Sneaky Element: Real World Attacks Against Secure Elements


In the infamous movie Sneakers, our heroes face shadowy underworld black hats, spooky government spies, and their pasts. They do this all to retrieve a little black box designed to break American cryptographic secrets in seconds. Sneakers is rooted in the stereotypical idea that the ultimate hack is devising a single key that can unlock any system in the world. But, what if we’ve been looking at this threat model upside down?

What if, instead, a company gave everyone a cryptographic black box, and that little black box was a key that opened up everyone’s network to abuse? What if the ultimate hack isn’t devising a single key that can open any lock… but manufacturing a lock that can be picked by anyone that understands gaps in deploying security-at-scale.

This talk will demonstrate a real world attack against a globally deployed Secure Element that allows any adversary to impersonate any device secured by the element, resulting in access to otherwise secured networks, and more.

The lecturer will not only give a live demonstration of the technology and the exploit, but will publish open source software that facilitates the attack (some of which he already published). The lecturer will also describe why the attack is successful, and common gaps in scaling secure elements for global deployments. Don will also describe how this attack was predicted by him and the GSMA team during the development of the IoT Security Guidelines, released in 2016.

This attack was submitted to the affected global corporation in the spring of 2017, and is in the last stages of mitigation.

Location: Track 1 Date: April 12, 2018 Time: 10:45 am - 11:45 am Don Bailey