Area41 Conference 2016

Last Friday, Brian and I were at the  Area41 Security Conference. The conference is a branch of Defcon conference and is more or less a small conference of the Swiss hacker community. Being in a “rock music club”, the speakers presented on a stage where usually the rock stars are performing – which gives the conference a very special flair and an interesting atmosphere. We’ve been at the conference to present our research about VoLTE technology including some attack scenarios we’ve evaluated in the past. More on this later, let’s first talk about the conference itself.

On the first day we were invited to the speakers’ dinner where we got to know the organizers, helpers and the other speakers. The dinner was quite interesting because the speakers dinner was in a casino where we could play blackjack and roulette. While playing these games we got some food, had some nice discussions and we got an outlook on the talks of the next days. As it is quite a tradition on our blog, we’d like to summarize some of them for you:

Social Media Risk Metrics by Ian Amit
This talk was not a technical one, but it is very interesting in a different kind of view. Ian introduced his methodology to perform a risk analysis of people being active in social networks. You can think of people who are publicly revealing private information on social media which could be used for blackmailing or social engineering. To evaluate the resulting risk, he created ratings for people based on a couple of values. Finally, he was able to score the behavior of the people; in my view, this idea is very interesting and I can recommend to give it a try.

Time is not on your side: Exploiting browser-based web timing attacks by Tom Van Goethem
Initially, we got to know Tom at the speakers’ dinner and that is why I joined his talk on the second day of the conference. His work focuses on timing-based side-channel attacks in modern web-browsers. With these side-channel attacks it is possible to disclose information content of previously visited homepages. As an example, he demonstrated how it is possible to derive the number of messages in gmail folders.

Smart Sheriff, Dumb Idea by Abraham Aranguren & Fabian Faessler
Abraham as a Troopers veteran presented the results from a pentest of a Korean children surveillance application called “Smart Sheriff”. The report of this pentest is also publicly available on their homepage. The software is widely used by parents in South Korea to observe the children’s smartphones and their communications. The pentest covered a couple of interesting attack vectors – for example think of “bad kids” bothering other ones by faking malicious actions on their smartphone. Interesting attack vector, interesting results 🙂

The Badge
Area41 had a sweet little badge based on an ESP8266 WiFi SoC. It basically consisted of the WiFi module, two RGB LEDs, two pushbuttons and two AA batteries. Being connected to a hidden, WPA2 protected WiFi a central server was able to push blinking patterns onto the badge. Above that the two pushbuttons enabled the attendee to provide input to the server and as such influence the next patterns. The buttons also offered bit of hackability, as there were secret button input patterns which would trigger certain LED blink patterns. With the ESP module and both sensors (buttons) and actors (LEDs) the badge is a plain IoT device as all the others out there. By applying a few lines of custom code it can easily be used to trigger various home automation equipment.

Brian & Hendrik