Black Hat Conference 2009 Findings: What Can the Network Security Industry

Expect in 2010?

Chris Rodriguez

Research Analyst, Network Security

September 15, 2009

2

Focus Points

• About Vulnerability Research

• Overview of the Black Hat Conference

• Major Highlights of the Conference

• Expected Trends

• Key Conclusions

3

About Vulnerability Research

• Vulnerability research is the foundation for numerous network

security solutions such as IPS devices and endpoint protection software.

• Vulnerability research is the frontline of defense from malicious

code writers and cyber attackers.

4

Overview of the Black Hat Conference

• The Black Hat Conference is the largest, and best known securityconference series in the world.

• This conference is designed to serve the information security community by “delivering timely, actionable security information in a friendly, vendor-neutral environment.”

5

Overview of the Black Hat Conference (cont.)

• Historic Black Hat Conference events:

- Dan Kaminsky’s DNS cache poisoning vulnerability

- Cisco IOS flaw that resulted in a lawsuit

- Using virtualization to create undetectable malware

- Weaknesses in network security technology, i.e. NAC

- Vertical-specific exploits, (GSM, ATMs, public transportation)

2000 2005 2006 2007 2008 20092000 2005 2006 2007 2008 2009

Blue Pill, the

undetectable

rootkit

Kaminsky’s

DNS attacks

Cisco

sues

Black Hat

called “a series

of rock throwing

incidents”

NAC

bashed

6

Major Highlights of the 2009 Black Hat Conference

• MMS and SMS flaws (mobile phone hijack via text message)

• iPhone code execution/denial-of-service MMS attack

• Advanced Mac OS X rootkits

• Factory-installed BIOS rootkits

• Apple keyboard rootkit

• SSL encryption protocol flaws

• SSL spoofing

• Fake ATM/card skimmer

• Conficker discussion sanitization

7

MMS and SMS Flaws

• MMS and SMS data use has grown at a high rate over the years,

and is forecasted to continue to grow significantly.

• 900 billion SMS messages sent/received in 2008 (an increase of

132% from 2007)

8

MMS and SMS Flaws (cont.)

• Luis Miras and Zane Lackey, of iSec Partners,

presented a vulnerability in the way mobile phones handle SMS messages.

• This flaw enables an attacker to hijack

smartphones, with varying degrees of control.

• An app called There’s an Attack For That

(TAFT) is a suite of hacking tools for jailbroken

iPhones.

• A related presentation demonstrated an attack

that uses a corrupt MMS message to kill

iPhones.

9

Rootkits

• A rootkit is software designed to secretly control a computer.

• A rootkit uses advanced techniques to take full control of a

system, obscure itself, and survive most attempts to remove it.

• Rootkits are very dangerous, and are often used by hackers to make malware more effective and nefarious.

• Researchers at CoreSecurity announced that they discovered

factory installed software that behaved as a rootkit.

• Absolute Software’s CompuTrace LoJack for Laptops is designed

to protect and help locate stolen laptops.

• While not inherently malicious, the researchers claim that it’s not very secure - leaving the possibility for devastating attacks.

10

Rootkits (cont.)

• Security researcher Dino Dai Zovi demonstrated how to load an

advanced rootkit on Mac OS X machines.

• This is a severe issue with Mac OS X, which has been struggling

for market share against Windows.

• An Apple keyboard was also discovered to be susceptible to a

rootkit attack through its firmware update system.

11

SSL Encryption Issues

• SSL is a trusted, secure protocol for encryption and

authentication.

• Dan Kaminsky presented on problems with X.509 certificates,

which are used for SSL encryption and authentication.

• X.509 certificates use an outdated and weak cryptographic hash

function, MD2.

• VeriSign, the leading provider of digital certificates, downplayed

this announcement, saying that they no longer use MD2.

• Regardless, businesses have invested millions of dollars in

X.509, and yet it suffers both from technical and structural issues.

12

SSL Encryption Issues (cont.)

• In a similar presentation, security researcher Moxie Marlinspike

showed how an attacker could spoof SSL certificates.

• Marlinspike was able to trick a Web browser into accepting code,

which can give an attacker a number of attacks to perpetrate.

13

Fake ATM/Card Skimmer

• A card skimmer was installed on an ATM near

the hotel that the Black Hat Conference attendees were using.

• Chris Paget, an security expert for Google, was

attending the conference when he discovered

the device and reported it to authorities.

• This follows the recent report of a complete,

working, fake ATM that was placed at the

DefCon convention.

• Coincidentally, a presentation about this

banking technology was pulled in order to give

the affected vendors time to resolve the issue.

14

Conficker Discussion

• Conficker is a computer worm that infected up to 10 million

machines.

• The botnet had an activation date of April 1, 2009, but nothing

happened after all.

• The security community is still trying to track down the

perpetrators.

• Conficker uses numerous advanced malware techniques to avoid

detection and deletion.

• A presentation about the Conficker worm was censored to avoid

tipping off the malware’s authors.

15

Expected Trends

• What are customer and vendor plans for SSL communications?

• What this SSL vulnerability means for browser developers.

• Attackers continue to become increasingly nefarious, while their

tools grow in sophistication and complexity.

• Is criticism of factory installed grayware warranted?

• Mobile phones are the next major platform to be targeted for

attacks.

• How will cell phone manufacturers react to these security

threats?

• Who’s responsibility is it to secure third-party apps?

• The security industry is becoming more responsible and

cooperative in its efforts of defeating hackers.

16

Major Industry Participants

17

Key Conclusions

• The demand for original vulnerability research will only grow as

the race to defeat hackers intensifies.

• Key Internet infrastructure still has high risk vulnerabilities that

have not been fixed yet.

• As mobile devices become more connected and powerful, these

devices will become primary targets of hackers.

• Mobile phone developers generally have less experience with QA

and security testing, which may leave this attack vector exposed.

• With mobile devices, third-party applications are unregulated,

which introduces a critical attack vector.

• Responsible reporting and cooperation indicates an immense

potential for success against cyber threats.

18

Next Steps

� Request a proposal for a Growth Partnership Service to support you and your team to accelerate the growth of your company. (myfrost@frost.com)1-877-GoFrost (1-877-463-7678)

� Register for the next Chairman’s Series on Growth:

The Growth Excellence Model: Competitive Benchmarking & Growth

Investing (October 6th) (http://www.frost.com/growth)

� Register for Frost & Sullivan’s Growth Opportunity Newsletters and keep abreast of innovative growth opportunities.(www.frost.com/news)

19

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by taking our survey.

What would you like to see from Frost & Sullivan?

20

For Additional Information

Jake Wengroff

Global Director

Corporate Communications

(210) 247-3806

jake.wengroff@frost.com

Craig Hays

Sales Manager

Information & Communication Technologies

(210) 247-2460

chays@frost.com

Robert Ayoub

Industry Manager

Network Security

(210) 247-3808

robert.ayoub@frost.com