High Definition Fuzzing; Exploring HDMI vulnerabilitiesE Hacking
Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC like Samsung and HTC among mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos and other 750 million devices in the world so far.
HDMI (High-Definition Multimedia Interface) is a compact audio/video interface for transferring uncompressed video data and compressed or uncompressed digital audio data from a HDMI-compliant source device to a compatible computer monitor, video projector, digital television, or digital audio device.[1] HDMI is a digital replacement for existing analog video standards.
Learn how Crestron’s DigitalMedia™ product family not only provides solutions to HDMI challenges for professional AV systems, but also integrates analog and digital audio/video formats into a complete systems solution - including HDMI and control. The world is going digital, so come discover the only solution that solves all your needs…Crestron DigitalMedia™ .
High Definition Fuzzing; Exploring HDMI vulnerabilitiesE Hacking
Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC like Samsung and HTC among mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos and other 750 million devices in the world so far.
HDMI (High-Definition Multimedia Interface) is a compact audio/video interface for transferring uncompressed video data and compressed or uncompressed digital audio data from a HDMI-compliant source device to a compatible computer monitor, video projector, digital television, or digital audio device.[1] HDMI is a digital replacement for existing analog video standards.
Learn how Crestron’s DigitalMedia™ product family not only provides solutions to HDMI challenges for professional AV systems, but also integrates analog and digital audio/video formats into a complete systems solution - including HDMI and control. The world is going digital, so come discover the only solution that solves all your needs…Crestron DigitalMedia™ .
CANSPY: A platform for auditing CAN devicesPriyanka Aash
"In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smartcars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what professional tools from automobile manufacturers can do. In fact, they will do less as they do not have knowledge of upper-layer protocols.
Security auditors are used to dealing with this kind of situation: they reverse-engineer protocols before implementing them on top of their tool of choice. However, to be efficient at this, they need more than just being able to listen to or interact with what they are auditing. Precisely, they need to be able to intercept communications and block them, forward them or modify them on the fly. This is why, for example, a platform such as Burp Suite is popular when it comes to auditing web applications.
In this talk, we present CANSPY, a platform giving security auditors such capabilities when auditing CAN devices. Not only can it block, forward or modify CAN frames on the fly, it can do so autonomously with a set of rules or interactively using Ethernet and a packet manipulation framework such as Scapy. It is also worth noting that it was designed to be cheap and easy to build as it is mostly made of inexpensive COTS. Last but not least, we demonstrate its versatility by turning around a security issue usually considered when it comes to cars: instead of auditing an electronic control unit (ECU) through the OBD-II connector, we are going to partially emulate ECUs in order to audit a device that connects to this very connector."
(Source: Black Hat USA 2016, Las Vegas)
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
HDBaseT Alliance Members New Products at ISE 2014HDBaseT
A number of HDBaseT Alliance members will unveil their new HDBaseT-enabled components at the Integrated Systems Europe (ISE) 2014 event Feb. 4-6, 2014 in Amsterdam.
This presentation provides information and images for each member’s new product(s).
Drive it Like you Hacked It - New Attacks and Tools to Wireles E hacking
Prevention: If you are using a gate or garage which uses "fixed codes", to prevent this type of attack, ensure you upgrade to a system which clearly states that it's using rolling codes, hopping codes, Security+ or Intellicode.
CANSPY: A platform for auditing CAN devicesPriyanka Aash
"In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smartcars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what professional tools from automobile manufacturers can do. In fact, they will do less as they do not have knowledge of upper-layer protocols.
Security auditors are used to dealing with this kind of situation: they reverse-engineer protocols before implementing them on top of their tool of choice. However, to be efficient at this, they need more than just being able to listen to or interact with what they are auditing. Precisely, they need to be able to intercept communications and block them, forward them or modify them on the fly. This is why, for example, a platform such as Burp Suite is popular when it comes to auditing web applications.
In this talk, we present CANSPY, a platform giving security auditors such capabilities when auditing CAN devices. Not only can it block, forward or modify CAN frames on the fly, it can do so autonomously with a set of rules or interactively using Ethernet and a packet manipulation framework such as Scapy. It is also worth noting that it was designed to be cheap and easy to build as it is mostly made of inexpensive COTS. Last but not least, we demonstrate its versatility by turning around a security issue usually considered when it comes to cars: instead of auditing an electronic control unit (ECU) through the OBD-II connector, we are going to partially emulate ECUs in order to audit a device that connects to this very connector."
(Source: Black Hat USA 2016, Las Vegas)
Surf Communication Solutions provides of MoP (Media over Packet) Triple Play (Voice, Video, and Modem/Fax/Data) conversion solutions to communication equipment manufacturers. These solutions are provided in various integration levels: DSP software ; PTMC boards; DSP hardware/software; and PCI boards. http://www.surf-com.com
HDBaseT Alliance Members New Products at ISE 2014HDBaseT
A number of HDBaseT Alliance members will unveil their new HDBaseT-enabled components at the Integrated Systems Europe (ISE) 2014 event Feb. 4-6, 2014 in Amsterdam.
This presentation provides information and images for each member’s new product(s).
Drive it Like you Hacked It - New Attacks and Tools to Wireles E hacking
Prevention: If you are using a gate or garage which uses "fixed codes", to prevent this type of attack, ensure you upgrade to a system which clearly states that it's using rolling codes, hopping codes, Security+ or Intellicode.
American Fuzzy Lop (AFL) is a security-oriented fuzz testing tool.
In this talk, I demonstrate how dead-simple AFL is to use. I show how I used it to fuzz a Python library, discovering a subtle bug in the process.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
I have helped more than 100 customers build new and innovative services for their customers with the help of IoT technology. With this slides, I share the lessons learned working with these customers as they start a journey into improved digitalization. My focus is on IT operations and project management.
Living bits and things 2013 - Using peer-to-peer and distributed technologies...Carsten Rhod Gregersen
The traditional approach of both "Big fat webserver device" and "Virtual cloud device" has some inherent challenges not easily solved. These are privacy, autonomy, latency, establishing multiple and adaptable dataflows after deployment.
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
NodeGrid Bold™ is the ultimate fully loaded IoT, POD, Retail, and Remote Office IT infrastructure management solution. NodeGrid Bold provides secure access and control for managing remote devices at the EDGE of your network.
Tempered Networks’ CEO, Jeff Hussey, explains how enterprise organizations can rapidly provision secure identity-based overlay networks that enable you to:
• Cloak or remove the IP footprint of any device from the underlying network to minimize network attack surfaces; significantly reducing vulnerability to externally mounted attacks.
• Transform vulnerable IP-enabled devices—even those that cannot protect themselves--into hardened, invisible assets.
• Rapidly deploy any number of secure overlay networks through centralized orchestration of policies, which allow for easy micro-segmentation of any communications to trusted entities.
Tempered Networks’ CEO, Jeff Hussey, explains how enterprise organizations can rapidly provision secure identity-based overlay networks that enable you to:
• Cloak or remove the IP footprint of any device from the underlying network to minimize network attack surfaces; significantly reducing vulnerability to externally mounted attacks.
• Transform vulnerable IP-enabled devices—even those that cannot protect themselves--into hardened, invisible assets.
• Rapidly deploy any number of secure overlay networks through centralized orchestration of policies, which allow for easy micro-segmentation of any communications to trusted entities.
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
Your job is to secure operations. But nobody listens to you. There’s no budget. Management keeps making bad security decisions that seem to sabotage your efforts. Do you flee or do you try harder? The security books, blogs, and tweeting pundits out there tell us we need to learn the language of business. We need to put risk in terms of money that management understands. We need to be like the management we’re trying to protect. And that’s where it all falls apart. The security to business relationship is often textbook abusive codependency. You do well and nobody notices. You fail and you get fired or worse- shamed by your peers over social media for whatever the company releases as the statement for the breach. So how do you do SecOps under those conditions? This talk will focus on new ways to approach SecOps to face the challenges you have today with business demands. We will look at new security research that will make a difference for how you do your job. Most of all we will show you technical security practices to help you sustain your new found stance.
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
One of the hottest topics in current crypto research is Post-Quantum Cryptography. This branch of cryptography addresses asymmetric crypto systems that are not prone to quantum computers.
Virtually all asymmetric crypto systems currently in use (Diffie-Hellman, RSA, DSA, and Elliptic Curve Crypto Systems) are not Post-Quantum. They will be useless, once advanced quantum computers will be available. Quantum computer technology has made considerable progress in recent years, with major organisations, like Google, NSA, and NASA, investing in it.
Post-Quantum Cryptography uses advanced mathematical concepts. Even if one knows the basics of current asymmetric cryptography (integer factorisation, discrete logarithms, …), Post-Quantum algorithms are hard to understand.
The goal of this presentation is to explain Post-Quantum Cryptography in a way that is comprehensible for non-mathematicians. Five families of crypto systems (as good as all known Post-Quantum algorithms belong to these) will be introduced:
Lattice-based systems:
The concept of lattice-based asymmetric encryption will be explained with a two-dimensional grid (real-world implementations use 250 dimensions and more). Some lattice-based ciphers (e.g., New Hope) make use of the Learning with Error (LWE) concept. I will demonstrate LWE encryption in a way that is understandable to somebody who knows Gaussian elimination (this is taught at middle school). Other lattice-based systems (especially NTRU) use truncated polynomials, which I will also explain in a simple way.
Code-based systems:
McEliece and a few other asymmetric ciphers are based on error correction codes. While teaching the whole McEliece algorithm might be too complex for a 44CON presentation, it is certainly possible to explain error correction codes and the main McEliece fundamentals.
Non-commutative systems:
There are nice ways to explain non-commutative groups and the crypto systems based on these, using everyday-life examples. Especially, twisting a Rubik’s Cube and plaiting a braid are easy-to-understand group operations a crypto system can be built on.
Multivariate systems:
Multivariate crypto can be explained to somebody who knows Gaussian elimination.
Hash-based signatures: If properly explained, Hash-based signatures are easier to understand than any other asymmetric crypto scheme.
I will explain these systems with cartoons, drawings, photographs, a Rubik’s Cube and other items.
In addition, I will give a short introduction to quantum computers and the current Post-Quantum Crypto Competition (organised by US authority NIST).
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
Data Center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources.
In the first part of the talk we will be presenting a SmartNIC-based model for data-center security that solves both the performance problem and the security problems of edge-centric policy models. The model features a more robust isolation of responsibilities, superior offload capabilities, significantly better scaling of policy, and unique visibility opportunities.
To illustrate this, we present a SmartNIC-based reference architecture for network layout, as well as examples of SmartNIC security controls and their resulting threat models.
The second part of the talk will unveil a new innovative technique for tamper proof host introspection as SmartNICs are in a unique position to analyze and inspect the memory of the host to which they are attached. Normally, this functionality is reserved for a hypervisor, where it is known as ‘guest introspection’ or ‘virtual-machine introspection’. With host introspection, security controls no longer live in the hypervisor, but on the SmartNIC itself, on a separate trust domain. In this way, the visibility normally achieved with guest introspection can be performed for the entire host memory in an isolated and secure area. In order for host introspection to work in the same way as guest introspection, memory is DMA transferred in bursts over the PCI-e bus that attaches the SmartNIC to the host. As this method can be subverted to hide unwanted software, we will demonstrate a novel approach to tamper proof the acquisition of memory and for performing live introspection.
Host introspection complements the network controls implemented using the SmartNIC by enabling the measurement of the integrity and the behavior of workloads (virtual machines, containers, bare metal servers) to identify possible indicators of compromise. The visibility and context gained also enhances the granularity of network controls, resulting in measurably better security for the data center compared to traditional software-only based controls.
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
Exploits, Backdoors, and Hacks: words we do not commonly hear when speaking of Machine Learning (ML). In this talk, I will present the relatively new field of hacking and manipulate machine learning systems and the potential these techniques pose for active offensive research.
The study of Adversarial ML allows us to leverage the techniques used by these algorithms to find weak points and exploit them in order to achieve:
Unexpected consequences (why did it decide this rifle is a banana?)
Data leakage (how did they know Joe has diabetes)
Memory corruption and other exploitation techniques (boom! RCE)
Influence the output
In other words, while ML is great at identifying and classifying patterns, an attacker can take advantage of this and take control of the system.
This talk is an extension of research made by many people, including presenters at DefCon, CCC, and others – a live demo will be shown on stage!
Garbage In, RCE Out :)
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
Numerous technical articles, presentations, and even books exists about reverse engineering the Windows Driver Model (WDM) for purposes that vary from simply understanding how a specific driver works, to malware analysis and bug hunting. On the other hand, Microsoft has been providing the Kernel Mode Driver Framework (KMDF) for quite a while and we now see more and more drivers shifting to this framework instead of interacting directly with the OS like in the old WDM times. Yet, there is close to no information on how to approach this model from a reverse engineering and offensive standpoint.
In this presentation, I will first do a quick recap on WDM drivers, its common structures, and how to identify its entry points. Then I’ll introduce KMDF with all its relevant functions for reverse engineering through a set of case-studies. I’ll describe how to interact with a KMDF device object through SetupDI api and how to find and analyze the different IO queues dispatch routines. Does the framework actually enhances security? We’ll come to a conclusion after revealing some major vendor implementation problems.
Armed with this knowledge, you will be able to run your own bug hunting session over any KMDF driver.
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
In March 2018, the UK launched its Secure by Design report in order to help defend against security threats, especially for consumer Internet of Things products and services. Over the past few years, poorly secured IoT devices have been hijacked in both targeted as well as large-scale DDoS attacks such as Mirai. In addition to this, poor security can threaten both privacy and safety.
The speaker, David Rogers authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues with extensive support from the security research community. David will discuss the guidelines within the Code of Practice, why these were prioritised and why the top three became dealing with the password problem, implementing vulnerability disclosure and acting on it and addressing software updates. David will also look at what’s next: what will the challenges be and will the Code of Practice succeed in its aims? How can IoT products possibly be certified and how will the threat landscape change in response to improving security?
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...44CON
Cyber Security is often framed in terms of ‘Risk’- the possibility of suffering harm or loss – and the ‘Management’ of Risk to reduce uncertainty. This is familiar territory for businesses. Cyber Security falls in neatly under Risk Management, is assigned a suitable place on the organigramme, tossed some spare budget and granted a few paragraphs in the board report. NIST defines Risk as a ‘function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organisation’.
Key theme:
This presentation explores the idea that making cyber security analogous to risk is holding us back. How about we talk about security ‘debt’ instead? Technical Debt is already a well understood concept in software development – the cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer or cost more. Changing our language changes how we think and how we behave. This presentation argues that such a change could have a significant impact on software security.
In this presentation we will comment on the power of ‘analogies’ and how they’ve shaped our industry. We’ll then consider the difference between the ‘security as risk’ and the ‘security as debt’ paradigms and explore how changing paradigms may change the way we think about, talk about and measure software security. We believe this could have a very empowering effect on development managers and other security professionals who are struggling to articulate the relative benefits of security (or a lack of security) to a software product.
Con speakers fear the Nerf gun. Overrun your talk time at your peril; Steve will shoot your arse with extreme prejudice until you STFU. We had to find a way to pwn the gun and shoot him back.
That’s when we found the Nerf Terrascout: a remote tank gun controlled over 2.4GHz, with a video feed to the remote, complete with crosshairs.
At first, we thought this would be a trivial job: figure out the RF and take control. It turned in to a mammoth hardware, firmware and RF reversing project.
This puppy is so over-specced it would drive you to tears.
The talk will cover the fails, hair loss and eventual success. There won’t be any smart dildos in it, though some of the techniques used are equally suited to teledildonics exploitation, if that’s your thing.
Reversing RF in a high frequency environment using SDRs is challenging. We’ll discuss how we worked around these issues using hardware reversing skills.
We had to import hardware from China for this project, which we could then programme ourselves using SPI, impersonate the legitimate controller and ‘jack the tank gun.
This talk will of course include a live demonstration of hijacking the tank gun and (possibly) shooting Steve.
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...44CON
Presented by: Julien Voisin and Thibault Koechlin
Suhosin is a great PHP module, but unfortunately, it’s getting old, new ways have been found to compromise PHP applications, and some aren’t working anymore; and it doesn’t play well with the shiny new PHP 7. As a secure web-hosting company, we needed a reliable and future-proof solution to address the flow of new vulnerabilities that are published every day. This is why we developed Snuffleupagus, a new (and open-source!) PHP security module, that provides several features that we needed: passively killing several PHP-specific bug classes, but also implementing virtual-patching at the PHP level, allowing to patch vulnerabilities in a precise, false-positive-free, ultra-low overhead way, without even touching the applications’ code.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
What the HEC? Security implications of HDMI Ethernet Channel and other related protocols - 44CON 2012
1. What the HEC? Security implications of
HDMI Ethernet Channel and other related
protocols
Andy Davis, Research Director NCC Group
2. UK Offices North American Offices Australian Offices
Manchester - Head Office San Francisco Sydney
Cheltenham Atlanta
Edinburgh New York
Leatherhead Seattle
London
Thame
European Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
3. Agenda
• Why am I talking about video interfaces?
• What does HDMI bring with it?
• The CEC protocol – enabling the user to expend as little energy as possible
• CECSTeR – The CEC Security Testing Resource
• The HEC protocol – you mean I get network access too?
• HEC internals and potential security issues
• Conclusion
4. Why am I talking about video interfaces?
• It all started with a BlackBerry PlayBook research project…
• I was investigating USB security at the time (green interface)
• What other ports are available?
• A power connector (blue interface) – probably not that exciting…
• Hmm…microHDMI – what can I do with that? (red interface)
5. HDMI is an output isn’t it?
Well…yes and no
• Video out
• Audio out
• Display identification and capability advertisement in via EDID
• Remote control via CEC in and out
• Network data via HEC in and out
• Encryption and authentication data via HDCP and DPCP in and out
6. HDMI - High-Definition Multimedia Interface
• http://www.hdmi.org/manufacturer/specification.aspx (HDMI adopters only)
• Transmits encrypted uncompressed digital video and audio data using
TMDS (Transition-Minimised Differential Signalling)
• Supports Enhanced DDC for display identification and capability
advertisement
• Also it introduces a number of new technologies, which are potentially
interesting from a security perspective; these include:
• CEC – Consumer Electronics Control
• CDC – Capability Discovery and Control
• HDCP - High-bandwidth Digital Content Protection
• HEC – HDMI Ethernet Channel
7. CEC – I’ve not heard of that before…
Trade names for CEC are:
• BRAVIA Link and BRAVIA Sync (Sony)
• VIERA Link , HDAVI Control, EZ-Sync (Panasonic)
• Anynet+ (Samsung)
• Aquos Link (Sharp)
• SimpLink (LG)
• EasyLink (Philips)
etc…
8. CEC - Consumer Electronics Control
Purpose:
• Control two or more HDMI devices using a single remote control
• Devices can control each other without user-intervention.
Physical:
• The architecture of CEC is an inverted tree
• One-wire bidirectional serial bus (AV.link)
Logical:
• Up to ten AV devices can be connected and the topology of a connected system is
auto-discovered by the protocol.
9. Supported CEC commands
• One Touch Play, System Standby
• Pre-set Transfer, One Touch Record
• Timer Programming, System Information
• Deck Control , Tuner Control
• OSD Display, Device Menu Control
• Routing Control, Remote Control Pass
• Device OSD Name Transfer, System Audio Control
10. The CEC protocol
CEC Block layout:
CEC Header block:
CEC Message:
• Messages are either Directed or Broadcast
• Logical addresses are 0x0 – 0xF (0 always TV, F always broadcast)
• Physical addresses x.x.x.x (TV = 0.0.0.0)
11. Can we fuzz CEC?
• Feature rich protocol - could potentially yield some interesting security
vulnerabilities in different implementations
• Arduino library - http://code.google.com/p/cec-arduino/
• Publicly available Arduino - CEC interface circuit:
• USB-CEC Adapter from Pulse Eight:
• USB-CEC Bridge from RainShadow Tech:
12. Introducing CECSTeR
• Consumer Electronics Control Security Testing Resource
• Download it here - http://tinyurl.com/ncctools
• Supports CEC and CDC (more on that later)
• Capture and display traffic
• Send arbitrary commands
• Fuzz the protocols
• Time for a demo…
14. What are the fuzzer results?
My CEC targets:
• Sony PS3 – no results
• Panasonic Blu-ray player (DMP-BD45) – “random” lockups
• BlackBerry PlayBook (very limited CEC functionality) - no results
• XBMC (using Pulse-eight USB-CEC Adapter) – Permanent DoS
• It “bricked” the Pulse-eight adapter!
• Potentially interesting commands include:
• “Vendor command” – Opcode 0x89
• “Set OSD string” – opcode 0x64
• “Set OSD name” – opcode 0x47
• “CDC command” – opcode 0xF8
15. HEC - HDMI Ethernet Channel
• Introduced in HDMI v1.4 (latest version is 1.4a)
• Consolidates video, audio, and data streams into a single HDMI cable
• The primary intention is to reduce the amount of cables required to connect
AV devices together.
• Uses CDC (Capability Discovery and Control) to control Ethernet channels
16. CDC (Capability Discovery and Control)
CDC is used to:
• Discover potential HDMI Ethernet channels
• Activate and deactivate channels
• Communicate status of channels
CDC messages are sent with the CEC “CDC Message” (0xF8) opcode
All CDC messages are sent to the CEC logical broadcast address (0xF)
CDC message format:
17. HEC (CDC) Messages
The following messages are used for Capability Discovery and Control:
• <CDC_HEC_InquireState>
• <CDC_HEC_ReportState>
• <CDC_HEC_SetState>
• <CDC_HEC_RequestDeactivation>
• <CDC_HEC_NotifyAlive>
• <CDC_HEC_Discover>
• <CDC_HEC_SetStateAdjacent>
19. HEC States
• PHEC (Potential HDMI Ethernet Channel) – part of a PHEC if at least one
HDMI connection is HEC capable
• VHEC (Verified HDMI Ethernet Channel) – part of a VHEC after CDC has
confirmed HEC capability of all devices in a PHEC via a
<CDC_HEC_Discover> message
• AHEC (Active HDMI Ethernet Channel) – part of an AHEC after activation of
all devices in a VHEC via a <CDC_HEC_SetState> message
20. Network loop prevention
• Routing loops such as shown
here are managed using RSTP
(Rapid Spanning Tree
Protocol)
21. Network loop prevention
• Routing loops such as shown
here are managed using RSTP
(Rapid Spanning Tree
Protocol)
• HEC2 is disabled to remove
the loop
22. Network loop prevention
• Routing loops such as shown
here are managed using RSTP
(Rapid Spanning Tree
Protocol)
• HEC2 is disabled to remove
the loop
• If HEC1 link is broken, HEC2 is
restored
23. Queue control
• Devices in a HEC network are expected to prioritise traffic. Time sensitive
application traffic should be forwarded with higher priority than activities
such as file downloads:
• On-line gaming
• Video
• VoIP
• This is achieved using a 3 bit priority field in VLAN tags
24. This is all very interesting, but…
• I’m never going to be pentesting a home AV network!
• HDMI connectors are appearing on new laptops and PCs – soon these
protocols will be implemented in all the major operating systems
• If I found a bug in an HDMI enabled TV, so what?
• Plasma/LCD TVs are becoming part of the corporate network infrastructure
• So how could HDMI protocols affect corporate users?
25. HEC Risk #1 – Corporate boundary breach
• Network-enabled projectors and TVs could
circumvent corporate security boundaries
• Will users be aware of the capabilities of
this technology within their own devices?
26. HEC Risk #2 – Endpoint Protection Circumvention
• HDMI could be used to connect
unauthorised network-enabled devices to
the corporate network
• Endpoint Protection systems (unless they
are HEC-aware) will be unable to detect
this
• Unauthorised devices could introduce
malware or exfiltrate sensitive data
27. HEC Risk #3 – Unauthorised Network Extension
• HDMI could be used to create
an unauthorised extension to
the corporate network
• This “private network” would not
be visible to corporate network
monitoring tool / NIDS devices
28. Testing HDMI Ethernet Channel
Have I tested any HEC-enabled devices?
no…
The only device I could find that supports HEC is the T+A Blu-ray receiver:
It costs £6000!
29. Another corporate HDMI security risk
Remember hardware-based key loggers?
Here’s an HDMI video logger - VideoGhost:
• http://www.keydemon.com/tiny_frame_grabber/
• “2GB storage”
• “7 year battery life”
This is potentially much more powerful than a key logger!
30. Conclusions
• As users demand more and more “seamless” functionality in a plug-and-
play world there will be a greater need for bi-directional data to be flowing in
A/V links between devices
• HDMI Ethernet Channel could have a major impact on corporate security,
but the technology is still very new and largely unsupported
• As well as checking for hardware key loggers you should now also be
checking for video loggers connected to your corporate workstations
• Before long every laptop will have an HDMI port and they will all support
CEC, CDC and HEC!