about_customblogblog_customclosedocumenteliemenuphotos_custompublications_customsearch_newsmiletoolsvideos_custom
close-normalfacebookgoogleinstagramlinkedinlocationmailredditrsstagtwitteryoutube

Bad Memories

No matter which kind of cryptography you are using to defend your network, sooner or later to make it work you will have to store somewhere a password, a key or a certificate. If the attacker is able to tamper with its storage mechanism then even the strongest encryption mechanism became irrelevant. In this talk we will present Tapjacking attacks which abuse smartphone features to create more efficient clickjacking attacks. We also show how to attack storage mechanisms to tamper with SSL session and break into Wifi networks that use WPA encryption. For SSL we will show how to exploit warning inconsistency and caching mechanisms to trick the user into accepting a bad cert and gets his credential stolen. For Wifi network we will demonstrate how to use clickjacking, CSRF, and XSS to steal from routers the two pieces of information that an attacker needs to geo-localize and break into it, namely the WPA key and the mac address. Finally we survey how frame busting defense are implemented by the Alexa top 100 websites and explain how we were able to break them using standard and not so standard tricks. We also demonstrate how to use Paul Stone scrolling attack in novel ways. This is joint work with Dan Boneh and Collin Jackson.

BlackHat USA 2010/ Defcon 18 2010

Share this paper on your favorite social network.

Stay in touch

Join the 35K awesome readers community!

or

Recent

Be in the Know

Join thousands of readers who receive my latest blog posts in their inbox.
 
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2017
Papers
Blog
Tools
Photos
About Me

Recent entries