The 11th USENIX Workshop on Offensive Technologies (WOOT17) took place the last two days in Vancouver. Some colleagues and I had the chance to attend and enjoy the presentations of all accepted papers of this rather small, single-track co-located USENIX event. Unfortunately, the talks have not been recorded. However, all the papers should be available on the website. It’s worth taking a look at all of the papers, but these are some presentations that we’ve enjoyed:
BADFET: Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection
This talk showed how the authors defeated secure boot on Cisco phones by leveraging controlled electromagnetic pulses. This attack resulted in a fault injection which allowed them to access the uBoot debug shell in order to compromise the device. The work is really interesting and the talk was very well prepared and executed, so it’s quite unfortunate that there is no recording. But I recommend everyone that is interested in this topic to take a look at the paper.
unCaptcha: A Low-Resource Defeat of reCAPTCHA Audio Challenge
A quite entertaining talk that showed how the reCAPTCHA audio challenge has been defeated with a combination of different voice-to-text services. I think the idea of defeating Google’s reCAPTCHA by using Google’s Translate service is quite hilarious. The paper is available here.
SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
The talk gave a brief introduction to how speakers and microphones work in general and showed a way that allows to transform headphones into microphones. This issue can have a considerable impact because it allows malware to wiretap systems that don’t even have a microphone connected remotely. I wouldn’t be surprised if some international intelligence agencies already used this for ages… Checkout the paper here.
Shedding too much Light on a Microcontroller’s Firmware Protection
The work is dedicated to analyze the firmware protection of microcontrollers. It revealed three critical vulnerabilities that allow to dump the content of flash memory of microcontrollers even if they are in protected mode. Read more about the work here.
So far the conference was running pretty well and we are looking forward to the next three days of USENIX Security.