February 20th, 2008

Black Hat, Day 1: Cracking GSM and skimming ATMs

Posted by Nathan McFeters @ 5:40 pm

Categories: Black Hat, Data theft, Exploit code, Hackers, Responsible disclosure, Uncategorized, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Black Hat, FPGA, GSM, Phishing, ATM, Cyberthreats, Network Technology, Spam, Networking, Security

Day 1 at Black Hat brought some outstanding talks. The day started off with David Hulton (aka h1kari, also the producer of ToorCon) and Steve (from THC), who presented on “Cracking GSM”. It was quite interesting due to the tie-in that David has with Pico and their use of FPGAs (Field Programmable Gate Array).

Basically, they were able to capture GSM traffic — the traffic most of our cell phones use — and decrypt that traffic. They reverse-engineered the encryption process and then used the FPGAs to increase the speed of the whole process by an amazing amount. I don’t have the exact numbers, but let’s just say it went from impossible to potentially done in 30 seconds. As always, David is brilliant. The talk, while complex, was easy to follow and understand and the audience had some great questions.

The next talk I watched was a presentation by my good friends Billy Rios and Nitesh Dhanjani called “Bad Sushi”. I have to say that this was the best talk of the whole day — completely unique and untouched upon by previous research. Basically they were able to track down phisher’s and paint a picture of the ecosystem and economy that drives phishing. It was unbelievable the lack of sophistication used in a majority of these attacks, yet they are still so successful. This seems to be contrary to the corporate belief that phishers are elite hackers with hardcore ninja hacking skills. They also moved into a process called ATM skimming whereby people retrofit ATM machines with their own hardware that is actually able to capture card swipes and pin entries, while still maintaining the functionality of the original ATM device. This was unbelievable to see, and I honestly believe I’ll never use an ATM machine again. Also of note, it was clear that phishing is not really the major concern; identity theft is the concern, and the people exploiting this are using any means possible.

Rob Carter and I followed up the “Bad Sushi” talk with our talk on “URI Use and Abuse”. More of the same research you’ve seen us talk about over the last year with a fresh set of vulnerabilities including a format string flaw on the Mac OS X. I won’t elaborate much and toot my own horn, but the talk went really well and the audience seemed to be entertained and engaged. I can’t begin to mention how much of an honor it was to speak at Black Hat again. I can remember saying when I was younger that if I ever spoke at Black Hat, I’d know that I had made it in the security world, right after watching David Litchfield present at my first ever Black Hat. Today, we delivered our presentation while Litchfield was in the next room talking about Oracle security — a bit of a surreal experience really.

That’s all for today and I’m off to the bar to celebrate a great day!

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.