying to extract value from these failures is often a crapshoot. In some cases, there is not much to do but to watch cryptography fail and laugh/cry. However, in other cases - especially if you know what to look for - you may be able to use cryptographic failures to your advantage and subvert the original intent of the malware to your benefit. This presentation will try to educate the audience on the common methods that can be employed to identify those failures, and perhaps save yourself, or others, from a very sticky situation. Points to be discussed during the presentation: * A technical overview of the uses of cryptography in modern malware. * Learn by example: Real-life cases of common mis-usages in cryptographic implementations, such as: bootleg homebrew crypto, key reuse, mishandling modes of operation, key mismanagement, weak encryption parameters. * Methods of detection: What can be done to detect these cryptographic gaffes? How does a human approach this without resorting to huge mathematical formulas? * Ways to take action: How can one take advantage of these failures and turn the tables on cybercriminals?

Presenters:

  • Yaniv Balmas - Check Point Software Technologies
    Yaniv Balmas Yaniv Balmas is a software engineer and a seasoned professional in the security field. He wrote his very first piece of code in BASIC on the new Commodore-64 he got for his 8th birthday. As a teenager, he spent his time looking for ways to hack computer games and break BBS software. This soon led to diving into more serious programming, and ultimately, the security field where he has been ever since. Yaniv is currently leading the malware research team at Check Point Software Technologies where he deals mainly with analysing malware and vulnerability research.
  • Ben Herzog - Check Point Software Technologies
    Ben Herzog Ben Herzog is a maths aficionado working undercover at Check Point as a security researcher. He dabbles in reverse engineering, cryptography and machine learning, though his secret dream is finding an application of metric space theory to anything at all. He majored in mathematics and computer science at the Technion and is currently a student on the Ben-Gurion university's information security graduate program.

Links:

Similar Presentations: