Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
•Télécharger en tant que PPTX, PDF•
1 j'aime•1,091 vues
Recommandé
Recommandé
Contenu connexe
Plus de DefconRussia
Plus de DefconRussia (20)
Dernier
Dernier (20)
Inbar Raz - Physical (In)Security – it’s not –ALL– about Cyber
- 1. Physical (In)security Inbar Raz Malware & Security Manager Check Point Software Technologies ©2013 Check Point Software Technologies Ltd.
- 2. Types of Vulnerability Disclosures Responsible Disclosure: – Contact the vendor only and inform them of the vulnerability – If asked, work with the vendor – After 3-6 months, proceed to Full Disclosure Full Disclosure: – Publish all information, including POC – Sometimes – only a video of POC ©2013 Check Point Software Technologies Ltd. 2
- 3. Disclosure #1 Vendor: An Online Movie Ticket Service Field: Online shopping and entertainment Affected Product: On-site Ticket Kiosk Vulnerability: Multiple vulnerabilities cause the compromise of both customer and company data ©2013 Check Point Software Technologies Ltd. 3
- 4. Disclosure Details On-site Kiosk Touch Screen Credit Card Reader Ticket Printer No peripherals, No interfaces And the journey begins… ©2013 Check Point Software Technologies Ltd. 4
- 5. Disclosure Details Improper interface settings allow the opening of menu options. Menus can be used to browse for a new printer. ©2013 Check Point Software Technologies Ltd. 5
- 6. Disclosure Details A limited browser is not restricted enough. A right-click can be used… To open a full, unlimited Windows Explorer. Now the sky is the limit… ©2013 Check Point Software Technologies Ltd. 6
- 7. Disclosure Details Browsing through the file system reveals indicative directory names… And even more indicative file names. ©2013 Check Point Software Technologies Ltd. 7
- 8. Disclosure Details Bingo: Credit Card Data (Unencrypted!) Tools of the trade: Notepad We can use the ticket printer to take it home ©2013 Check Point Software Technologies Ltd. 8
- 9. Disclosure Details But that’s not all: RSA Keys and Certificates are also found on the drive! Which we can print, take home and then use a free OCR software to read… ©2013 Check Point Software Technologies Ltd. 9
- 10. Disclosure Details The result: RSA Keys used to bill credit cards. ©2013 Check Point Software Technologies Ltd. 10
- 11. Disclosure #2 Vendor: Point-of-Sale Manufacturer and Users Field: Network Security Vulnerability: Improper physical security allows access to insecure PoS devices during afterhours. ©2013 Check Point Software Technologies Ltd. 11
- 12. Disclosure Details Point-Of-Sale devices are all around you. ©2013 Check Point Software Technologies Ltd. 12
- 13. Disclosure Details Location: A bar in Tel-Aviv During working hours – tables, chair and PoS outside During afterhours – everything is locked inside the facility But the Ethernet port remains hot – In public space… ©2013 Check Point Software Technologies Ltd. 13
- 14. Attack Vector In the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. ©2013 Check Point Software Technologies Ltd. 14
- 15. Attack Vector In the past – play hacker/script kiddie with BackTrack. Today: Fire up wireshark, discover IPs of live machines. Detected IP addresses: – 192.168.0.1 – 192.168.0.2 – 192.168.0.4 – 192.168.0.250 – 192.168.0.254 Confirm by ping (individual and broadcast) ©2013 Check Point Software Technologies Ltd. 15
- 16. Attack Vector Evidence of SMB (plus prior knowledge) lead to the next step: And the response: ©2013 Check Point Software Technologies Ltd. 16
- 17. Things to do with an open share #1: Look around [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 17
- 18. Things to do with an open share #1: Look around #2: Create a file list [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 18
- 19. The mystery of 192.168.0.250 Answers a ping, but no SMB. First guess: the ADSL Modem. Try to access the Web-UI: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 19
- 20. The mystery of 192.168.0.250 Use the full URL: [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 20
- 21. Going for the ADSL router Reminder: We actually had this information. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 21
- 22. Going for the ADSL router Naturally, there is access control: Want to guess? [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 22
- 23. Unlocked Achievements Best for me, worst for them: Credit card data. Database files (yet to be analyzed). The program files of the billing system. Potential attack through the internet. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 23
- 24. Next Steps Create a Responsible Disclose document for the PoS manufacturer Send an Advisory to businesses ©2013 Check Point Software Technologies Ltd. 24
- 25. IMPORTANT NOTICE The bar operation was with full cooperation and consent. DOING THIS ON YOUR OWN IS ILLEGAL. [Restricted] ONLY for designated groups and individuals ©2013 Check Point Software Technologies Ltd. 25