In this blog post, we will get into the details of the implementation of Spectre, the exploit that targets the vulnerbilities found in CPUs built by AMD, ARM, and Intel. We assume you are familiar with the concept of the attack, and you can inspect the Proof of Concept source code provided in the Appendix of the paper linked above. You might also find it easier to read this blog post with the source code side by side. [Read More]
by RSS Axelle Apvrille  |  Jan 17, 2018  |  Filed in: Security Research
My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work. Pebble smartwatch talk at VB 2016 Basically, the authors found an inner assembly routine in Pebble's operating system which allows to elevate one's privileges. If you are familiar with ROP, this is a privilege elevation gadget. Normally, this routine is called by Pebble... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2016  |  Filed in: Industry Trends
As you surely know by now, Apple has announced its iPhone 5S would include a fingerprint sensor. In a first blog post, we discussed its use as a second form of authentication, and in another post, the fact the sensor scans sub-epidermally. Apple tells us "All fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s; it's never stored on Apple servers or backed up to iCloud." So, how does the 'Secure Enclave' work, and are we sure our fingerprint will remain locked up in the A7 processor? ARM's... [Read More]
by RSS Axelle Apvrille  |  Sep 16, 2013  |  Filed in: Security Research
Insomni'hack 2013 took place last week at Geneva and I had the opportunity to attend. Insomni'hack DAY 1 consisted of one day workshops on subjects ranging from "Linux exploitation" to "How to make sure your Pentest Report is never empty". I had the chance to attend a workshop on "Practical ARM exploitation" given by black Steve (@s7ephen) and white Steve (Stephen Lawler). We initially had trouble getting the Gumstix we were supposed to work on running due to the difference in voltage levels between the US and Europe (it's about time the world... [Read More]
by RSS Ruchna Nigam  |  Mar 25, 2013  |  Filed in: Security Research