Security Leftovers

posted by Roy Schestowitz on Dec 29, 2024

• Confidentiality

  • CCC ☛ Breaking NATO Radio Encryption

    HALFLOOP, which is standardized in US standard [MIL-STD-188-14D](https://quicksearch.dla.mil/qsDocDetails.aspx?ident_number=67563) since 2017, is essentially a downscaled version of the Advanced Encryption Standard (AES), which effectively is the most used encryption algorithm today. While this downscaling led to many strong components in HALFLOOP, a fatal flaw in the handling of the so-called tweak enables devastating attacks. In a nutshell, by applying a technique known as differential cryptanalysis, an attacker can skip large parts of the encryption process. In turn, this makes it possible to extract the used secret key and hence enables an attacker to break the confidentiality of the ALE handshake messages and also makes an efficient denial-of-service attack possible.

    These attacks are described in the two research papers, [Breaking HALFLOOP-24](https://doi.org/10.46586/tosc.v2022.i3.217-238) and [Destroying HALFLOOP-24](https://doi.org/10.46586/tosc.v2023.i4.58-82). They were initiated by the presentation of the [Cryptanalysis of the SoDark Cipher](https://doi.org/10.46586/tosc.v2021.i3.36-53), the predecessor of HALFLOOP.

  • CCC ☛ Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network

    This talk is designed to give an overview of Tor's 'new and not-so-new' network health initiatives in response to some of the pressing questions that emerged from the recent reporting about Tor in Germany. After a brief introduction to "Tor," we will primarily focus on issues relating to the Tor network and its community, underscoring the critical importance of distributed trust, transparency, and engagement in maintaining a robust and healthy ecosystem.

    We will provide a short overview of the fundamental components of the Tor network, detailing the different types of relays that constitute its infrastructure and the role these can have through their lifetime. We will emphasize that the network operates independently of the Tor Project, sustained by a decentralized, global community of contributors. By analyzing network metrics—such as relay distribution across countries and Autonomous Systems (AS)—we will highlight the current state of the network and identify opportunities for increasing geographic and technical diversity.

    This is followed by an introduction to the concept of network health. We will define the term, assess the current condition of the Tor network, and showcase the different modes of participation. We will primarily consider this through the lens of an 'alleged' over-reliance on relay concentration in specific regions, such as Europe and the United States. These insights will inform a discussion on how a more geographically distributed network could improve resilience, enhance security, and increase overall functionality.

• Integrity/Availability/Authenticity

  • Noë Flatreaud ☛ Spoofing GPS coordinates using HackRF One

    For quite some time now, I have tried my best to show and explain how fantastic RF is and how dangerous it can be. Especially when it comes to exploiting it…

    Also, from navigation systems to time synchronization, our reliance on GPS makes it a prime target for bad actors and pirates (I mean… literally).

    In this post, I’d like to show you how GPS and GNSS works and how to hijack it using a cheap devices like HackRF One

• Windows TCO

  • The Register UK ☛ How LockBit and ALPHV’s takedowns fueled RansomHub’s rise

    The group, a suspected Knight rebrand, first appeared in February and quickly picked up out-of-work affiliates from Lockbit following that crew's law enforcement takedown around the same time. RansomHub also eagerly filled the void left by ALPHV/BlackCat after that group's widely reported exit scam in March – bragging about recruiting affiliates from both defunct groups via TOX and cyber crime forums.

  • CCC ☛ Windows BitLocker: Screwed without a Screwdriver (Relive)

    Ever wondered how Cellebrite and law enforcement gain access to encrypted devices without knowing the password? In this talk, we’ll demonstrate how to bypass BitLocker encryption on a fully up-to-date Windows 11 system using Secure Boot. We’ll leverage a little-known software vulnerability that Microsoft has been unable to patch since 2022: bitpixie (CVE-2023-21563).

    We'll live-demo the exploit, and will walk through the entire process—from the prerequisites and inner workings of the exploit to why Microsoft has struggled to address this flaw. We'll also discuss how to protect yourself from this and similar vulnerabilities.

    BitLocker is Microsoft’s implementation of full-volume encryption. It offers several modes of operation, but the most widely used is Secure Boot-based encryption.