Some of you may have heard the topic before, as we have spoken about on this years BlackHat Europe, TROOPERS12 and HES12, so this is nothing completely new, but as we’re done with responsible disclosure (finally (-; ) and all the stuff should be fixed, we’re going to publish the code that brought us there. I will split the topic into two blog posts, this one will wrap up the setup, used components and protocols, the next one [tbd. till EOY, hopefully] will get into detail on the tools and techniques we used to break the enterprise grade security.
First lets take a look on all the components involved in the setup:
We’re delighted to provide the first announcement of talks of next year’s Troopers edition. Looks like it’s going to be a great event again 😉
Here we go:
Peter Kieseberg: Malicious pixels – QR-codes as attack vectors.
Synopsis: QR-Codes, a version of two-dimensional barcodes that are able to store quite large amounts of information, started gaining huge popularity throughout the last few years, including all sorts of new applications for them. Originating from the area of logistics, they found their ways into marketing and since the rise of modern smartphones with their ability to scan them in the street; they can be found virtually everywhere, often linking to sites on the internet. Currently even standards for paying using QR-codes were proposed and standardized. In this talk we will highlight possible attack vectors arising from the use of QR-Codes. Furthermore we will outline an algorithm for calculating near-collisions in order to launch phishing attacks and we will demonstrate the practical utilization of this technique.
Bio: Peter Kieseberg is a researcher at SBA Research, the Austrian non-profit research institute for IT-Security. He received a Dipl. Ing. (equivalent to MSc) degree in Technical Mathematics in Computer Science from the Vienna University of Technology. His research interests include digital forensics, fingerprinting of structured data and mobile security. Continue reading “Troopers 2013 – First Round of Talks Selected”