Session
Fahrplan rc3
CWTV

Very Pwnable Network (VPN)

Chaos-West TV
Virtual Pwn Networks (VPNs) add a network layer that should provide privacy and security. The privacy of VPNs clearly depends on their endpoint, thus, many companies run their own instances. We demonstrate that VPNs can be insecure nonetheless, as the users connecting to a company's VPN typically requires proprietary client software on their systems. These proprietary clients lack security, as we show based on the Cisco AnyConnect client for Linux and iOS.
This research starts with a weird series of crashes on Jiska's iPhone. Due to her ongoing paranoia, she decided to use a VPN, and because she had to trust her university's network anyway, she decided to use her university's Cisco VPN service. Obviously, this did not go well, and soon she had crash logs with memory accesses to invalid addresses, because these addresses were representing Strings?! These errors only occurred when she had bad network connectivity and no debugging enabled, so nobody was able to reproduce them. Either way, to start analyzing Cisco AnyConnect security, the more accessible Linux client was the first option. Gerbert did a detailed analysis and documented how this client works, since there was no documentation at all and users basically install a black box on their system. The application is by no means just a VPN client anymore. In addition to VPN connections, the application offers a number of special features like auto updating, file deployment and host assessment. The AnyConnect Linux client is even able to execute arbitrary scripts provided by the server, thus, the user needs to ultimately trust the AnyConnect provider. Even if this trust assumption holds true, the client is so complex that various attack vectors become possible. Gerbert found two vulnerabilities resulting in three attack scenarios. One of the issues was fixed without being assigned a CVE, the other one got CVE-2020-3556. Matthias continued with the iOS client, which is even harder to analyze than the closed-source Linux client. Since many Linux features are not available on iOS and the client has a completely different design, the previously found attacks do not apply. However, he will show the general architecture of this iOS Cisco AnyConnect Network Extension.

Additional information

Type Talk
Language English

More sessions

12/27/20
CWTV
Lars Roemheld
Chaos-West TV
Die Corona-Warn-App (CWA) verkörpert ein Novum von (einigermaßen) agilem staatlichen Handeln im Bereich Software. Wie kam es dazu? Dieser Vortrag erzählt die Geschichte der Entstehung aus einer Innenperspektive.
12/27/20
CWTV
DysphoricUnicorn
Chaos-West TV
A quick dive into best practices including but not limited to semantic HTML and aria attributes and how they can make your website usable by a wider audience with relatively low effort.
12/27/20
CWTV
Hendrik Heuer
Chaos-West TV
This talk explains why audits are a useful method to ensure that machine learning systems operate in the interest of the public. Scripts to perform such audits are released and explained to empower civic hackers.
12/27/20
CWTV
Jolly
Chaos-West TV
Was war das C-Netz? Was ist eine C-Netz-Basisstation? Was ist die Funkvermittlungsstelle? Wie bringt man damit die Basisstation wieder zum Laufen?
12/27/20
CWTV
betalars
Chaos-West TV
Gute Autismusrepresentation in Medien ist wichtig, aber auch schwer. In diesem Vortrag möchten wir uns angucken, wie autistische Menschen in Medien dargestellt werden und, was wir selbst an schlechten Beispielen über Empathie lernen können.
12/27/20
CWTV
Chaos-West TV
Noch nie war gemeinsammes Waffeln backen und verzehren so kompliziert wie dieses Jahr. Doch davon lässt sich das Chaos nicht aufhalten. Überall haben Hacksen, Hacker und alle Wesen des Chaos sich versammelt um unter dem Motto “Waffeln everywhere” gemeinsam eine wohlschmeckende remote Waffel Erfahrung zu haben.
12/28/20
CWTV
pathfinder
Chaos-West TV
An exploration of the available data discovered worldwide by probing MQTT endpoints. MQTT is a popular IoT protocol which, due to configuration, oversight or error (or all three), can be found open globally with at times highly personal data published for all to see. This talk encompasses the speaker's journey through developing a framework of parsing and exploring large datasets and building data collection and monitoring automation, showcasing the sheer lack of attention given to protection of ...