Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

The Coolest Hacks Of 2016

$
0
0

No 400-pound hacker here: Lightbulb and 'do-gooder' worms, machines replacing humans to hack other machines, and high-speed car hacking were among the most innovative white-hat hacks this year.

In a year where ransomware became the new malware and cyber espionage became a powerful political propaganda tool for Russia, it's easy to forget that not all hacking in 2016 was so ugly and destructive.

Sure, cybercrime and cyber espionage this past year turned the corner into more manipulative and painful territory for victims. But 2016 also had its share of game-changing "good" hacks by security researchers, with some creative yet unsettling ways to break the already thin-to-no defenses of Internet of Things things, as well as crack locked-down computers and hijack computer mice. Hackers even took a back seat to machines in the first-ever machine-on-machine hacking contest this summer at DEF CON.

So if you're still confused about that elusive "400-pound" hacker in his bedroom, or just sick of hearing about Bitcoin ransoms and fancy and cozy Russian "bears," here's a look at some of the coolest hacks by the good guys this year.

'MouseJack' attack bites wireless non-Bluetooth wireless mice.

With a $15 dongle, researchers at Bastille were able to sniff traffic from PCs, Macs, and linux machines that use non-Bluetooth wireless mice and keyboards, thanks to the unencrypted communications employed by seven different wireless dongle vendors.

The so-called "MouseJack" attack exploited nine vulnerabilities across devices from Logitech, Dell, HP, Lenovo, Microsoft, Gigabyte, and AmazonBasics. The researchers could take control of the input devices and ultimately infiltrate the machines and their networks―from a distance of 100 meters from the victim's machine.

MouseJack exploits wireless proprietary protocols that operate in the 2.4GHz ISM band and don’t encrypt communications between a wireless mouse and its dongle. An attacker then could spoof a mouse and insert his own clicks and inputs to the dongle, and generate keystrokes instead of mouse clicks on the victim’s computer.

"If an attacker sitting in the lobby of a bank could get the wireless dongles [via MouseJack], all of a sudden you’ve got an APT [advanced persistent threat] inside a bank," said Marc Newlin, the Bastille engineer who found the flaws that lead toMouseJack. An attacker could install rootkit, for instance, he noted. Lights-out worm

Who needs to hack the power company when all it takes is one "smart" lightbulb rigged with a worm to spread to nearby lights within minutes? At Black Hat USA this summer, researcher Colin O'Flynn, who is CTP of NewAE Technology Inc., outlined work he and fellow researchers Eyal Ronen, Adi Shamir, and Achi-Or Weingarten conducted with the Philips Hue smart lighting system to demonstrate how a worm could be unleashed to turn out (or on) the lights in a city of local area, or even to wage a distributed denial-of-service attack.

"The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity," the researchers wrotein a research paper.

They wanted to illustrate how plugging in just one infected bulb anywhere in a city using the smart lights could then spread to adjacent lights throughout the city.

While the attack sounds simple on paper, it was actually quite sophisticated. The researchers discovered and exploited a vulnerability in the Touchlink element of the ZigBee Light Link protocol, as well as devised a type of side-channel attack to grab Philips' global AES-CCM key that encrypts and authenticates new firmware so they could inject their own firmware with the worm.

"To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates," they wrote.

Stuxnet's silent successor?

Stuxnet, the destructive attack that sabotaged and ultimately damaged centrifuges in Iran's Natanz uranium-enrichment facility, met its demise and was outed when the self-propagating worm spread outside the facility to other windows machines.

A pair of researchers this year at Black Hat Europe in November demonstrated what they describe as a "silent" rootkit for the programmable logic controllers (PLCs) that control physical processes such as water and power in an industrial network. Researcher Ali Abbasi, a Ph.D. candidate in the distributed and embedded system security group at University of Twente, Netherlands, and Majid Hashemi, a system programmer and independent security researcher at the time of their research,say their rootkit, unlike Stuxnet, can't be detected. That's because their creation sits directly on the PLC, at the lower-level of the system in dynamic memory -- where it's less likely to be spotted.

Abbasi and Hashemi's PLC rootkit manipulates the PLC I/O process, so if a plant's parameters require that a gate be opened to relieve pressure if a boiler temperature reaches 80 degrees Celsius, the rootkit attack could manipulate the temperature values and cause the boiler to overheat and explode, according to Abbasi. He says that "in PLCs, the I/O operations are one of the most important tasks."

The attack basically exploits inherent security weaknesses in the PLC hardware.

Machines hacking machines (no human hacker required)

DARPA hosted one of the most intriguing contests at DEF CON this year: the first-ever all-machine Capture the Flag contest. Teams of researchers brought their hacking machines to the ring to go at it in a live forum against the contest's testbed of challenges as well as their opponents' machines.

The so-called Cyber Grand Challenge featured high-performance autonomous systems aka "cyber reasoning systems were tasked with finding and fixing security flaws in the contest's air-gapped network.

Seven teams associated mainly with various universities for 12 hours watched their machines reverse-engineer binary software, write new intrusion detection system signatures to protect themselves from opposing teams, and patch and defend their own machines.

A machine called "Mayhem" won and the team, which has ties to Carnegie Mellon University, took home a $2 million prize for their efforts.

In case you're wondering how the machines did: six of the seven machines patched the contest's SQL Slammer flaw/flag, and six of the seven did the same with Heartbleed all within a matter of minutes.

"This is a huge deal,” said "Visi," a white hat hacker who helped with the play-by-play commentary during the DEF CON contest. “In the past, patching these vulnerabilities took humans days and weeks of doing the work by hand."

An IoT security 'vigilante' writes a worm to infect and fix lame passwords.

Weak, default passwords are notoriously common among Internet of Things devices. The danger of these passwords became painfully obvious with the arrival of the Mirai botnet, a bot army of IoT devices used to wage distributed-denial-of service (DDoS) attacks against a DNS domain provider this year.

So Leo Linksy, a software engineer and researcher with network monitoring company PacketSled decided to take a more aggressive approach to securing All The Things: he wrote what he called an"anti-worm" wormthat hacks into IoT devices using their default crede

Viewing all articles
Browse latest Browse all 12749

Trending Articles