Origin of hacking

It's the creative use of the computer system and softwares.
Do not use computer systems/software are what they are intended for.

White hat, grey hat and black hat

• Incentive for people to hack computer system to gain monetary or important information
• When theres attackers then theres defenders, who is being hired to test for potential problems

Computer Security Problem

• There is a lot of buggy softwares
• Social Engineering is very effective
  • Phishing websites
  • Trick the verification code from the user

Vulnerable application being exploited

Case Study

Problem 1

Zoom launching the client from the web browser from a url

The web browser sends a http request to a local web server hosted by local zoom client listens on a local port
This process does not require a dialog to happen.

Implication

Any malicious websites can send the request to the local web server to join the meeting without the user's knowledge

• They are able to access the meeting details
• Web cam
• Audio
• Remote control

Problem 2

Zoom disable MacOS hardened runtime which is to defend against code injection, library hijacking and process memory space tampering
Once user gives Zoom access to camera and mic, MacOS ensures that entire application code does not change

Zoom disables library validation, it can be attacked as follows

• User grants the app access to the camera and mic
• attackers installs malware library that proxies a dynamic library like libssl, which previously being granted access to camera and mic
• The hardened run time disable-library-validation:true does not notify user of change to the libssl

Ken Thompson's clever Trojan

What can we trust?

Can we trust the login program of Linux distribution

• The login program may have backdoor to record the password

Solution

Recompile the login program from the source code

Can we trust the source code?

No

Solution

We can inspect the code and recompile

Can we trust compiler

No

compile(s){
	if(match(s,'login-program')){
		compile('login-backdorr');
		return
	}
	/* regular compilation*/
}

This code compiles a login program with a backdoor does not matter what the source code is

Solution

inspect compiler source code and then recompile the compiler
but what if the compiler binary have backdoor

compile(s){
	if(match(s,'login-program')){
		compile('login-backdorr');
		return
	}
	if(match(s,'compiler-program')){
		compile('compiler-backdorr');
		return
	}
	/* regular compilation*/
}

This still gives a corrupted compiler

what can we trust again

Order a laptop, what can go wrong?

• Applications install
• OS
  • reinstall
  • but can you trust the OS to reinstall the OS
• Boot drive
  • pre-boot bios code
• motherboard Operation ShadowHammer

Trusted Computing Base (TCB)

Assume some minimal part of the system is not compromised and slowly build a secure environment on top of that

2. Network Models
3. Mac Address and ARP Protocol