A talk titled "Windows 10: The Kernel is Calling" demonstrated that Microsoft’s new baby, Windows 10, was shipping with a driver model that allowed attackers to disable anti-malware software if they could get ring-0 access. It was a sobering reminder that even a brand new OS carries the ghost of legacy code.
The duo demonstrated that via a vulnerable Uconnect entertainment system, they could send commands through the Sprint cellular network to the vehicle’s CAN bus (Controller Area Network). From a laptop in a basement, miles away from the driver, they could:
This was not a "trick." It was a full remote takeover of physical machinery. blackhat.2015
If you are reviewing the archives for Black Hat 2015, these were the presentations that had the most impact:
The fallout from BlackHat.2015 was immediate and unprecedented. Fiat Chrysler issued a recall of 1.4 million vehicles, sending USB sticks to owners to patch the software. More importantly, the stunt led to the creation of the automotive industry’s first coordinated disclosure process. A talk titled "Windows 10: The Kernel is
For the audience watching in 2015, the message was terrifyingly clear: The "Internet of Things" was not a convenience feature; it was a blast radius.
A researcher known as "Birdman" dissected the Dropcam Pro. He found that the device’s "secure" firmware updates were signed with a 512-bit RSA key that was easily factorable. He extracted the private key and demonstrated how to push custom firmware to any Dropcam on the planet. This was not a "trick
Several talks targeted the encryption that held the web together. With the discovery of Logjam and the continued exploitation of FREAK (Factoring Attack on RSA-EXPORT Keys), researchers showed that a nation-state could downgrade a "secure" HTTPS connection to 512-bit export-grade crypto in minutes.
For the attendees of blackhat.2015, the message was clear: Encryption is only as strong as the oldest protocol you support.