A couple weeks ago we had announced here, we were going to be presenting at BlackHat 2015. This year we had the opportunity to give a presentation at Arsenal, an area where independent researchers and the OpenSource community shows off their latest tools.
The conference consisted of 4 days of intense talks with a vast array of topics. Ranging from hacking a rifle with linux, attacking digital fingerprint systems on smart phones and even controlling remotely a Jeep Cherokee.
Charlie Miller and Chris Valasek presented probably the most hyped talk of the conference (and it did not disappoint) where they went over in detail how to effectively hack into a Jeep Cherokee. The talk was a culmination of years of research into how the systems inside cars function and how someone would be able to take control over a vehicle remotely. They were able to do this by accessing to Uconnect, the Jeep´s remote control systems. With this device, it is possible to access the factories' servers in which one can download applications, obtain information and even connect the passengers to the web. Probably the scariest option of all of this was when he demonstrated how to gain control of the vehicle. The Uconnect uses WPA2 to acces the Wi-Fi, but Miller and Valasek reduced the pass phrases space to a couple of dozen because the key is generated using the system's activation time as a seed for the key generation.
Another one of the discoveries that really caught our eye was how port 6667/tcp was able to be opened with the D-Bus service. This service was used to establish communications between processes, but in the case of the jeep it was configured with root privileges and without authentication. The researches didn´t have to discover any vulnerabiilites or execute any exploits to be able to launch commands in the vehicle. This was a result of a service known as ¨execute¨ which runs the function. By doing this, Miller and Valasek didn´t waste time in creating their own scripts which let them execute actions (that might be unwanted or sub-optimal) such as GPS tracking of the vehicle, controlling the AC/ Heating, the volume of the radio and being able to open the car from a far away even if it´s not running.
For us, one of the most interesting talks in BlackHat came from Michael Auger and Runa Sandvik. In their talk they showed how to hack a rifle with the Linux operating system. The research was done for rifles from the company, Tracking Point, which makes rifles with telescoptic sight, a targeting support system and with wi-fi connectivity which allows someone to see what the shooter is seeing on an external device. One of the most interesting things they were able to do was modify the aiming system so that the shooter always misses the shot (and maybe hits something else you weren´t planning on).
The Arsenal event was held the 5th and the 6h and it was the second time Infobyte had presented Faraday, and the third time overall in Arsenal. In 2010, we presented Evilgrade, a modular framework that allows the user to take advantage of poor upgrade implementations by infecting fake updates. Then the following year (2011), we presented for the first time, Faraday, the first IDE for collaborative pentests.
Federico Kirschbaum, founder and CTO of Infobyte, showed off some of the newest features of the platform. From the totally renovated dashboard and reporting and a bunch of new plugins. We were lucky to have a great turn out and as always, we saw A LOT of enthusiasm from the community.
For those that are interested in testing out a bit Faraday, you can find a free open-source version online, which you can download here. Also, if you weren't able to make it to Vegas and see us in person, we are going to be doing a webinar soon. We will keep everyone posted.
Any questions or feedback you can write us at firstname.lastname@example.org or you directly on Faraday´s website.