DeepSec2016 Talk: Abusing LUKS to Hack the System – Interview with Ismael Ripoll & Hector Marco
Please tell us the top facts about your talk.
- It discloses a vulnerability that affects Linux systems encrypted with Luks, and how it can be abused to escalate privileges: CVE-2016-4484
- Includes a sketch of the boot sequence with a deeper insight into the initrd Linux process
- A brief discussion about why complexity is the enemy of security: The whole system needs to be observed.
- A practical real working demo attack will be presented.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Well, this is a difficult question. Basically, it is an attitude in front of the computer. When we start a research line, we don’t stop digging until the ultimate doubt and question is addressed. After the GRUB 28 bug, we keep reviewing the rest of the Linux boot sequence.
Why do you think this is an important topic?
Although we will present how to abuse the system thought a cryptography service, the root of the problem is the “complexity”: The idea of complexity is not limited to difficult mathematical algorithms or advanced data structures, but also the combination of subsystems increases the overall complexity. The vulnerability that will be presented is a good example of how the addition of new features (in this case, security features) may weaken the system by creating new faults.
Is there something you want everybody to know – some good advice for our readers maybe?
Our talk will show that it is not necessary to use complex exploits or advanced USB hacking devices to hack the system. Knowledge is the only necessary tool. Do you remember the GRUB 28 bug? This time it is a little bit more complex but the result is… surprising.
A prediction for the future – What, do you think, will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?
Thanks to the advances in mitigation techniques (ASLR, NX, SSP, CFI,etc..) and better software engineering methods, the number of exploitable faults may be reduced (as far as the programmers for the IoT do apply those technologies). A more dangerous type of vulnerabilities are those caused by the interaction of two or more systems which work correct when used separately.
On the other hand, cryptography will always be a hot topic. As far as crypto algorithms become outdated by the advances in computer power and crypto analyses, crypto suites must be updated. And new code means new bugs.
Ismael Ripoll received his PhD in computer science from the Universitat Politecnica de Valencia in 1996, where he is professor of several cybersecurity subjects in the Department of Computing Engineering. Before working on security he participated in multiple research projects related to hypervisor solutions for European spacecrafts; dynamic memory allocation algorithms; Real-Time Linux; and hard real-time scheduling theory. Currently, he is applying all this background to the security field. His current research interests include memory error defense/attacks techniques (SSP and ASLR) and software diversification. Ismael Ripoll is a Cybersecurity researcher at UPV Cybersecurity group.
Hector Marco-Gisbert has received his Ph.D. degree in computer science, CyberSecurity in 2015. Initially, he participated in several research projects where the main goal was to develop a hypervisor for the next generation of space crafts for the ESA (European Space Agency). He contributed to extend his scope of projects and to include security aspects using the MILS (Multiple Independent Levels of Security/Safety) architecture. Currently, Hector Marco is a lecturer in Cyber Security and Virtualisation at the University of the West of Scotland. His research aims to identify and thwart critical security threats focusing on servers and smartphone platforms. His interests includes the study and design of new low level attacks and protection mechanisms. He revisited mature and well known techniques like SSP (Stack Smashing Protection) and ASLR (Address Space Layout Randomization), and was able to make substantial contributions e.g. in the form of RenewSSP and ASLR-NG. Hector received awards and recognitions from Google and Packet Storm Security for his security contributions to the Linux kernel.