Lawsuit counterproductive for automotive industry
It came to my attention that there is a lawsuit attempting to seek damages against automakers revolving around their cars being hackable. The lawsuit cites Dr. Charlie Miller’s and my work several times, along with several other researchers who have been involved in automotive security research. I’d like to be the first to say that I think this lawsuit is unfortunate and subverts the spirit of our research. Charlie and I approached our work with the end goals of determining if technologically advanced cars could be controlled with CAN messages…
Life in the Fast Lane
Hi Internet Friends, Chris Valasek here. You may remember me from educational films such as “Two Minus Three Equals Negative Fun”. If you have not heard, IOActive officially launched our Vehicle Security Service offering. I’ve received several questions about the service and plan to answer them and many more during a webinar I am hosting on February 5, 2015 at 11 AM EST. Some of the main talking points include: Why dedicate an entire service offering to vehicles and transportation? A brief history of vehicle security research and why…
X Font Service Protocol Handling Issues in libXfont Library
Ilja van Sprundel, an IOActive security researcher, discovered several issues in the way the libXfont library handles the responses it receives from XFS servers. Mr. van Sprundel has worked with X.Org’s security team to analyze, confirm, and fix these issues. Most of these issues stem from libXfont trusting the font server to send valid protocol data and not verifying that the values will not overflow or cause other damage. This code is commonly called from the X server when an X Font Server is active in the font path, so…
Die Laughing from a Billion Laughs
Recursion is the process of repeating items in a self-similar way, and that’s what the XML Entity Expansion (XEE)[1] is about: a small string is referenced a huge number of times. Technology standards sometimes include features that affect the security of applications. Amit Klein found in 2002 that XML entities could be used to make parsers consume an unlimited amount of resources and then crash, which is called a billion laughs attack. When the XML parser tries to resolve, the external entities that are included cause the application to start…
ELF Parsing Bugs by Example with Melkor Fuzzer
Too often the development community continues to blindly trust the metadata in Executable and Linking Format (ELF) files. In this paper, Alejandro Hernández walks you through the testing process for seven applications and reveals the bugs that he found. He performed the tests using Melkor, a file format fuzzer he wrote specifically for ELF files. Introduction The ELF file format, like any other file format, is an array of bits and bytes interconnected through data structures. When interpreted by an ELF parser, an ELF file makes sense, depending upon…
Facebook Access Token Sent in Plaintext
Attackers can steal Facebook access tokens to impersonate Facebook users and perform malicious actions that include, but are not limited to, posting content on behalf of users and accessing friend lists.
Bad Crypto 101
This post is part of a series about bad cryptography usage . We all rely heavily on cryptographic algorithms for data confidentiality and integrity, and although most commonly used algorithms are secure, they need to be used carefully and correctly. Just as holding a hammer backwards won’t yield the expected result, using cryptography badly won’t yield the expected results either. To refresh my Android skillset, I decided to take apart a few Android applications that offer to encrypt personal files and protect them from prying eyes. I headed off to…
OpenBSD ≤ 5.5 Local Kernel Panic
A non-privileged use could cause a local Denial-of-Service (DoS) condition by triggering a kernel panic through a malformed ELF executable.
Vicious POODLE Finally Kills SSL
The poodle must be the most vicious dog, because it has killed SSL. POODLE is the latest in a rather lengthy string of vulnerabilities in SSL (Secure Socket Layer) and a more recent protocol, TLS (Transport layer Security). Both protocols secure data that is being sent between applications to prevent eavesdropping, tampering, and message forgery. POODLE (Padding Oracle On Downgraded Legacy Encryption) rings the death knell for our 18-year-old friend SSL version 3.0 (SSLv3), because at this point, there is no truly safe way to continue using it. Google…
A Dirty Distillation of Proposed V2V Readiness
Good Afternoon Internet, Chris Valasek here. You may remember me from such automated information kiosks as “Welcome to Springfield Airport”, and “Where’s Nordstrom?” Ever since Dr. Charlie Miller and I began our car hacking adventures, we’ve been asked about the upcoming Vehicle-to-Vehicle (V2V) initiative and haven’t had much to say because we only knew about the technology in the abstract. I finally decided to read the proposed documentation from the National Highway Traffic Safety Administration (NHTSA) titled: “Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application” (https://www.ioactive.com/wp-content/uploads/2014/09/Readiness-of-V2V-Technology-for-Application-812014.pdf). This is my…