STEPHEN RIDLEY & STEPHEN LAWLER

Advanced Exploitation of Mobile/Embedded Devices:the ARM Microprocessor

We are currently entering into a "post-PC" exploitation environment where threats to mobile devices are becoming more of a reality. The mini computer in your pocket that is always internet connected, tracks your location, performs financial transactions, holds your address book, and is equipped with a microphone is emerging as a more valuable a target than the computer you leave on your desk after close of business. Go figure Shifts shifts towards these platforms for vulnerability research and the emergence of malware on mobile devices are all indicative of this.

Early last year (2011) the maintainers of http://www.DontStuffBeansUpYourNose.com debuted a talk entitled "Hardware Hacking for Software People" (see: http://bit.ly/pGAGlO). In that talk we covered a range of topics from hardware eavesdropping and bus tapping to simple integrated circuit interfacing and debugging. That talk concluded with demonstration of a real-world bug in a home cable modem. However, it did not dive into the gritty details of exploitation on embedded processors. Late last year (2011) we developed and privately delivered 5 day courses that taught Advanced software exploitation on ARM microprocessors (used in iPhones, appliances, iPads, Androids, Blackberries, et al.) We opened that course to the public for CanSecWest 2012 and Blackhat 2012 (see http://bit.ly/wKHKsG).

In this talk we will share the more interesting bits of the research that went into developing the Practical ARM Exploitation course such as reliably defeating XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux and Android (for embedded applications and mobile devices). We will also demonstrate these techniques and discuss how we were able to discover them using several ARM hardware development platforms that we custom built (see: http://bit.ly/zaKZYH ).

STEPHEN RIDLEY & STEPHEN LAWLER BIO

Stephen A. Ridley

Stephen A. Ridley is a security researcher with more than 10 years of experience in software development, software security, and reverse engineering. Before becoming an independent researcher, Mr. Ridley served as the Chief Information Security Officer of a financial services firm. Prior to that: Senior Researcher at Matasano, a Manhattan based security research and development firm. He also was Senior Security Architect at McAfee, and a founding member of the Security and Mission Assurance (SMA) group at a major U.S defense contractor where he did vulnerability research and reverse engineering in support of the U.S. Defense and Intelligence community.

Within that last few years, he has presented his research and spoken about reverse engineering and software security research on every continent except Antarctica (Industry conferences such as: BlackHat, ReCon,EuSecWest, CanSecWest, Syscan and others.) Mr. Ridley calls Manhattan home and frequently guest lectures at New York area universities such as NYU and Rensselaer Polytechnic Institute.

Stephen Lawler

Stephen Lawler is the Founder and President of a small computer software and security consulting firm. Mr. Lawler has been actively working in information security for over 7 years, primarily in reverse engineering, malware analysis, and exploit development. While working at Mandiant he was a principal malware analyst for high-profile computer intrusions affecting several Fortune 100 companies.

Prior to this, as a founding member of the Security and Mission Assurance (SMA) division of a major U.S. Defense contractor where he discovered numerous 0-day vulnerabilities in "Commercial-Off-The-Shelf" (or COTS) software and pioneered several exploitation techniques that have only been recently discovered and published publicly.

Prior to his work at a the major defense contractor, Stephen Lawler was the lead developer for the AWESIM sonar simulator as part of the US Navy SMMTT program.

He has spoken at (and given trainings) at BlackHat and other security conferences and is the technical editor of "Practical Malware Analysis" published by No Starch Press