Hack in Paris is France’s biggest IT security conference that has been held annually in the country’s capital since 2011. This year, scip employee Veit Hailperin has presented his research in front of a global audience.

After a keynote by Winn Schwartau, Jose Lopes Esteves and Chaouki Kasmi of ANSSI presented the frankly impressive possibility to inject voice commands into a smartphone. To accomplish that, they use an antenna emitting electromagnetic waves that are outside the range of human hearing. As an entry point, they require a cable being plugged into the headphone jack of a smartphone. The biggest obstacle the researchers are facing is that they need a very large battery. It’s the size of a backpack if the target is within a range of two meters. If the target is within a radius of five meters of the antenna, the battery needs to be the size of a small bus.

Mario Heiderich of Cure53, an information security company based in Berlin, Germany, held a very interesting presentation. His talks have become a staple of Hack in Paris and are usually met with great interest. This year, his talk was titled Copy & Pest during which he presented possibilities of code injection into browsers using the container function of the clipboard. All he needed was a copy&paste from Word to Gmail and he provoked an alert box. By the way, this issue isn’t only an issue under Windows. It also works under Linux.

This presentation was followed by a presentation by Matias Katz who was often interrupted by spontaneous applause. Using dbus and a USB stick, he turned the thumb drive into an additional factor of authentication. Inversing this thought, he also manages to create a classy back door into the system using very little and inconspicuous code. He demonstrated this twice. Once he opened and closed the lid of a laptop twice and unlocked it this way. The second time, he unlocked it using a regular audio cable plugged into the laptop’s headphone jack. He unplugged and re-plugged the cable following a predetermined sequence and, once again, the laptop was unlocked.

The afternoon was filled with presentations concerning Social Engineering, 4G security issues that were presented by Timur Yunusov of SCADAStrangelove and a presentation on the various fails of DDos attack mitigation. The evening was concluded with a gala diner and spectacular circus show including aerial silks and aerial dancing.

Friday began with a keynote by Thomas Roth who talked about secure messaging. He demonstrated a variety of super secure services, among them the Swiss product Proton-Mail, that have to battle security issues. All of them proved to contain holes. Interesting to note is that the process of disclosure with Silent Circle, manufacturer of the Blackphone, has not yet been completed and therefore, a newly found vulnerability could not be presented. Silent Circle recently moved their headquarters from the USA to Switzerland citing privacy concerns.

Really impressive was the talk by Nicolas Grégoire, also known as Agarri. He demonstrated several ways to exploit the relatively new Server-Side Request Forgery (SSRF). He demonstrated these attacks on well-known websites such as Facebook and Paypal. The slides for his presentation are already available on Agarri’s website.

The time before lunch was filled with talks concerning fitness tracker and their security issues as well as SAP (In)security. After a sunny lunch break there was another presentation concerning issues in SAP, held by Alexey Tyurin, head of Erpscan’s Security Assessment Department. This was followed by scip employee Veit Hailperin’s presentation of (Still) Exploiting TCP Timestamps. The conference was completed by talks concerning the security of SNMP on embedded devices and the hacking of ATMs.

A complete list of all talks that will be updated with slides and video records can be found here

• Keynote: Analogue Network Security
• You Don’t Hear Me But Your Phone’s Voice Interface Does
• Copy & Pest : A Case-Study On The Clipboard, Blind Trust And Invisible Cross-Application XSS
• Backdooring X11 With Much Class And NoO Privileges
• Breaking In Bad
• Bootkit Via SMS: 4G Access Level Security Assessment
• DDOS Mitigations’ Epic Fail Collection
• Keynote: Attacking Secure Communication: The (Sad) State Of Encrypted Messaging
• Server-Side Browsing Considered Harmful
• Fitness Tracker: Hack In Progress
• SAP Security: Real‐Life Attacks To Business Processes
• Oracle Peoplesoft Applications Are Under Attack!
• Exploiting TCP Timestamps
• Simple Network Management Pwnd: Information Data Leakage Attacks Against SNMP Enabled Embedded Devices
• Revisiting ATM Vulnerabilities For Our Fun And Vendor’s Profit

The slides Veit Hailperin used during his talk (Still) Exploiting TCP Timestamps can be downloaded here.

About the Author

Veit Hailperin has been working in information security since 2010. His research focuses on network and application layer security and the protection of privacy. He presents his findings at conferences.

Links

• http://www.agarri.fr
• http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf
• http://www.cure53.de
• http://www.erpscan.com
• http://www.hackinparis.com
• http://www.hackinparis.com/talks-2015/
• http://www.mkit.com.ar
• http://www.ssi.gouv.fr
• http://www.theguardian.com/technology/2015/may/25/philip-zimmermann-king-encryption-reveals-fears-privacy
• http://www.twitter.com/stacksmashing/
• https://home.silentcircle.com
• https://wiki.freedesktop.org/www/Software/dbus/
• https://www.facebookcom
• https://www.hackinparis.com/talk-2015-atm-vulnerabilities
• https://www.hackinparis.com/talk-2015-attacking-secure-communication
• https://www.hackinparis.com/talk-2015-backdooring-x11
• https://www.hackinparis.com/talk-2015-bootkit-via-sms
• https://www.hackinparis.com/talk-2015-breaking-in-bad
• https://www.hackinparis.com/talk-2015-copy-and-pest
• https://www.hackinparis.com/talk-2015-ddos-mitigations-epic-fail-collection
• https://www.hackinparis.com/talk-2015-exploiting-tcp-timestamps
• https://www.hackinparis.com/talk-2015-fitness-tracker
• https://www.hackinparis.com/talk-2015-oracle-peoplesoft-applications-are-under-attack
• https://www.hackinparis.com/talk-2015-sap-security
• https://www.hackinparis.com/talk-2015-server-side-browsing-considered-harmful
• https://www.hackinparis.com/talk-2015-simple-network-management-pwnd
• https://www.hackinparis.com/talk-2015-you-dont-hear-me-but-your-phones-voice-interface-does
• https://www.hackinparis.com/talks-2015-keynote-analogue-network-security
• https://www.paypal.com
• https://www.protonmail.ch
• https://www.twitter.com/fenceposterror