Rooting Routers Using Symbolic Execution presented at IT-DefenseStuttgart 2019

by Mathy Vanhoef,

Summary : This talk explains how we discovered various vulnerabilities in implementations of WPA2’s 4-way handshake. This was accomplished by symbolically executing implementations using KLEE. First I will give a high level explanation of what symbolic execution does. This is followed by an overview of the vulnerabilities it discovered. Additionally, I will demonstrate how one of the discovered buffer overflows leads to remote code execution on a router (as the root user), and how another vulnerability can be abused as a decryption oracle to recover the group key used in a Wi-Fi network. Hacking vein detectors: the fall of the last biometric system StarbugN/AN/AVein detection systems have been used for decades, mainly in Asia. So far, no serious attempts to compromise these vein detectors have been known of. While this is certainly due to the legend of being highly secure, above all it can be attributed to the invisible features located inside our body.This presentation will show how little effort is necessary to obtain these “hidden” vein images and how they can be used to build dummies in order to bypass the systems of the two major manufacturers.News on Spectre, Meltdown and the like – systematization of x86 processor security – Philipp Koppe & Benjamin KollendaCommercially available x86 processors are an essential component of the trusted computing base in millions of devices. At the same time, the processors’ enormous (and still increasing) complexity leads to errors and sometimes also to exploitable vulnerabilities. This presentation introduces particularly security-critical processor components and how they can be attacked, points out the characteristics of these attacks and concludes what they imply. In doing so, we look at Intel ME (Intel Management Engine), SGX (Software Guard Extensions), cloud-cache attacks and the latest varieties of Spectre & Meltdown. Finally, we will present the defense mechanisms available in each case as well as their security guarantees and effects.