“BadUSB — On accessories that turn evil” at Black Hat, Las Vegas, Aug 6-7 2014

Karsten Nohl and Jakob Lell will be presenting BadUSB at BlackHat 2014 in August 2014 USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to …

Karsten Nohl and Jakob Lell will be presenting BadUSB at BlackHat 2014 in August 2014

USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe — until now.

This talk introduces a new form of malware that operates from controller chips inside USB devices. USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user.

We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.

We then dive into the USB stack and assess where protection from USB malware can and should be anchored.

A preview of features for Flightgear 3.2

Flightgear is constantly under development and as the feature freeze for the next 3.2 release approaches, it is becoming increasingly clear what the next version will have to offer to users:

Missions

The Flightgear world is becoming more interesting…

A mission subsystem is being added. This allows to define tasks to be completed by a player which then receives points. Visual guidance symbols can be used to indicate the location of the next task. The mission system combines with the Milestone 4 release of the walker,and thus more complex adventures can be built in which the player has to exit …
Read the rest… >>

Flightgear is constantly under development and as the feature freeze for the next 3.2 release approaches, it is becoming increasingly clear what the next version will have to offer to users:

Missions

The Flightgear world is becoming more interesting…

A mission subsystem is being added. This allows to define tasks to be completed by a player which then receives points. Visual guidance symbols can be used to indicate the location of the next task. The mission system combines with the Milestone 4 release of the walker,and thus more complex adventures can be built in which the player has to exit an aircraft and walk to a certain location.

The walker subsystem now allows for more complex animated motion and adds NPCs, characters with whom a player can interact. Also, check out the selection of cars and motorbikes to explore the Flightgear world!

Cloud shadows

Finally some shade!

Cloud shadows are notoriously difficult to render, but for Advanced Weather in combination with the Atmospheric Light Scattering rendering framework, there is now an experimental option to add them (at least close to the aircraft) to the experience.

Earthview

See the world from high up!

Introduced to provide better visuals for the spacecraft in Flightgear, Earthview is an alternative rendering engine intended for use at high altitudes. It renders Earth as a simple, textured sphere surrounded by a cloud sphere. The textures are provided by the NASA Visible Earth project. By default, a set of 2048×2048 textures is distributed, but Earthview is intended to allow easy access for users who want to install their own hires texture set. At full resolution of about 21000×21000 pixels per texture provided by NASA, it looks simply spectacular even from just 50 km altitude – see the Vostok capsule above entering the atmosphere.

Built-in http server

Access the property tree in a novel way!

Flightgear now includes the Mongoose web server as a httpd. This allows for interesting new application, for instance merging information from Flightgear and OpenStreetMap or Mapquest, leading to a new moving map application covering the whole world is available which tracks the airplane’s position.

Cloud drawing distance

See clouds out to the horizon!

Flightgear’s weather rendering so far has not been up to the task of showing a plausible view from high altitude. But this has now changed – a new framerate-friendly impostor technique is used to render clouds out to the horizon – wherever that may be (the system has been tested for 1000 km visibility from low Earth orbit).

Rendering improvements

Visuals keep getting better!

Lots of work has been done on the small details. New tree textures at higher resolutions make the forests actually look nice. Novel noise function are used to improve the visuals of snow on steep terrain slopes, to change tree height in discrete patches mimicking patterns of forest management, or to remove tiling artifacts from large-scale agriculture. Enjoy all the details the new version will have to offer.

And many improvements more!

Much work is done under the hood which is not obviously visible:

* The YASim flight dynamics engine is finally being developed further, with some long-standing bugs and limitations being addressed for the time being
* Ground interactions have been added to the JSBSim flight dynamics engine
* a new text-to-speech message is about to replace the old pre-recorded ATIS messages, adding a lot of flexibility
* an interface for allowing add-ons that use FSUIPC (an addon framework for Microsoft Flight Simulator) to talk to FlightGear
* osgEarth integration is still on the horizon

Stay tuned as we fly towards our next release!

“Mobile network attack evolution” at Positive Hack Days, Moscow, May 21-22 2014

Karsten Nohl will be presenting on Mobile network attack evolution at Positive Hack Days in Moscow, May 21-22 2014. Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from …

Karsten Nohl will be presenting on Mobile network attack evolution at Positive Hack Days in Moscow, May 21-22 2014.

Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from malware.

Many networks are still reluctant to implement appropriate protection measures in legacy systems. But even those who add mitigations often fail to fully capture attacks: They target symptoms instead of solving the core issue.

This talk discusses mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution.

“On our fear and apathy towards smartphone attacks” at Re:publica, Berlin, May 7 2014

Linus Neumann and Ben Schlabs will be presenting On our fear and apathy towards smartphone attacks at Re:publica on May 7th 2014. Smartphones are migrating from lifestyle object to the epicenter of communication on the individual and societal level. Equipped …

Linus Neumann and Ben Schlabs will be presenting On our fear and apathy towards smartphone attacks at Re:publica on May 7th 2014.

Smartphones are migrating from lifestyle object to the epicenter of communication on the individual and societal level. Equipped with cameras and microphones and constantly connected to communication networks, the phones are also becoming an attractive target for spies and data thieves. The fear among smartphone users grows without their knowing if and how they are actually being attacked.

This talk aims to take the fear factor out of the smartphone security discussion: We explain how phone attacks work and which ones you should be worried about, what you should demand from your network operator, and how you can protect yourself. To further drive mobile security evolution, we introduce a crowdsourced way to measure mobile network protection around the world.