WOOT '19 Workshop Program

The software vulnerability landscape has changed dramatically over the past 20+ years. During this period, we’ve gone from easy-to-exploit stack buffer overruns to complex-and-expensive chains of multiple exploits. To better understand this evolution, this presentation will describe the vulnerability mitigation strategy Microsoft has been pursuing and will show how this strategy has influenced vulnerability and exploitation trends over time. This retrospective will form the basis for discussing some of the vulnerability mitigation challenges that exist today and the strategic shifts that Microsoft is exploring to address those challenges.

The development process of microcontroller firmware often involves multiple parties. In such a scenario, the Intellectual Property (IP) is not protected against adversarial developers which have unrestricted access to the firmware binary. For this reason, microcontroller manufacturers integrate eXecute-Only Memory (XOM) which shall prevent an unauthorized read-out of third-party firmware during development. The concept allows execution of code but disallows any read access to it. Our security analysis shows that this concept is insufficient for firmware protection due to the use of shared resources such as the CPU and SRAM. We present a method to infer instructions from observed state transitions in shared hardware. We demonstrate our method via an automatic recovery of protected firmware. We successfully performed experiments on devices from different manufacturers to confirm the practicability of our attack. Our research also reveals implementation flaws in some of the analyzed devices which enables an adversary to bypass the read-out restrictions. Altogether, the paper shows the insufficient security of the XOM concept as well as several implementations.

Touted as the buffer overflows of the age, Spectre and Meltdown have created significant interest around microarchitectural vulnerabilities and have been instrumental for the discovery of new classes of attacks. Yet, to-date, real-world exploits are rare since they often either require gadgets that are difficult to locate, or they require the ability of the attacker to inject code. In this work, we uncover two new classes of gadgets with very few restrictions on their structure, making them suitable for real-world exploitation. We demonstrate -- through PoCs -- their suitability to leak one bit and one byte respectively per successful attack, achieving high success rates and low noise on the constructed side-channel. We test our attack PoC on various kernels with default mitigations enabled, showing how they are insufficient to protect against them. We also show that hardening the configuration of mitigations successfully prevents exploitation, making a case for their wider adoption.

DARPA hosted the final event for the Cyber Grand Challenge (CGC) at DEF CON 24 (August 2016), culminating a multi-year effort undertaken by teams spanning academia, industry and government. The goal of the challenge was to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying the patches on a network in real time. The Challenge was a catalyst for advances in autonomous program analysis, patch synthesis, verification, and much more. Tools and data produced for the CGC continue to aid state of the art advances today. In this talk I'll provide a behind-the-scenes retrospective of DARPA’s CGC: designing challenges with the goal of advancing autonomous program analysis, hardening infrastructure and game mechanics to ensure agreement between game performance and program goals, data-mining the CGC Final Event (CFE) for televised stories, and the lasting impact of the Challenge. The views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.

Field-programmable gate arrays (FPGAs) are widely used in real-time, data-intensive, and mission critical system designs. In the space of trusted computing, FPGA-based security modules have appeared in a number of widely used security conscious devices. The Cisco Trust Anchor module (TAm) is one such example that is deployed in a significant number of enterprise network switches, routers, and firewalls. We discuss several novel direct FPGA bitstream manipulation techniques that exploit the relative simplicity of input and output pin configuration structures.

We present an analysis of the efficacy of Cisco TAm and discuss both the high-level architectural flaws of the TAm as well as implementation specific vulnerabilities in a TAm protected Cisco router. By combining techniques presented in this paper with other recent advancements in FPGA bitstream manipulation, we demonstrate the feasibility of reliable remote exploitation of all Cisco TAms implemented using Xilinx Spartan-6 FPGAs. The TAm exploit described in this paper allows the attacker to fully bypass all Trust Anchor functionality, including hardware-assisted secure boot, and to stealthily inject persistent malicious implants within both the TAm FPGA and the application processor. Lastly, we discuss the applicability of our bitstream manipulation techniques to other FPGA-based devices and propose several practical mitigations.

With the advent of robot vacuum cleaners, mobile sensing platforms entered millions of homes. These gadgets not only put "eyes and ears" into formerly private spaces, but also communicate gathered information into the cloud. Furthermore, they reside inside the customer's local network. Hence, they are a prime target for attacks and if compromised become a privacy and security nightmare. Vendors are aware of robots being a target of interest; they employ various security mechanisms against tampering with devices and recorded data in the cloud.

In this paper, the Neato BotVac Connected and Vorwerk Kobold VR300 ecosystems are analyzed and the robot firmware is reverse engineered. To achieve the latter, a technique to bypass the devices' secure boot process is presented revealing the firmware, which is then dissected to evaluate device-specific secret key generation and to trace vulnerabilities. We present flaws in the secret key generation and provide insight on the occurrence and exploitation of a buffer overflow, which give an attacker complete control not only in the local network but also via the robots' cloud interface. Eventually, multiple attacks based on the findings are described and security implications are discussed. We shared our findings with the vendors, who further increased their otherwise commendable security mechanisms, and hope more vendors can take away valuable lessons from this highly complex Internet of Things (IoT) ecosystem.

We show how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

VMware ESXi is an enterprise-class, bare-metal hypervisor dedicated to providing the state-of-the-art private-cloud infrastructures. Accordingly, the design and implementation of ESXi is of our community’s interest, yet lacking a thorough evaluation of its security internals. In this paper, we give a comprehensive analysis of the guest-to-host attack surfaces of ESXi and its recent security mitigation (i.e., the vSphere sandbox). In particular, we introduce an effective and reliable approach to chain multiple vulnerabilities for exploitation and demonstrate our approach by leveraging two new bugs (i.e., uninitialized stack usages), namely, CVE-2018-6981 and CVE-2018-6982. Our exploit chain is the first public demonstration of a virtual machine escape against VMware ESXi.

EOS is a popular cryptocurrency, whose market cap is over seven billion USD. Its ecosystem operates in the EOS.IO system, which is devised to speed up the slow transaction rate of previous blockchain technologies. Whereas many previous studies have investigated the security issues of Bitcoin and Ethereum, the security of EOS.IO has thus far drawn little attention despite its popularity. Even the studies that have addressed the security of EOS and its underlying blockchain system mostly focused on implementational bugs in the core of the EOS.IO system or in smart contracts, rather than addressing the fundamental problems stemming from the EOS.IO design.

To address this void in the previous literature, we investigate the design architecture of EOS.IO. Based on this investigation, we introduce four attacks whose root causes stem from the unique characteristics of EOS.IO, including intentionally slowing down the block creation time—which can disrupt the essential functions of its blockchain and incapacitate the entire EOS.IO system. In addition, we find that an adversary can partially freeze the execution of a target smart contract or maliciously consume all the resources of a target user with crafted requests. We report all the identified threats to the EOS.IO foundation, one of which is confirmed to be fatal. Finally, we discuss possible mitigations against the proposed attacks.

Electromagnetic Fault Injection (EMFI) allows generation of faults in a target device without needing to physically modify the target. This paper uses EMFI to recover secret data from two devices without opening the enclosure of the devices, making the attack possible without leaving any physical evidence. This is demonstrated on two devices: a Trezor bitcoin wallet and a Solo Key open-source FIDO2 authentication key.

The specific vulnerable code attacked with EMFI is part of the USB stack. The attack allows a host-provided value of wLength to be used in reading back up to 64~Kbyte of memory from the target device. Examples of this vulnerability are given for three popular general-purpose RTOSes.

To assist with evaluation of this attack, the open-source PhyWhisperer-USB hardware is also introduced. This tool provides hardware USB decoding and pattern matching to allow cycle-accurate fault injection timing.