CSW2017 Mickey+maggie low cost radio attacks on modern platforms

23
Low cost radio wave attacks on modern platforms Mickey Shkatov Maggie Jauregui

Transcript of CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Page 1: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Lowcostradiowaveattacksonmodernplatforms

MickeyShkatovMaggieJauregui

Page 2: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Intros

>MaggieJauregui@MagsJauregui>MickeyShkatov@HackingThings

Page 3: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Backstory–DC22

Page 4: CSW2017 Mickey+maggie low cost radio attacks on modern platforms
Page 5: CSW2017 Mickey+maggie low cost radio attacks on modern platforms
Page 6: CSW2017 Mickey+maggie low cost radio attacks on modern platforms
Page 7: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

“Itworks,Idon’tknowwhy”

-Hackerseverywhere

Page 8: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

EMIPreviouswork

>Mainlypassive...

>Sniffingcryptokeysacrosswallsorperformingside channelattacks

https://motherboard.vice.com/en_us/article/how-white-hat-hackers-stole-crypto-keys-from-an-offline-laptop-in-another-room

>FMSignalsandCellPhonesCanbeUsedtoSteal Data https://aabgu.org/fm-signals-cell-phones-can-used-steal-data/>LunchboxGlitchingforfun&noprofit https://depletionmode.com/2015/11/05/lunchbox-glitching-for-fun-non-profit/

Page 9: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Demos

Page 10: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

i.PowerSurge

Page 11: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

PowerSurge

Page 12: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

>ASUSDIGI+VRMEPU>ASUSTPU

PowerSurge

Page 13: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

>Tmpsensors[OSvsBIOS]>CPU>System

>Fanspeed>CPUcorevoltage

ii.Sensorcorruption/fanspeed

Page 14: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Incaseyoumissedit…

Page 15: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Sensorcorruption/fanspeed

Page 16: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Sensorcorruption/fanspeed

Page 17: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

>Back-upvideo

Sensorcorruption

Page 18: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

iii.Poweringmotherboardcomponents

Page 19: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Potentialimpact</punintended>

>RNG?>FireHazard>Memorycorruption>PDOS:FryCPU/components>Targetedglitchingattacks>Controlovercapacitanceinputsystems<wip>>RemoteattacksviaKVM>HWImplants

Page 20: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Mitigations

>FCallthethings!>Non-windowedchassis

>EMshielding.Don’tcheapouton...>Powersupplies>Motherboards-Voltageregulators

>Built-infaulttolerance

Page 21: CSW2017 Mickey+maggie low cost radio attacks on modern platforms
Page 22: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

Backup…

Page 23: CSW2017 Mickey+maggie low cost radio attacks on modern platforms

iv.Bonusdemo:BSOD


Maggie Verster @ maggie v

Maggie Verster @ maggie v

Cartucho Mickey

Cartucho Mickey

Amizade mickey

Amizade mickey

CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark

CSW2017 Peng qiu+shefang-zhong win32k -dark_composition_finnal_finnal_rm_mark

Mickey atraves dos seculos ptxxxx mickey e merlin (1982)

Mickey atraves dos seculos ptxxxx mickey e merlin (1982)

Maggie goes to Yezidi - Maggie Program

Maggie goes to Yezidi - Maggie Program

CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day

CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day

Pocketsize mickey and donald manhole mickey mouse mcf

Pocketsize mickey and donald manhole mickey mouse mcf

Delahoyde, Maggie From: Delahoyde Maggie Sent: Tuesday ...

Delahoyde, Maggie From: Delahoyde Maggie Sent: Tuesday ...

Mickey mouse

Mickey mouse

CSW2017 jun li_car anomaly detection

CSW2017 jun li_car anomaly detection

Maggie Verster ICT4Champions.co.za school2.co.za @ maggie v

Maggie Verster ICT4Champions.co.za school2.co.za @ maggie v

Mickey Lee

Mickey Lee

CSW2017 Weston miller csw17_mitigating_native_remote_code_execution

CSW2017 Weston miller csw17_mitigating_native_remote_code_execution

Mickey Chiu

Mickey Chiu

CSW2017 Harri hursti csw17 final

CSW2017 Harri hursti csw17 final

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security

CSW2017 Enrico branca What if encrypted communications are not as secure as we think?

CSW2017 Enrico branca What if encrypted communications are not as secure as we think?

CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cybersecurity

CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cybersecurity

Mickey Lahmann

Mickey Lahmann