WOOT '24 Technical Sessions

Monday, August 12

8:00 am–9:00 am

Continental Breakfast

9:00 am–9:15 am

Opening Remarks and Awards

Program Co-Chairs: Adam Doupé, Arizona State University; Alyssa Milburn, Intel

9:15 am–10:15 am

Keynote Address

Title TBA

Perri Adams, DARPA

Perri Adams, DARPA

Ms. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.

Prior to this role, Adams was a program manager within DARPA's Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC). Previously, she was also a technical advisor for research and development programs at DARPA.

Before joining the agency, she supported various U.S. government customers, including other parts of the Department of Defense, while at Boeing and Two Six Technologies.

A frequent speaker on both technical and cyber policy issues, her written work has been published by Lawfare and the Council on Foreign Relations. She has also advised and collaborated with think tanks such as the Carnegie Endowment for International Peace and Georgetown's Center for Security and Emerging Technology.

For years, Adams has been an avid participant in cybersecurity Capture the Flag (CTF) competitions and was one of the organizers of the DEF CON CTF, the world's premier hacking competition. Adams holds a Bachelor of Science degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.

10:15 am–10:45 am

Break with Refreshments

10:45 am–12:00 pm

Practitioners at Work

Achilles Heel in Secure Boot: Breaking RSA Authentication and Bitstream Recovery from Zynq-7000 SoC

Prasanna Ravi and Arpan Jati, Temasek Laboratories, Nanyang Technological University, Singapore; Shivam Bhasin, National Integrated Centre for Evaluation (NiCE), Nanyang Technological University, Singapore

Secure boot forms the backbone of trusted computing by ensuring that only authenticated software is executed on the designated platform. However, implementation of secure boot can have flaws leading to critical exploits. In this paper, we highlight a critical vulnerability in open source First Stage Boot Loader (FSBL) of AMD-Xilinx’s flagship Zynq-7000 System on Chip (SoC) solution for embedded devices. The discovered vulnerability acts as a ‘single point of failure’ allowing complete bypass of the underlying bypass RSA authentication during secure boot. As a result, a malicious actor can take complete control of the device and run unauthenticated/malicious applications. We demonstrate an exploit using the discovered vulnerability in form of first practical ‘Starbleed’ attacks on Zynq-7000 devices to recover the decrypted bitstream from an encrypted (using AES-256) boot image. The identified flaw has existed in the secure-boot software for more than 10 years. The vulnerability was responsibly disclosed to the vendor under CVE 2022/23822. The vendor thereafter patched the FSBL software and issued a design advisory. Our work therefore motivates the need towards rigorous security evaluation tools to test for such trivial security vulnerabilities in software.

WhatsApp with privacy? Privacy issues with IM E2EE in the Multi-device setting

Tal A. Be'ery, Zengo

We recently discovered a privacy issue with Meta’s WhatsApp, the world’s most popular Instant Messaging (IM) application. Meta’s WhatsApp suffers from a privacy issue that leaks the victims’ device setup information (mobile device + up to 4 linked devices) to any user, even if blocked and not in contacts. Monitoring this information over time allows potential attackers to gather actionable intelligence about victims and their device changes (device replaced/ added /removed). Additionally, message recipients can associate the message with the specific sender device that sent it. The root cause for these issues stems from Signal’s multi device protocol architecture, the Sesame protocol, and as a result these issues are not limited to Meta’s WhatsApp only but probably relevant to most IM solutions, including the privacy-oriented Signal Messenger.

Introduction to Procedural Debugging through Binary Libification

Jonathan Brossard, Conservatoire National des Arts et Métiers, Paris

Assessing the existence, exact impact and exploitability of a known (or theoretical) memory corruption vulnerability in an arbitrary piece of compiled software has arguably not become simpler. The current methodology essentially boils down to writing an exploit - or at least a trigger - for each potential vulnerability. Writing an exploit for a weird machine involves several undecidable steps, starting with overcoming the reachability problem. In this article, we introduce the notions of "libification" and "procedural debugging" to facilitate partial debugging of binaries at the procedural level. These techniques allow the transformation of arbitrary dynamically linked ELF binaries into shared libraries, and the study of memory corruption bugs by directly calling the vulnerable functions, hence separating the memory corruption intraprocedural analysis from the reachability problem. Finally, we publish a framework to implement such a libification under a permissive open-source license to facilitate its adoption within the security community.

12:00 pm–1:30 pm

Lunch

1:30 pm–2:45 pm

Security Can Be Tricky

The Power of Words: Generating PowerShell Attacks from Natural Language

Pietro Liguori, Christian Marescalco, Roberto Natella, Vittorio Orbinato, and Luciano Pianese, DIETI, Università degli Studi di Napoli Federico II

As the Windows OS stands out as one of the most targeted systems, the \textit{PowerShell} language has become a key tool for malicious actors and cybersecurity professionals (e.g., for penetration testing). This work explores an uncharted domain in AI code generation by automatically generating offensive PowerShell code from natural language descriptions using Neural Machine Translation (NMT). For training and evaluation purposes, we propose two novel datasets with PowerShell code samples, one with manually curated descriptions in natural language and another code-only dataset for reinforcing the training. We present an extensive evaluation of state-of-the-art NMT models and analyze the generated code both statically and dynamically. Results indicate that tuning NMT using our dataset is effective at generating offensive PowerShell code. Comparative analysis against the most widely used LLM service ChatGPT reveals the specialized strengths of our fine-tuned models.

Attacking with Something That Does Not Exist: 'Proof of Non-Existence' Can Exhaust DNS Resolver CPU

Olivia Gruza, Elias Heftrig, Oliver Jacobsen, Haya Schulmann, and Niklas Vogel, National Research Center for Applied Cybersecurity ATHENE, Goethe-Universität Frankfurt; Michael Waidner, National Research Center for Applied Cybersecurity ATHENE, Technische Universität Darmstadt, Fraunhofer Institute for Secure Information Technology SIT

NSEC3 is a proof of non-existence in DNSSEC, which provides an authenticated assertion that a queried resource does not exist in the target domain. NSEC3 consists of alphabetically sorted hashed names before and after the queried hostname. To make dictionary attacks harder, the hash function can be applied in multiple iterations, which however also increases the load on the DNS resolver during the computation of the SHA-1 hashes in NSEC3 records. Concerns about the load created by the computation of NSEC3 records on the DNS resolvers were already considered in the NSEC3 specifications RFC5155 and RFC9276. In February 2024, the potential of NSEC3 to exhaust DNS resolvers’ resources was assigned a CVE-2023-50868, confirming that extra iterations of NSEC3 created substantial load. However, there is no published evaluation of the attack and the impact of the attack on the resolvers was not clarified.

In this work we perform the first evaluation of the NSEC3-encloser attack against DNS resolver implementations and find that the NSEC3-encloser attack can still create a 72x increase in CPU instruction count, despite the victim resolver following RFC5155 recommendations in limiting hash iteration counts. The impact of the attack varies across the different DNS resolvers, but we show that with a sufficient volume of DNS packets the attack can increase CPU load and cause packet loss. We find that at a rate of 150 malicious NSEC3 records per second, depending on the DNS implementation, the loss rate of benign DNS requests varies between 2.7% and 30%. We provide a detailed description and implementation of the NSEC3-encloser attack. We also develop the first analysis how each NSEC3 parameter impacts the load inflicted on the victim resolver during NSEC3-encloser attack.

We make the code of our NSEC3-encloser attack implementation along with the zonefile and the evaluation data available for public use: https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack.

Amplifying Threats: The Role of Multi-Sender Coordination in SMS-Timing-Based Location Inference Attacks

Evangelos Bitsikas, Northeastern University; Theodor Schnitzler, Research Center Trustworthy Data Science and Security, Maastricht University; Christina Pöpper, New York University Abu Dhabi; Aanjhan Ranganathan, Northeastern University

SMS-timing-based location inference attacks leverage timing side channels to ascertain a target’s location. Prior work has primarily relied on a single-sender approach, employing only one SMS attacker from a specific location to infer the victim’s whereabouts. However, this method exhibits several drawbacks. In this research, we systematically enumerate the limitations of the single-sender approach, which prompted us to explore a multi-sender strategy. Our investigation delves into the feasibility of an attacker employing multiple SMS senders towards a victim to address these limitations and introduces novel features to bolster prediction accuracy. Through exhaustive experimentation, we demonstrate that strategically positioned multiple SMS senders significantly enhance the location-inference accuracy, achieving a 142% improvement for four distinct classes of potential victim locations. This work further highlights the need to develop mitigations against SMS-timing-based location inference attacks.

2:45 pm–3:15 pm

Break with Refreshments

3:15 pm–4:30 pm

Embedded Security

Engineering a backdoored bitcoin wallet

Adam Scott and Sean Andersen, Block, Inc

Here we describe a backdoored bitcoin hardware wallet. This wallet is a fully-functional hardware wallet, yet it implements an extra, evil functionality: the wallet owner unknowingly leaks the private seed to the attacker through a few valid bitcoin transactions. The seed is leaked exclusively through the ECDSA signatures. To steal funds, the attacker just needs to tap into the public blockchain. The attacker does not need to know (or control) any detail about the wallet deployment (such as where in the world the wallet is, or who is using it). The backdoored wallet behavior is indistinguishable from the input-output behavior of a non-backdoored hardware wallet (meaning that it is impossible to discern non-backdoored signatures from backdoored ones, and backdoored signatures are as valid and just “work” as well as regular, non-backdoored ones). The backdoor does not need to be present at wallet initialization time; it can be implanted before or after key generation (this means the backdoor can be distributed as a firmware update, and is compatible with existing bitcoin wallets). We showcase the feasibility of the backdoored wallet by providing an end-to-end implementation on the bitcoin testnet network. We leak an entire 256-bit seed in 10 signatures, and only need modest computational resources to recover the seed.

Oh No, My RAN! Breaking Into an O-RAN 5G Indoor Base Station

Leon Janzen and Lucas Becker, Technical University of Darmstadt (TUDa); Colin Wiesenäcker, Technical University of Darmstadt, Germany; Matthias Hollick, Technical University of Darmstadt (TUDa)

Indoor base stations are expected to play a crucial role in 5G and beyond, as they are required to provide millimeter wave connectivity in buildings. However, they are a prime target for attacks, as they are difficult to secure against physical access attacks and highly connected within the RAN, especially for Open Radio Access Network (O-RAN) indoor base stations. In this work, we develop and introduce a threat model for indoor base stations. We conduct a security analysis of a proprietary O-RAN Radio Unit and present four novel vulnerabilities. Further, we analyze the Radio Unit regarding its hardware, software, and services, highlighting deviations from the O-RAN standards. The vulnerabilities we discover lead to remote code execution on the Radio Unit, highlighting security issues arising from the novel attack surface introduced by indoor base stations.

Tuesday, August 13

8:00 am–9:00 am

Continental Breakfast

9:00 am–10:15 am

Hardware Security

RIPencapsulation: Defeating IP Encapsulation on TI MSP Devices

Prakhar Sah and Matthew Hicks, Virginia Tech

Internet of Things (IoT) devices sit at the intersection of unwieldy software complexity and unprecedented attacker access. This unique position comes with a daunting security challenge: how can we protect both proprietary code and confidential data on a device that the attacker has unfettered access to? Trusted Execution Environments (TEEs) promise to solve this challenge through hardware-based separation of trusted and untrusted computation and data. While TEEs do an adequate job of protecting secrets on desktop-class devices, we reveal that trade-offs made in two of the most widely-used commercial IoT devices undermine their security.

This paper uncovers two fundamental weaknesses in IP Encapsulation (IPE), the TEE deployed by Texas Instruments for MSP430 and MSP432 devices. We observe that lack of call site enforcement and residual state after unexpected TEE exits enable an attacker to reveal all proprietary code and secret data within the IPE. We design and implement an attack called RIPencapsulation, which systematically executes portions of code within the IPE and uses the partial state revealed through the register file to exfiltrate secret data and to identify gadget instructions. The attack then uses gadget instructions to reveal all proprietary code within the IPE. Experiments with commodity devices and a production compiler show that—even after following all manufacturer secure coding practices—RIPencapsulation reveals, within minutes, both the code and keys from third-party cryptographic software, as well as allowing unrestricted writes to TEE memory.

Reverse Engineering the Eufy Ecosystem: A Deep Dive into Security Vulnerabilities and Proprietary Protocols

Victor Goeman, Dairo de Ruck, Tom Cordemans, Jorn Lapon, and Vincent Naessens, DistriNet, KU Leuven

This paper is currently under embargo, but the paper abstract is available now. The final paper PDF will be available on the first day of the conference.

The security of Internet-of-Things (IoT) is a growing concern, with IP cameras like those from Eufy promising robust security through military-grade encryption. While Eufy's claims are strong, independent verification of these claims is crucial to confirm the integrity and resilience of its systems against potential vulnerabilities and extend the lessons learned to the broader IoT landscape, ensuring practices keep pace with technological advancements.

We unveiled the inner workings and security measures in the Eufy ecosystem through reverse engineering, particularly focusing on its smart doorbell and Homebase, and evaluated the proprietary peer-to-peer protocol and encryption methods.

This paper offers a comprehensive analysis of the Eufy ecosystem, offering insights into the broader implications of IoT device security. Our investigation revealed critical vulnerabilities within the ecosystem, which were responsibly disclosed and confirmed by Eufy. The vulnerabilities could compromise end-user privacy by allowing unauthorized access to the end users' private network within seconds. A key tool in our research was dAngr, a symbolic debugger we developed to facilitate the reconstruction of encryption keys in intricate cross-architecture binaries, thus enabling a more efficient reverse engineering process.

The research revealed vulnerabilities in Eufy's ecosystem, leading to serious privacy and security concerns, and suggests effective countermeasures, stressing the need for continued vigilance in IoT device security.

SoK: Where’s the “up”?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems

Xi Tan and Zheyuan Ma, CactiLab, University at Buffalo; Sandro Pinto, Universidade do Minho; Le Guan, University of Georgia; Ning Zhang, Washington University in St. Louis; Jun Xu, The University of Utah; Zhiqiang Lin, Ohio State University; Hongxin Hu, University at Buffalo; Ziming Zhao, CactiLab, University at Buffalo

Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices. Despite the widespread usage, there has been little effort in summarizing their hardware security features, characterizing the limitations and vulnerabilities of their hardware and software stack, and systematizing the research on securing these systems. The goals and contributions of this paper are multi-fold. First, we analyze the hardware security limitations and issues of Cortex-M systems. Second, we conducted a deep study of the software stack designed for Cortex-M and revealed its limitations, which is accompanied by an empirical analysis of 1,797 real-world firmware. Third, we categorize the reported bugs in Cortex-M software systems. Finally, we systematize the efforts that aim at securing Cortex-M systems and evaluate them in terms of the protections they offer, runtime performance, required hardware features, etc. Based on the insights, we develop a set of recommendations for the research community and MCU software developers.

10:15 am–10:45 am

Break with Refreshments

10:45 am–12:00 pm

Memory Corruption Is a Solved Problem

Not Quite Write: On the Effectiveness of Store-Only Bounds Checking

Adriaan Jacobs and Stijn Volckaert, DistriNet, KU Leuven

Compiler-based memory safety enforcement for unsafe C/C++ code has historically suffered from prohibitively high overhead. Despite regular advances in compiler optimization and increasing hardware resources and hardware support, most applications require too many checks to guarantee complete memory safety at an acceptable performance level. Consequently, researchers often propose relaxed policies where not all memory accesses undergo equally rigorous checking. One common suggestion is to omit pointer validity checks for memory loads. This omission significantly reduces the number of necessary checks and, thus, overhead. Moreover, it should \emph{only} sacrifice the detection of pure information disclosure vulnerabilities through invalid reads, which are left unchecked.

This work challenges the perceived security benefits of store-only bounds checking. We show that invalid reads often suffice to take control of memory writes and bypass store-only validity checks. We empirically demonstrate the problem on SoftBound and qualitatively analyze the impact on a broad scope of other work. We also perform a large-scale evaluation on 1,000 popular C/C++ repositories and show that real-world code readily satisfies the necessary preconditions for store-only bypasses. Finally, we briefly discuss possible defenses and adaptations that let complete bounds checkers regain a part of the store-only overhead reduction potential without dramatically losing security.

SoK: On the Effectiveness of Control-Flow Integrity in Practice

Lucas Becker and Matthias Hollick, Technical University of Darmstadt; Jiska Classen, Hasso Plattner Institute, University of Potsdam

Complex programs written in memory-unsafe languages tend to contain memory corruption bugs. Adversaries commonly employ code-reuse attacks to exploit these bugs. Control-flow Integrity (CFI) enforcement schemes try to prevent such attacks from achieving arbitrary code execution. Developers can apply these schemes to existing code bases by setting compiler flags, requiring less effort than rewriting code in memory-safe languages. Although many works propose CFI schemes and attacks against them, they paid little attention to schemes deployed to end-users. We provide a systematic categorization and overview of actively used CFI solutions. We then conduct a large-scale binary analysis on 33 Android images of seven vendors and two Windows builds for different hardware architectures to study CFI utilization in practice. We analyzed over 77,000 files on the Android images. We found that depending on the variant, up to 94% of binaries and 93% of libraries are unprotected. All analyzed binaries depend on unprotected libraries, therefore rendering CFI enforcement ineffective. Further, we look at the development of CFI coverage over time on Android and find it stagnating. CFI roll-out is closer to complete on the Windows builds, but not all files are protected yet (2.63% unprotected). Consequently, our results show that the adoption of CFI protection is lacking, putting devices at risk. Additionally, our results highlight a large gap between the state of the art in research and the reality of deployed systems.

Exploiting Android’s Hardened Memory Allocator

Philipp Mao, Elias Valentin Boschung, Marcel Busch, and Mathias Payer, EPFL

Most memory corruptions occur on the heap. To harden userspace applications and prevent heap-based exploitation, Google has developed Scudo. Since Android 11, Scudo has replaced jemalloc as the default heap implementation for all native code on Android. Scudo mitigates exploitation attempts of common heap vulnerabilities.

We present an in-depth study of the security of Scudo on Android by analyzing Scudo’s internals and systematizing Scudo’s security measures. Based on these insights we construct two new exploitation techniques that ultimately trick Scudo into allocating a chunk at an attacker’s chosen address. These techniques demonstrate — given adequate memory corruption primitives — that an attacker can leverage Scudo to gain arbitrary memory write. To showcase the practicality of our findings, we backport an n-day vulnerability to Android 14 and use it to exploit the Android system server.

Our exploitation techniques can be used to target any application using the Scudo allocator. While one of our techniques is fixed in newer Scudo versions, the second technique will stay applicable as it is based on how Scudo handles larger chunks.

12:00 pm–1:30 pm

Lunch

1:30 pm–2:45 pm

Physical Attacks

Breaking Espressif’s ESP32 V3: Program Counter Control with Computed Values using Fault Injection

Jeroen Delvaux, Technology Innovation Institute; Cristofaro Mune, Raelize; Mario Romero, Technology Innovation Institute; Niek Timmers, Raelize

Espressif introduced the ESP32 V3, a low-cost System-on-Chip (SoC) with wireless connectivity, as a response to earlier hardware revisions that were susceptible to Fault Injection (FI) attacks. Despite its FI countermeasures, we are the first to bypass all security features of the ESP32 V3 with an FI attack, including Secure Boot and Flash Encryption. First, we alter encrypted flash contents to set the 32-bit outcome of a Cyclic Redundancy Check (CRC) on the bootloader signature to an arbitrary value, which we then load into the Program Counter (PC) register of the Central Processing Unit (CPU) using a single Electromagnetic (EM) glitch. This allows us to jump to Download Mode in Read-Only Memory (ROM), which provides arbitrary code execution and access to unencrypted flash contents. As far as we know, this is the first successful FI attack, bypassing both Secure Boot and Flash Encryption with a single glitch, on a target with FI countermeasures. As the vulnerabilities are in hardware, they cannot be fixed, and a new hardware revision would be required. In response to our findings, Espressif issued a Security Advisory, AR2023-005, and requested a Common Vulnerabilities and Exposures (CVE) identifier, CVE-2023-35818.

Basilisk: Remote Code Execution by Laser Excitation of P–N Junctions Without Insider Assistance

Joe Loughry, Netoir.com; Kasper Rasmussen, University of Oxford

Inadvertent photosensitivity of P--N junctions has been known for a long time, but most of the attacks that have been demonstrated are covert channels, requiring an adversarial presence on the device. We show not only how it is possible for an external attacker to bias a P--N junction with a low power laser, without any kind of insider assistance, but also how this kind of attack can be used to perform logic level attacks on the target device and thus interfere with the device's operation. The technique requires precision but is feasible in practice with off the shelf hardware, as long as the attacker has a line of sight to the target. It can result in attacks that include crashing a computer, change memory contents, alter the instruction stream of a running program, alter messages on a shared communication bus, insert new messages, or prevent communication. Most of these attacks have never been demonstrated before without insider assistance. We demonstrate that under the right circumstances the attack can lead to arbitrary code execution on the target device. We show a working proof of concept including remote code execution, and quantitative measurements leading to testable predictions. Mitigation of this vulnerability is challenging and countermeasures will in most cases require hardware changes.

SOK: 3D Printer Firmware Attacks on Fused Filament Fabrication

Muhammad Haris Rais, Virginia State University; Muhammad Ahsan and Irfan Ahmed, Virginia Commonwealth University

The globalized nature of modern supply chains facilitates hostile actors to install malicious firmware in 3D printers. A worm similar to Stuxnet could stealthily infiltrate a printer farm used for military drones, resulting in the production of batches with a variety of defects. While cybersecurity researchers have extensively delved into the designing and slicing stages of the printing process and explored physical side channels for offensive and defensive research, the domain of firmware attacks remains significantly underexplored. This study proposes a classification tree for firmware attacks, focusing on the attack goals. We further propose nine distinct firmware attacks within these categories to demonstrate and understand the impact of compromised firmware on a standard fused filament fabrication printer. The study evaluates these attacks through relevant destructive and non-destructive tests, including assessing the tensile strength of the printed parts and conducting air quality tests at the printing premises. The study further investigates the viability of forty-eight attacks, including nine that we propose, across the 3D printing stages: the design stage (involving CAD file manipulation), the slicing stage (involving G-code file manipulation), and the printing stage (involving firmware manipulation). Drawing on our understanding of the 3D printing attack surface, we introduce an Attack Feasibility Index (AFI) to assess the feasibility of attacks at different printing stages. This systematization and examination advances the comprehension of potential 3D printing attacks and urges researchers to delve into cybersecurity strategies focused on counteracting feasible attacks at specific printing stages.

2:45 pm–3:15 pm

Break with Refreshments

3:15 pm–4:15 pm

Lightning Talks and Closing Remarks

Program Co-Chairs: Adam Doupé, Arizona State University; Alyssa Milburn, Intel

4:30 pm–6:00 pm

Demo/Poster Session and Happy Hour