Session
Hauptprogramm 35C3
Security

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor
Eliza
Mark Lechtik
Meet SiliVaccine – North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in the DPRK, and has been continuously in development by dedicated government teams for over fifteen years. When we heard of this strange software, we were immediately driven to investigate it: it's not every day that you can catch a glimpse of the malware landscape inside the closed garden of the DPRK's intranet. In this talk, we will describe how we were able to obtain a rare copy of SiliVaccine; how we reverse-engineered it, despite the hair-tearing obstacles; and what surprising discoveries we made about its program architecture – all the way down to the file scanning engine, the system level drivers, the user mode utilities, and the most bizarre and puzzling implementation details. As it turns out, there is plenty going on behind the scenes of this product, away from the public eye. How was SiliVaccine created? Who created it? What was the game plan? We will try to shed light on these questions, and on the sheer effort that must have gone into developing this product. If there is anything we learned from this research, it's that DPRK state-sponsored software is a secretive industry underlied by incredibly shady practices, and that if Kim Jong-Un sends you a free trial of his latest security solution, the correct answer is "thank you but no thank you". Disclaimer: No significant knowledge in reverse engineering is required to understand the talk. We break down our thought process and methodology to its very basics, so that this talk can relate to both technical and non-technical audiences. Another Disclaimer: We guarantee an entertaining talk. :)

Additional information

Type lecture
Language English

More sessions

12/27/18
Security
hanno
Borg
Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3.
12/27/18
Security
Frédéric Vachon
Clarke
UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. We will detail the full infection chain showing how Sednit was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated ...
12/27/18
Security
Borg
In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical ...
12/27/18
Security
Martin Vigo
Dijkstra
Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed.
12/27/18
Security
Adams
Die Venenerkennung ist eine der letzten Bastionen biometrischer Systeme, die sich bisher der Eroberung durch Hacker widersetzt hat. Dabei ist sie ein lohnendes Ziel, schützt sie doch Bankautomaten und Hochsicherheitsbereiche. In diesem Talk machen wir die Verteidigungsanlagen dem Erdboden gleich.
12/27/18
Security
Borg
We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right? But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …
12/27/18
Security
Martin Tschirsich
Adams
Plötzlich geht alles ganz schnell: Online-Behandlungen und elektronische Gesundheitsakten sind dieses Jahr für Millionen Krankenversicherte Wirklichkeit geworden. Zu einem hohen Preis: Bereits einfache Angriffe lassen das Sicherheitskonzept der Apps und Plattformen zusammenbrechen. Warum das so ist, welche kritischen Fehler Vivy & Co. gemacht haben und wie das möglicherweise verhindert werden kann, das soll dieser Vortrag zeigen - denn in spätestens drei Jahren sollen auch die ...