More topics to be discussed at The Standoff: ICS security, approaches to disclosure of dangerous vulnerabilities and evasion attacks against computer vision
We continue to introduce you to the program of the online conference, which will be held as part of The Standoff. Please find announcements of other talks on the Positive Technologies website (first and second announcements), and here are five more interesting topics.
How to disclose serious weaknesses
In the "Kr00k," the talk given by Robert Lipovsky, Senior Malware Researcher at ESET, you will learn the details on his responsible disclosure process of serious security weaknesses identified in chipsets used by a significant number of Wi-Fi capable devices. Robert will also tell how he successfully cooperated with vendors while they prepared patches.
The presentation will include technical details and a demonstration, where the speaker will show how his team triggered a reassociation to set an all-zero encryption key and decrypt intercepted packets. He will also discuss the potential impact of these vulnerabilities, along with the limitations of exploiting them.
Specifically, the speaker discovered that FullMAC Wi-Fi chipsets by Broadcom (Cypress)—and possibly other manufacturers—are vulnerable to encrypting packets in a WPA2-protected network with an all-zero encryption key. The number of affected devices is likely over a billion including devices by Amazon, Apple, Samsung, and others that use the vulnerable chipsets. The chipset-level all-zero-key vulnerability has been assigned CVE-2019-15126.
How to hack a factory
Vyacheslav Moskvin, Senior Specialist of ICS Security at Positive Technologies, will conduct a three-day workshop on ICS security. Specially for pentesters and reverse engineers.
The speaker will describe ICS features and tell how to hack the system. Specially for reverse engineers, the talk will cover firmware analysis of industrial devices: the speaker will provide an overview of their internals, explain how to obtain the firmware, and outline the first steps of the analysis.
Verix OS security
Independent researcher Danila Parnishchev will give a talk about the design and security of the Verix OS, a proprietary platform for POS terminals that has its own SDK, binary executable format, and developer documentation. Although recent trends in digital payments suggest that mobile POS terminals may eventually replace this old platform entirely, it is still widely used all over the world.
Therefore, the security of the Verix platform remains an important and timely topic. The talk describes the internal structure of the OS, as well as external protocol for uploading and downloading files to and from Verifone terminals. It also introduces tools developed for static analysis of Verix binary applications. And, of course, security issues will also be presented, including a critical vulnerability that allows bypassing signature verification and running arbitrary applications on POS terminals.
Best practices of vulnerability disclosure
Cesar Cerrudo, Chief Technology Officer at IOActive Labs, will give a talk that can help those companies that are not mature enough to improve their vulnerability disclosure processes, and also make researchers more collaborative and their lives easier.
In 20+ years working in cybersecurity, the speaker reported more than 1,000 vulnerabilities to a wide variety of companies. The response (or lack thereof) from different vendors was also very different, depending on vendor security maturity. Based on his experience, the speaker came up with a list of disclosure laws which he is willing to share.
Evading machine learning antimalware models
Hyrum Anderson, Principal Architect at Azure Trustworthy Machine Learning, Microsoft, will talk about evasion attacks against computer vision. The speaker's research shows that while the underlying concepts of evading machine learning remained constant, an evolution of tactics from manual bypasses towards automated learning methods manifested itself in just over a year. Hyrum will review the concepts and evolutions, highlighting a relatively sophisticated sequential optimization attack against black-box antimalware models.