Report of the 9th edition of the BruCON conference

Filter by category:

October 13, 2017 by Damien Cauquil
Brucon 2017
The 9th edition of the BruCON conference was held on the 5th and 6th of October at the University of Ghent, Belgium. Digital Security was there with its own talk and as a guest at a workshop about Bluetooth Smart lockpicking.

Dome of the Amphitheater

The aula of the University of Ghent is such an amazing place: that is an old and big building with its own amphitheater, column-based architecture, which is nothing but truly beautiful. This place was somehow customized for this event: a giant screen was thereby displaying all the tweets, pictures and network statistics and a Wi-Fi network was provided to the attendees.

I was not able to attend all the talks and workshops, therefore I will only report in this blog post on those I saw and participated in.

First day wrap-up

University of Ghent's aula

Detecting malware even when it is encrypted (František Střasák)

This presentation was about a quite interesting subject: how to detect a malicious network activity using secure connections with the help of Machine Learning algorithms. This approach is quite common nowadays, I mean using some kind of Machine Learning algorithm, providing a way to create an automated system that would be able to tell normal and malicious traffic apart without inspecting the content of the communications. This is basically done by looking at all the possibly available metadata from those communications, and try to find one or many relations between them thanks to Machine Learning.

The speaker detailed the different main features its system relies on (i.e. the inputs of the detection system, more than fourty!) and the experiments he made to evaluate the efficiency of this automatic detection system. These experiments are based on a split dataset, containing both normal and malicious traffic at various ratios.

As a matter of fact, results vary depending on the ratio of normal traffic against the malicious one. However, the researcher deplores a high false positive rate (> 5%) no matter the experiments' conditions. This may be explained by the fact that malwares are now industrialized and behave more and more like "classic" software, using secure communications the exact same way as these latter.

See the slides of this conference here.

Knock knock... Who's there? admin admin and get in! (Anna Shirokova)

This second talk by Anna Shirokova was very interesting, the researcher told the whole story of bruteforce-based malicious software since 2003 to now.

The first real known malware spreading through bruteforce was detected in 2013 by DrWeb, despite a piece of code acting the same way discovered in 2009. This malware discovered by DrWeb, dubbed FortDisco, was using bruteforce to spread on the Internet but also to drop other malicious code on the impacted servers. In 2015, the malicious piece of code Aethra was discovered and targeted misconfigured routers (well, using weak passwords to be precise) in order to infect them with malware. And this kind of malicious software made its way to 2017, as a new malware doing the exact same attacks, dubbed "Stantinko", was recently discovered by ESET.

Spreading malicious software by abusing weak passwords is still working and widely used, not only targeting servers with vulnerable administrative accounts but also various content management systems such as Wordpress to name a few.

See the slides of this conference here.


Hacking Bluetooth Smartlock - Atelier (Slawomir Jasek, Damien Cauquil)

Slawomir Jasek asked me before BruCON if I could co-animate his workshop on Bluetooth Low Energy smart lockpicking, and I accepted his proposition with great pleasure. I've presented at various conferences some vulnerabilities I found on these smart locks and padlocks, as did Slawomir during the previous few years.

It was also a good way to show how Btlejuice, our Bluetooth Low Energy Man-in-the-Middle framework, works and to demonstrate its efficiency.

We spoke about the security of various smartlocks and smart padlocks, as well as their vulnerabilities and weaknesses. Slawomir demonstrated how easy it is to "pick" these locks wirelessly or simply steal a pin code used by a specific lock. We both answered attendees' questions and gave our experience feedback about intercepting and hacking Bluetooth Low Energy devices.

I enjoyed this workshop and hope other fellow hackers would find an interest in hacking all these smart objects relying on the Bluetooth Low Energy protocol.

The Mentor/Mentee initiative, sponsored by Google

This year, Google sponsored the Mentor/Mentee initiative at BruCON. This initiative is a novelty of this 9th edition, as it tries to bring to the same place seasoned security professionals and students or security enthusiasts. The idea behind this initiative was to allow IT security rookies (mentees) to ask experienced people (mentors) to share some piece of advice regarding this community: who to follow, the must-reads, how to submit a talk and why you should submit even if you think you're not skilled enough or your research is not interesting, etc. I participated to this event and met many students and professionals and had a lot of great talks, among other trolls.

This initiative was really interesting and should be in my humble opinion renewed during the next edition. And why not spread to other security conferences.

Second day wrap-up

The second day of the BruCON conference started with a good breakfast and friendly chats. After having drank one or two bottles of Club Mate, it was time to sit in the amphitheater to see the keynote (as I missed the previous one).

How hackers changed the security industry and how we need to keep changing it (Chris Wysopal)

Chris drew a short history of how hackers and hacking were seen during the last decades and explained how a group of hackers originally considered by authorities as a criminal gang came to testify in the U.S. Senate, thus changing the way the world sees them. He insisted on the fact that hackers innovated a lot in the IT security field: they invented the vulnerability scanner or the first packet manipulation tool. These tools are nowadays considered as standard and widely used by pentesters and system administrators.

Hackers also created some of the most well-known security conferences, like DEF CON held each year in Las Vegas. Chris also mentioned that many U.S. agencies sent some of their agents because it was the only way to learn and discover the latest cybersecurity trends, asking them to behave and look like hackers. Today, they do not hide anymore and even contribute to these events, as well as other law enforcement agencies from other countries.

During his presentation, he also insisted on the fact that hackers made their way to where they are now by making a lot of noise and trouve, through many attacks and vulnerabilities publicly disclosed. They changed the way they were seen and showed the world they could be useful, the expression "ethical hacking" was born. But these pioneers are now old and we need some fresh blood: hackers must make noise and trouble again in order to move things in the right direction.

Chris gave as an example his idea of "Security Champions": a team member trained by security professionals and that would act as a referee in companies developing software or services, providing the correct answers and bringing security during the design process.

See the slides of this conference here.

See no evil, hear no evil: Hacking invisibly and silently with light and sound (Matt Wixey)

This talk by Matt Wixey was one of the funniest and most interesting of this conference, showing multiple ways to abuse light and its wavelength (through laser to infrared for instance) as well as sound to challenge the security of many systems. He showed how a simple laser emitter can, combined to a specific electronic circuit, acts as a microphone and spy on chats in meeting rooms. Or how it is possible to exfiltrate data from an air-gapped laptop by simply using its soundcard or its light sensor and an LED.

He also demonstrated that wireless remote can be attacked with an example case targeting a wireless alarm system. Last but not least, he disclosed an amazing way to send drones to the stratosphere by generating ultrasonic waves at a precise frequency, luring the sonar of a Parrot AR drone and causing this latter to go up, and up, and up...

 Matt Wixey's astrodrone

It was a very refreshing talk with a really good hacking spirit, demonstrated that anyone can get amazing results with a few devices and electronics (like Angus McGyver).

See the slides of this conference here.

Weaponizing the BBC Micro:Bit (Damien Cauquil)

I went to BruCON as a speaker and this was my turn to show how one can turn the Micro:Bit, a BBC-sponsored 15€ device created to teach U.K. kids to code, into a wireless hacking tool. I demonstrated how easy it is to sniff on wireless keyboards communications and capture all the keystrokes or even how to fuzz some Bluetooth Low Energy stack. Last but not least, I took control of a flying Cheerson quadcopter by using a modified Micro:Bit during a live demo. A special thank to Xavier Mertens who was kind enough to fly the targeted drone and the demo Gods for not having messed up with this device.

See the slides of the conference here.

Back to normal

It was then time for me to go back to Paris, after these 2 intense days of talks and passionate chats about the security of systems and connected objects. This was my first BruCON in Flanders and I will for sure come back to the next edition. A great thank you to all the organizers, to Xavier, Philippe, Christophe and those I shared a very good time with as well.