informa
/
Risk
News

Black Hat USA 2013 Showcases NAND, Windows 8 Secure Boot Hacking Talks

Organizers confirm another trio of Briefings from the show
[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

As July's Black Hat US in Las Vegas nears, organizers have confirmed another trio of highlighted Briefings from the show, which all focus, in some way or other, on getting under the skin of key systems. Here's the official rundown:

Click here for more of Dark Reading's Black Hat articles.

-- Technologies don't get much more ubiquitous than NAND memory, which is used in just about every gadget going. But ubiquity rarely equals safety, as Josh "m0nk" Thomas will demonstrate in "Hiding @ Depth: Exploring, Subverting, and Breaking NAND Flash Memory." Thomas will show how NAND hardware can be subverted to hide persisting files, opening the door to everything from basic malwares to full-on device bricking. He'll release two open-source Android tools to both hide and reveal these hidden files, and explore the security implications of NAND's striking vulnerabilities. Think there's an easy fix? Unlikely. Come to the session for the full appraisal.

-- Windows 8's Secure Boot, based on UEFI 2.3.1's Secure Boot, marks a needed, long-in-coming step toward securing boot sequences against malware. But as ever, the devil is in the minute details, and it turns out that platform vendors are making certain mistakes that can completely undermine Secure Boot's intended protections. Join Intel's Yuriy Bulygin for "A Tale of One Software Bypass of Windows 8 Secure Boot," in which he'll demo a full software bypass of Windows 8 Secure Boot and explain how these breaches could HAve been avoided had the hardware vendors done things differently.

-- Cracking crypto is fun, but the high cost of relevant hardware can be a discouraging barrier to entry; not everyone can afford the fancy oscilloscopes used by researchers. But never fear. In "Power Analysis Attacks for Cheapskates," Colin Flynn will show you how to create surprisingly advanced crypto-cracking systems that cost a few hundred dollars instead of a few thousand and, as a bonus, can fit in your pocket. Flynn deploys open-source technologies, from the capture board to the Python tools, so attendees will walk away with all the knowledge needed to put together their own low-cost power analysis labs.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- and online registration, at a reduced rate from onsite, is open until July 24th.

Recommended Reading: