Workshop Program

We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an application’s state. It follows immediately that servers may make false assumptions about users, hence, the flaw constitutes a security vulnerability. Moreover, in the context of authentication systems, we exploit the vulnerability to launch the following practical attacks: we exploit the Helios electronic voting system to cast votes on behalf of honest voters, take full control of Microsoft Live accounts, and gain temporary access to Google accounts.

One of the defenses against DNS cache poisoning is randomization of the IP address of the queried name server. We present a newly found vulnerability in BIND, the most widely used DNS software on the Internet, which enables an attacker to easily and deterministically control the queried name server chosen by BIND's resolver. The vulnerability lies in BIND's SRTT (Smoothed Round Trip Time) algorithm. The attack reduces the time and eort required to successfully poison BIND's cache.

We discuss our tools and techniques to monitor and inject packets in Bluetooth Low Energy. Also known as BTLE or Bluetooth Smart, it is found in recent high-end smartphones, sports devices, sensors, and will soon appear in many medical devices. We show that we can effectively render useless the encryption of any Bluetooth Low Energy link.

Recent roll-outs of contactless payment infrastructures—particularly in Austria and Germany&mdsash;have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.

Botnets are large networks of infected computers controlled by an attacker. Much effort has already been invested in the detection and analysis mechanisms, capable of defusing this type of threat. However, botnets have been constantly evolving, and will certainly continue to do so. We must, therefore, make an effort to foresee and study possible future designs, if we are to be capable of timely development of adequate defense mechanisms.

Many of the most recent methods to detect and analyze botnets are based upon the vulnerabilities of their command-and-control (C2) infrastructure. We thus believe that attackers will follow a predictable evolutionary pattern, and start using designs with more robust and stealth C2 channels, thus minimizing the risk of shutdown or infiltration. In this paper, we will therefore analyze in detail a new kind of botnet C2 infrastructure, where bots do not possess any information concerning command-and-control mechanisms. These stealth, isolated bots are controlled through honest participants not pertaining to the botnet. This architecture eliminates the possibility of estimation of the botnet size, minimizes the probability of detection of individual bots, and eliminates the possibility of researcher infiltration.

Dropbox is a cloud based file storage service used by more than 100 million users. In spite of its widespread popularity, we believe that Dropbox as a platform hasn't been analyzed extensively enough from a security standpoint. Also, the previous work on the security analysis of Dropbox has been heavily censored. Moreover, the existing Python bytecode reversing techniques are not enough for reversing hardened applications like Dropbox.

This paper presents new and generic techniques, to reverse engineer frozen Python applications, which are not limited to just the Dropbox world. We describe a method to bypass Dropbox’s two factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented.

We believe that our biggest contribution is to open up the Dropbox platform to further security analysis and research. Dropbox will/should no longer be a black box. Finally, we describe the design and implementation of an open-source version of Dropbox client (and yes, it runs on ARM too).

Although software exploitation historically started as an exercise in coaxing the target's execution into attacker supplied binary shellcode, it soon became a practical study in pushing the limits of unexpected computation that could be caused by crafted data not containing any native code. We show how the ABI metadata that drives the creation of a process' runtime can also drive arbitrary computation. We introduce our design and implementation of Cobbler, a proof-of-concept toolkit capable of compiling a Turing-complete language into well-formed ELF executable metadata that get "executed" by the runtime loader (RTLD). Our proof-of-concept toolkit highlights how important it is that defenders expand their focus beyond the code and data sections of untrusted binaries, both in static analysis and in the dynamic analysis of the early runtime setup stages as well as any time the RTLD is invoked.

Trust Analysis, i.e. determining that a system will not execute some class of computations, typically assumes that all computation is captured by an instruction trace. We show that powerful computation on x86 processors is possible without executing any CPU instructions. We demonstrate a Turing-complete execution environment driven solely by the IA32 architecture’s interrupt handling and memory translation tables, in which the processor is trapped in a series of page faults and double faults, without ever successfully dispatching any instructions. The "hard-wired" logic of handling these faults is used to perform arithmetic and logic primitives, as well as memory reads and writes. This mechanism can also perform branches and loops if the memory is set up and mapped just right. We discuss the lessons of this execution model for future trustworthy architectures.