SlideShare a Scribd company logo

DEF CON 27 -JENS MUELLE - re what's up Johnny covert content attacks on email end to end encryption

Felipe Prado
Felipe Prado

DEF CON 27 -JENS MUELLE - re what's up Johnny covert content attacks on email end to end encryption

Technology
1 of 114
Download to read offline
Re: What’s up Johnny? Covert Content Attacks on Email End-To-End Encryption Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
Remember EFAIL? 2
• Last year: EFAIL Remember EFAIL? 2
• Last year: EFAIL – Major attack with a logo Remember EFAIL? 2
• Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP Remember EFAIL? 2
• Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP • Today: non-crypto attacks Remember EFAIL? 2
• Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP • Today: non-crypto attacks – Targeting encryption and digital signatures Remember EFAIL? 2
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 3
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 3
Technology's promise 4
I. “Strong crypto is virtually unbreakable.” Technology's promise 4
I. “Strong crypto is virtually unbreakable.” II. “Digital signature will prevail. Math wins.” Technology's promise 4
I. “Strong crypto is virtually unbreakable.” II. “Digital signature will prevail. Math wins.” Technology's promise …claims I. and II. could be bypassed with a single reply to a benign looking email? What if… 4
From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
Multipart MIME email 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email multipart/mixed 7
Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email multipart/mixed texttext 7
From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/html <b>HTML</b> message… Content-type: application/pdf %PDF-1.4 […] Multipart MIME email multipart/mixed pdfhtml 7
From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies Two competing standards 9
OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies Two competing standards 9
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 10
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 10
Attacker model 11
• Eve has captured ciphertext Attacker model 11
• Eve has captured ciphertext • Can modify email structure Attacker model 11
• Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim Attacker model 11
• Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim – Either to recipient or sender Attacker model 11
• Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim – Either to recipient or sender – Both can decrypt the email Attacker model 11
Covert content attack: Decryption oracle 12
Covert content attack: Decryption oracle 12
Covert content attack: Decryption oracle 12
Covert content attack: Decryption oracle 12
To: johnny@good.com Decryption oracle From: alice@good.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
To: johnny@good.com Decryption oracle From: alice@good.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… Content-type: text/plain What's up Johnny? 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… Content-type: text/plain What's up Johnny? multipart/mixed ???text 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? multipart/mixed text secret 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny?nnnnnn… 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny?nnnnnn… 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <!-- 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <!-- 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-ID: <part2> Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <img src="cid:part2"> 13
Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-Disposition: attachment Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 14
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 14
Covert content attack: Signing oracle 15
Covert content attack: Signing oracle 15
Covert content attack: Signing oracle 15
Covert content attack: Signing oracle 15
Covert content attack: Signing oracle 15
From: eve@evil.com To: johnny@good.com Content-type: text/html What's up Johnny? I hereby declare war. Signature oracle 16
Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html What's up Johnny? <div class="covert"> I hereby declare war. </div> 16
Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> IF condition: Hide * but show .covert </style> What's up Johnny? <div class="covert">I hereby declare war.</div> 16
Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> @media (max-device-width: 834px) { .covert {visibility: hidden;}} </style> What's up Johnny? <div class="covert">I hereby declare war.</div> hide covert content on mobile devices 16
Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> @media (max-device-width: 834px) { .covert {visibility: hidden;}} @media (min-device-width: 835px) { * {visibility: hidden;} .covert {visibility: visible}} </style> What's up Johnny? <div class="covert">I hereby declare war.</div> but show on desktop devices 16
I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? 17
I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? Reply email sent from Johnny’s mobile phone 17
I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? Reply email sent from Johnny’s mobile phone 17
I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? I hereby declare war. Signed email received on a desktop device Reply email sent from Johnny’s mobile phone 17
Conditional rules 18
• Targeting device type (@media) Conditional rules 18
• Targeting device type (@media) • Targeting email client (@supports) Conditional rules 18
• Targeting device type (@media) • Targeting email client (@supports) • Targeting user account (@document) Conditional rules 18
• Targeting device type (@media) • Targeting email client (@supports) • Targeting user account (@document) Conditional rules 18
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 19
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 19
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird Outlook Win. 10 Mail Win Live Mail The Bat! Postbox eM Client Linux KMail Evolution Trojitá Claws Mutt macOS Apple Mail MailMate Airmail iOS Mail App Android K-9 Mail R2Mail2 MailDroid Nine Web Exchange/OWA Roundcube Horde/IMP Mailpile ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● Outlook ○ Win. 10 Mail ○ Win Live Mail ○ The Bat! ○ Postbox ● eM Client ○ Linux KMail ◐ Evolution ◐ Trojitá ◐ Claws ◐ Mutt ◐ macOS Apple Mail ● MailMate ● Airmail ● iOS Mail App ● Android K-9 Mail – R2Mail2 ○ MailDroid ○ Nine ○ Web Exchange/OWA ○ Roundcube – Horde/IMP ○ Mailpile – ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● Outlook ○ ○ Win. 10 Mail ○ – Win Live Mail ○ – The Bat! ○ ○ Postbox ● ● eM Client ○ ○ Linux KMail ◐ ◐ Evolution ◐ ◐ Trojitá ◐ ◐ Claws ◐ ◐ Mutt ◐ ◐ macOS Apple Mail ● ● MailMate ● ● Airmail ● ● iOS Mail App ● – Android K-9 Mail – ○ R2Mail2 ○ ● MailDroid ○ ○ Nine ○ – Web Exchange/OWA ○ – Roundcube – ◐ Horde/IMP ○ ○ Mailpile – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● Outlook ○ ○ ◐ Win. 10 Mail ○ – ◐ Win Live Mail ○ – ● The Bat! ○ ○ ○ Postbox ● ● ● eM Client ○ ○ ◐ Linux KMail ◐ ◐ ○ Evolution ◐ ◐ ◐ Trojitá ◐ ◐ ◐ Claws ◐ ◐ ○ Mutt ◐ ◐ ○ macOS Apple Mail ● ● ◐ MailMate ● ● ● Airmail ● ● ● iOS Mail App ● – ● Android K-9 Mail – ○ – R2Mail2 ○ ● ◐ MailDroid ○ ○ ● Nine ○ – ● Web Exchange/OWA ○ – ● Roundcube – ◐ ◐ Horde/IMP ○ ○ ◐ Mailpile – ○ – ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● ● Outlook ○ ○ ◐ ◐ Win. 10 Mail ○ – ◐ – Win Live Mail ○ – ● – The Bat! ○ ○ ○ ○ Postbox ● ● ● ● eM Client ○ ○ ◐ ◐ Linux KMail ◐ ◐ ○ ○ Evolution ◐ ◐ ◐ ◐ Trojitá ◐ ◐ ◐ ◐ Claws ◐ ◐ ○ ○ Mutt ◐ ◐ ○ ○ macOS Apple Mail ● ● ◐ ◐ MailMate ● ● ● ● Airmail ● ● ● ● iOS Mail App ● – ● – Android K-9 Mail – ○ – ● R2Mail2 ○ ● ◐ ◐ MailDroid ○ ○ ● ● Nine ○ – ● – Web Exchange/OWA ○ – ● – Roundcube – ◐ ◐ ◐ Horde/IMP ○ ○ ◐ ◐ Mailpile – ○ – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● ● Outlook ○ ○ ◐ ◐ Win. 10 Mail ○ – ◐ – Win Live Mail ○ – ● – The Bat! ○ ○ ○ ○ Postbox ● ● ● ● eM Client ○ ○ ◐ ◐ Linux KMail ◐ ◐ ○ ○ Evolution ◐ ◐ ◐ ◐ Trojitá ◐ ◐ ◐ ◐ Claws ◐ ◐ ○ ○ Mutt ◐ ◐ ○ ○ macOS Apple Mail ● ● ◐ ◐ MailMate ● ● ● ● Airmail ● ● ● ● iOS Mail App ● – ● – Android K-9 Mail – ○ – ● R2Mail2 ○ ● ◐ ◐ MailDroid ○ ○ ● ● Nine ○ – ● – Web Exchange/OWA ○ – ● – Roundcube – ◐ ◐ ◐ Horde/IMP ○ ○ ◐ ◐ Mailpile – ○ – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 21
1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 21
Decryption oracles 22
• Accepting ASCII text only Decryption oracles 22
• Accepting ASCII text only Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption • All-or-Nothing Encryption Decryption oracles 22
• Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption • All-or-Nothing Encryption Decryption oracles Root causes: long-term keys + ciphertext usage out-of-context 22
Signing oracles 23
• Dropping CSS Support Signing oracles 23
• Dropping CSS Support Signing oracles 23
• Dropping CSS Support • Only ASCII Text in replies Signing oracles 23
• Dropping CSS Support • Only ASCII Text in replies • Remove styles from replies Signing oracles 23
Conclusion 24
• Crypto is not enough, bypasses exist Conclusion 24
• Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable Conclusion 24
• Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable • Building security on top of email is hard Conclusion 24
• Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable • Building security on top of email is hard Conclusion Thank you! Questions? Exploits: github.com/RUB-NDS/Covert-Content-Attacks 24
HTML and CSS support in various email clients
Proprietary conditional features
Blinding options

Recommended

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 

Recommended

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
 
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingDEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingFelipe Prado
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...Felipe Prado
 
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouseDEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouseFelipe Prado
 
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hackingDEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hackingFelipe Prado
 
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEFDEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEFFelipe Prado
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

More Related Content

More from Felipe Prado

DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsFelipe Prado
 
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingDEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingFelipe Prado
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...Felipe Prado
 
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouseDEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouseFelipe Prado
 
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hackingDEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hackingFelipe Prado
 
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEFDEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEFFelipe Prado
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 

More from Felipe Prado (20)

DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systemsDEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
 
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gamingDEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
DEF CON 23 - Zack Allen and Rusty Bower - malware in gaming
 
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
DEF CON 23 - Yuwei Zheng and Haoqi Shan - build a free cellular traffic captu...
 
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouseDEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
DEF CON 23 - Yaniv Balmas and Lior Oppenheim - key logger-video mouse
 
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hackingDEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
DEF CON 23 - Yan Shoshitaishvili - fish wang angry hacking
 
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEFDEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
DEF CON 23 - Xntrik - hooked browser meshed networks with webRTC and BeEF
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testers
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

DEF CON 27 -JENS MUELLE - re what's up Johnny covert content attacks on email end to end encryption

  • 1. Re: What’s up Johnny? Covert Content Attacks on Email End-To-End Encryption Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, Jörg Schwenk
  • 3. • Last year: EFAIL Remember EFAIL? 2
  • 4. • Last year: EFAIL – Major attack with a logo Remember EFAIL? 2
  • 5. • Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP Remember EFAIL? 2
  • 6. • Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP • Today: non-crypto attacks Remember EFAIL? 2
  • 7. • Last year: EFAIL – Major attack with a logo – Novel attack techniques targeting S/MIME + PGP • Today: non-crypto attacks – Targeting encryption and digital signatures Remember EFAIL? 2
  • 8. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 3
  • 9. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 3
  • 11. I. “Strong crypto is virtually unbreakable.” Technology's promise 4
  • 12. I. “Strong crypto is virtually unbreakable.” II. “Digital signature will prevail. Math wins.” Technology's promise 4
  • 13. I. “Strong crypto is virtually unbreakable.” II. “Digital signature will prevail. Math wins.” Technology's promise …claims I. and II. could be bypassed with a single reply to a benign looking email? What if… 4
  • 14. From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
  • 15. From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
  • 16. From: alice@good.com To: johnny@good.com Subject: Important news Some ASCII text message… Traditional RFC822 email 5
  • 17. From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
  • 18. From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
  • 19. From: alice@good.com To: johnny@good.com Subject: Important news -----BEGIN PGP MESSAGE----- … -----END PGP MESSAGE----- Traditional PGP/Inline 6
  • 21. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
  • 22. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
  • 23. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
  • 24. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email 7
  • 25. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email multipart/mixed 7
  • 26. Content-type: text/plain Some ASCII text message… Content-type: text/plain This is the 2nd part From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Multipart MIME email multipart/mixed texttext 7
  • 27. From: alice@good.com To: johnny@good.com Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/html <b>HTML</b> message… Content-type: application/pdf %PDF-1.4 […] Multipart MIME email multipart/mixed pdfhtml 7
  • 28. From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
  • 29. From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
  • 30. From: alice@good.com To: johnny@good.com Subject: Important news Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… S/MIME 8
  • 31. OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies Two competing standards 9
  • 32. OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies Two competing standards 9
  • 33. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 10
  • 34. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 10
  • 36. • Eve has captured ciphertext Attacker model 11
  • 37. • Eve has captured ciphertext • Can modify email structure Attacker model 11
  • 38. • Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim Attacker model 11
  • 39. • Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim – Either to recipient or sender Attacker model 11
  • 40. • Eve has captured ciphertext • Can modify email structure • Can re-send it to the victim – Either to recipient or sender – Both can decrypt the email Attacker model 11
  • 41. Covert content attack: Decryption oracle 12
  • 42. Covert content attack: Decryption oracle 12
  • 43. Covert content attack: Decryption oracle 12
  • 44. Covert content attack: Decryption oracle 12
  • 45. To: johnny@good.com Decryption oracle From: alice@good.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 46. To: johnny@good.com Decryption oracle From: alice@good.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 47. To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 48. To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 49. To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 50. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… 13
  • 51. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… Content-type: text/plain What's up Johnny? 13
  • 52. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- To: johnny@good.com Decryption oracle From: eve@evil.com Content-Type: application/pkcs7-mime MIAGCSqGSIb3DQEHA6CAMIACAQAxggHJMIIB… Content-type: text/plain What's up Johnny? multipart/mixed ???text 13
  • 53. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? multipart/mixed text secret 13
  • 54. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
  • 55. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
  • 56. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny?nnnnnn… 13
  • 57. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny?nnnnnn… 13
  • 58. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <!-- 13
  • 59. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-type: text/plain Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <!-- 13
  • 60. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-ID: <part2> Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/html What's up Johnny? <img src="cid:part2"> 13
  • 61. Content-type: multipart/mixed; boundary="XXX" --XXX --XXX --XXX-- Content-Disposition: attachment Secret message, for Johnny's eyes only… To: johnny@good.com Decryption oracle From: eve@evil.com Content-type: text/plain What's up Johnny? 13
  • 62. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 14
  • 63. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 14
  • 64. Covert content attack: Signing oracle 15
  • 65. Covert content attack: Signing oracle 15
  • 66. Covert content attack: Signing oracle 15
  • 67. Covert content attack: Signing oracle 15
  • 68. Covert content attack: Signing oracle 15
  • 69. From: eve@evil.com To: johnny@good.com Content-type: text/html What's up Johnny? I hereby declare war. Signature oracle 16
  • 70. Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html What's up Johnny? <div class="covert"> I hereby declare war. </div> 16
  • 71. Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> IF condition: Hide * but show .covert </style> What's up Johnny? <div class="covert">I hereby declare war.</div> 16
  • 72. Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> @media (max-device-width: 834px) { .covert {visibility: hidden;}} </style> What's up Johnny? <div class="covert">I hereby declare war.</div> hide covert content on mobile devices 16
  • 73. Signature oracle From: eve@evil.com To: johnny@good.com Content-type: text/html <style> @media (max-device-width: 834px) { .covert {visibility: hidden;}} @media (min-device-width: 835px) { * {visibility: hidden;} .covert {visibility: visible}} </style> What's up Johnny? <div class="covert">I hereby declare war.</div> but show on desktop devices 16
  • 74. I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? 17
  • 75. I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? Reply email sent from Johnny’s mobile phone 17
  • 76. I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? Reply email sent from Johnny’s mobile phone 17
  • 77. I'm fine, thanks. On 01/05/19 09:53, Eve wrote: > What's up Johnny? Re: What's up Johnny? I hereby declare war. Signed email received on a desktop device Reply email sent from Johnny’s mobile phone 17
  • 79. • Targeting device type (@media) Conditional rules 18
  • 80. • Targeting device type (@media) • Targeting email client (@supports) Conditional rules 18
  • 81. • Targeting device type (@media) • Targeting email client (@supports) • Targeting user account (@document) Conditional rules 18
  • 82. • Targeting device type (@media) • Targeting email client (@supports) • Targeting user account (@document) Conditional rules 18
  • 83. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 19
  • 84. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 19
  • 85. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird Outlook Win. 10 Mail Win Live Mail The Bat! Postbox eM Client Linux KMail Evolution Trojitá Claws Mutt macOS Apple Mail MailMate Airmail iOS Mail App Android K-9 Mail R2Mail2 MailDroid Nine Web Exchange/OWA Roundcube Horde/IMP Mailpile ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 86. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● Outlook ○ Win. 10 Mail ○ Win Live Mail ○ The Bat! ○ Postbox ● eM Client ○ Linux KMail ◐ Evolution ◐ Trojitá ◐ Claws ◐ Mutt ◐ macOS Apple Mail ● MailMate ● Airmail ● iOS Mail App ● Android K-9 Mail – R2Mail2 ○ MailDroid ○ Nine ○ Web Exchange/OWA ○ Roundcube – Horde/IMP ○ Mailpile – ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 87. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● Outlook ○ ○ Win. 10 Mail ○ – Win Live Mail ○ – The Bat! ○ ○ Postbox ● ● eM Client ○ ○ Linux KMail ◐ ◐ Evolution ◐ ◐ Trojitá ◐ ◐ Claws ◐ ◐ Mutt ◐ ◐ macOS Apple Mail ● ● MailMate ● ● Airmail ● ● iOS Mail App ● – Android K-9 Mail – ○ R2Mail2 ○ ● MailDroid ○ ○ Nine ○ – Web Exchange/OWA ○ – Roundcube – ◐ Horde/IMP ○ ○ Mailpile – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 88. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● Outlook ○ ○ ◐ Win. 10 Mail ○ – ◐ Win Live Mail ○ – ● The Bat! ○ ○ ○ Postbox ● ● ● eM Client ○ ○ ◐ Linux KMail ◐ ◐ ○ Evolution ◐ ◐ ◐ Trojitá ◐ ◐ ◐ Claws ◐ ◐ ○ Mutt ◐ ◐ ○ macOS Apple Mail ● ● ◐ MailMate ● ● ● Airmail ● ● ● iOS Mail App ● – ● Android K-9 Mail – ○ – R2Mail2 ○ ● ◐ MailDroid ○ ○ ● Nine ○ – ● Web Exchange/OWA ○ – ● Roundcube – ◐ ◐ Horde/IMP ○ ○ ◐ Mailpile – ○ – ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 89. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● ● Outlook ○ ○ ◐ ◐ Win. 10 Mail ○ – ◐ – Win Live Mail ○ – ● – The Bat! ○ ○ ○ ○ Postbox ● ● ● ● eM Client ○ ○ ◐ ◐ Linux KMail ◐ ◐ ○ ○ Evolution ◐ ◐ ◐ ◐ Trojitá ◐ ◐ ◐ ◐ Claws ◐ ◐ ○ ○ Mutt ◐ ◐ ○ ○ macOS Apple Mail ● ● ◐ ◐ MailMate ● ● ● ● Airmail ● ● ● ● iOS Mail App ● – ● – Android K-9 Mail – ○ – ● R2Mail2 ○ ● ◐ ◐ MailDroid ○ ○ ● ● Nine ○ – ● – Web Exchange/OWA ○ – ● – Roundcube – ◐ ◐ ◐ Horde/IMP ○ ○ ◐ ◐ Mailpile – ○ – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 90. OS Client Decryption Signatures S/MIME PGP S/MIME PGP Windows Thunderbird ● ● ● ● Outlook ○ ○ ◐ ◐ Win. 10 Mail ○ – ◐ – Win Live Mail ○ – ● – The Bat! ○ ○ ○ ○ Postbox ● ● ● ● eM Client ○ ○ ◐ ◐ Linux KMail ◐ ◐ ○ ○ Evolution ◐ ◐ ◐ ◐ Trojitá ◐ ◐ ◐ ◐ Claws ◐ ◐ ○ ○ Mutt ◐ ◐ ○ ○ macOS Apple Mail ● ● ◐ ◐ MailMate ● ● ● ● Airmail ● ● ● ● iOS Mail App ● – ● – Android K-9 Mail – ○ – ● R2Mail2 ○ ● ◐ ◐ MailDroid ○ ○ ● ● Nine ○ – ● – Web Exchange/OWA ○ – ● – Roundcube – ◐ ◐ ◐ Horde/IMP ○ ○ ◐ ◐ Mailpile – ○ – ○ ● Plaintext can be completely hidden ◐ Plaintext merged with attacker-text ○ No vulnerabilities found – Cryptosystem not available Decryption oracles ● Covert rules kept in reply message ◐ Covert rules only for received mail Signature oracles 20
  • 91. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 21
  • 92. 1. Introduction 2. Attacks on Encryption 3. Attacks on Signatures 4. Evaluation 5. Mitigation Overview 21
  • 94. • Accepting ASCII text only Decryption oracles 22
  • 95. • Accepting ASCII text only Decryption oracles 22
  • 96. • Accepting ASCII text only • Enforcing digital signatures Decryption oracles 22
  • 97. • Accepting ASCII text only • Enforcing digital signatures Decryption oracles 22
  • 98. • Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption Decryption oracles 22
  • 99. • Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption Decryption oracles 22
  • 100. • Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption • All-or-Nothing Encryption Decryption oracles 22
  • 101. • Accepting ASCII text only • Enforcing digital signatures • Warn on partial encryption • All-or-Nothing Encryption Decryption oracles Root causes: long-term keys + ciphertext usage out-of-context 22
  • 103. • Dropping CSS Support Signing oracles 23
  • 104. • Dropping CSS Support Signing oracles 23
  • 105. • Dropping CSS Support • Only ASCII Text in replies Signing oracles 23
  • 106. • Dropping CSS Support • Only ASCII Text in replies • Remove styles from replies Signing oracles 23
  • 108. • Crypto is not enough, bypasses exist Conclusion 24
  • 109. • Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable Conclusion 24
  • 110. • Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable • Building security on top of email is hard Conclusion 24
  • 111. • Crypto is not enough, bypasses exist • 22 of 24 tested clients are vulnerable • Building security on top of email is hard Conclusion Thank you! Questions? Exploits: github.com/RUB-NDS/Covert-Content-Attacks 24
  • 112. HTML and CSS support in various email clients