The Lab SRLabs is a Berlin-based hacking research collective and consulting think tank. We are driving security evolution, combining insights from research, industry, and the hacker community. Our consulting work contributes to strategic technology projects at Fortune500 companies where we …
The Lab
SRLabs is a Berlin-based hacking research collective and consulting think tank. We are driving security evolution, combining insights from research, industry, and the hacker community. Our consulting work contributes to strategic technology projects at Fortune500 companies where we help in understanding and mitigating risks.
Our research focuses on everyday technology that expose many people to risk, most recently mobilecommunication and payment systems. Our goal is to fix issues before consumers are put at risk; or publicly discuss flaws in systems where this did not happen. Our lab is an open collective of like-minded thinkers. The young team is looking to grow in the following capacities.
Lead security strategy projects at Fortune500 clients
Work in client teams in Germany and with the SRLabs Research team in Berlin
Coordinate the compilation of main project deliverables and presentations
Build up leading security expertise, lecture at conferences
Key skills
You enjoy analytical problems and strategy decisions and have solid problem solving skills
Your technical affinity is strong
You bring integrative skills and expertise as a project manager
You have a security/privacy mindset, interest in security research results
You have strong experience in high impact and top management consulting
You communicate fluently in English and one other major language
You enjoy a dynamic and flexible work environment to which you want to contribute leadership
Your Application
We are looking forward to receiving your application — consisting of your CV and cover letter and including your preferred start date — at: recruiting@srlabs.de
We must be able to trust payment systems: Payment terminals have conquered nearly every retail outlet and payment cards are as pervasive as cash. Major parts of this critical payment infrastructure, however, rely on proprietary protocols from the 90’s with …
We must be able to trust payment systems: Payment terminals have conquered nearly every retail outlet and payment cards are as pervasive as cash.
Major parts of this critical payment infrastructure, however, rely on proprietary protocols from the 90’s with large security deficiencies. Payment terminals and the payment processors they connect to are once again the culprit.
Stealing customer credentials. Fraudsters can gain access to large numbers of card details and matching PIN numbers over computer networks.
The main communication protocol between payment terminals and cash registers, ZVT in Germany, allows a fraudster to simply read payment cards – including credit and debit/EC cards – from the local network.
Worse yet, the protocol provides a mechanism for reading PIN numbers remotely. This mechanism is protected by a cryptographic signature (MAC). The symmetric signature key, however, is sometimes stored in Hardware Security Modules (HSMs), of which some are vulnerable to a simple timing attack, which discloses valid signatures. A signature extracted from one such HSM can be used to attack other, more secure models since the signature key is the same across many terminals, violating a base principle of security design.
Merchant account compromise. Fraudsters can also transfer money from merchant accounts, anonymously over the Internet.
Payment terminals communicate with a payment processor (who in turn talks to the banks) over the Internet using the ISO 8583 standard. One ISO 8583 dialect popular in Germany and other countries, Poseidon, is implemented with a major authentication flaw:
A terminal uses a secret key to execute a cryptographic authentication protocol. So far, so good. A large number of terminals – repeating the mistake made in ZVT – contain the exact same authentication key. Therefore, after changing a single number (Terminal ID) in any one terminal, that terminal provides access to the merchant account that Terminal ID belongs to. To make matters worse, Terminal IDs are printed on every payment receipt, allowing for simple fraud.
Fraudsters can, among other things, refund money, or print SIM card top-up vouchers – all at the cost of the victim merchant.
Defense need. In the short term, abusable functionality such as refunds and SIM top-ups should be deactivated wherever possible. To introduce widely acknowledged security principles into our critical payment infrastructure, more drastic system updates are necessary:
The two main payment protocols in Germany, ZVT and Poseidon, are both insecure for the same reason: They share secret keys among a large number of devices. Deploying an individual key to each terminal is paramount to make payment systems more fraud-resistant.
USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.
This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.
Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.
BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:
A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
Defenses?
No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. Behavioral detection is difficult since behavior of an infected device may look as though a user has simply plugged in a new device. Blocking or allowing specific USB device classes and device IDs is possible, however generic lists can easily be bypassed. Pre-boot attacks may be prevented by use of a BIOS password and booting only to the hard drive.
To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.
Once infected, computers and their USB peripherals can never be trusted again.
Proof-of-Concept. We are not yet releasing the modified USB controller firmwares. Instead we are providing a proof-of-concept for Android devices that you can use to test your defenses: BadAndroid-v0.2
Questions? – usb [you know what to put here] srlabs.de
Fingerprints are not fit for secure device unlocking
Fingerprint sensors have sought to replace password- and PIN-based authentication for years. The sensors are widely found in laptops, sometimes in payment terminals, and recently in severalsmartphones. The latest entrance to the field is Apple’s iPhone 5s. The sensors continue to fail their marketing claim of secure device unlocking.
Security level.
Using fingerprints as credentials for local user authentication has two shortcomings when compared to passwords:
A. Limited revocation. Once a fingerprint gets stolen, there is no way to change it. To offset this high compromise penalty, fingerprints would need to be very hard to steal. However:
B. Credential spread. Users leave copies of their fingerprints everywhere; including on the devices they protect. Fingerprints are not fit for secure local user authentication as long as spoofs (“fake fingers”) can be produced from these pervasive copies.
Other current devices with touch and swipe sensors are equally duped by spoofs. This video shows how an iPhone 4s-taken photo results in a fingerprint-spoof that unlocks a Thinkpad laptop, a Fujitsu smartphone, and an iPhone 5s:
ID theft risk.
The iPhone 5s’s fingerprint sensor does not only appear to provide no additional protection, its use even undermines other security mechanisms. This video demonstrates how other flaws in iOS and iCloud are exposed that – when combined with Touch ID’s vulnerability to fingerprint spoofing – allow for online identity theft:
Remote authentication.
Fingerprint sensors still have a strong protection proposition: To provide a second (and third) authentication factor in remotely-executed transactions, such as authorizing money transfers. Modern fingerprint sensors can compare templates and scans on-chip – that is: protected from malware on the device – and conduct a strong cryptographic authentication to a web service. Industry seems to be determined to standardize such transactions.
An attacker would need to get access to three credentials: the banking password, the fingerprint sensor that stores an authentication certificate, and a spoof of the fingerprint that activates this certificate. For the most common miscreant, remote attackers, the latter two should be out of reach.
Evolution path.
Defeating local attackers is still of value even when the fingerprint only provides an additional authentication factor.
The iPhone 5s already moved slightly beyond the capabilities of earlier touch sensors: It provides a higher resolution image and – as far as initial experiments can tell – uses this higher resolution to match based on finer structures:
Low resolution fingerprint image, sufficient to create spoofs for older sensors
High resolution fingerprint image with clear features along the ridges, which newer sensors detect
Even these finer structures can be spoofed, for example based on an equally high resolution smartphone camera image, showing that some defense strategies only improve at the pace of the corresponding attack technique.
Fingerprint spoof prevention would better be based on intrinsic errors in the spoof-creation process or on fingerprint features not present in latent prints (and become much harder to steal). Examples of such spoof-detection features are air bubbles contained in the glue often used for spoofs (white dots in left image) and minute details that are visible through a fingerprint sensor but not in a latent print (black dots in right image).
Sensor read of spoof finger with white air bubbles, but fewer minute details
Sensor read of real finger with minute details but no air bubbles
Even by just comparing the density of white vs. black dots, sensors would challenge hackers to improve their spoofing techniques. The iPhone 5s, on the other hand, was defeated by techniques widely published years ago.
The measurements taken at the OHM workshops confirmed that more than a quarter of European SIM cards still disclose signed error messages, of which about half can be cracked due to their use of DES. Each crack takes about two minutes with a complete set of rainbow tables on a standard computer. (At OHM, cards were tested with an incomplete set resulting in a discount in the number of actually cracked cards.)
Network operators are encouraged to upgrade their cards to AES (or 3DES) or disable the OTA functionality of vulnerable cards before criminals are able to infect SIM cards with viruses.
