06-30, 13:00–14:00 (US/Eastern), Grand Salon
Physical security is the forgotten sibling of information security. This part usually is often offloaded to traditional security teams and especially to people that don't "get" what hacking is about.
However Physical Access Control Systems (PACS) bridge the wall between physical security and information security. These systems are more and more ubiquituous and more importantly they are becoming "smart" (aka always connected). Therefore they are becoming hackable.
This talk will feature a complete security audit of Idemia's Sigma Lite, a high-end PACS device that can be found in ministries, embassies or Fortune 500's companies and which controls user access, biometric identifiation and time attendance. It will cover attacks from the hardware, upgrade system and contactless protocol.
I will also detail how I approached vulnerability research in this project, since it was far from straightforward. This device's security scope suprisingly contains several really hard parts as well as some squishy ones, and I spent a lot of time banging my head against dead ends before finding the chunk in the armor. I will also spotlight the Chameleon Mini, an underrated tool which was pivotal converting a 0-day into an actual working RCE.
And of course it wouldn't be an offensive security talk without some critical vulnerabilities:
- CVE-2023-33217: Missing integrity check on upgrade package (score 7.5 HIGH)
- CVE-2023-33219: Stack Buffer Overflow when checking retrofit package (score 9.1CRITICAL)
- CVE-2023-33221: Heap Buffer Overflow when reading DESFire card (score 7.8 HIGH)
- CVE-2023-33222: Stack buffer overflow when reading DESFire card (score 9.1CRITICAL)
Sharing the same curse as Ian Beer, people thinks that Lucas GEORGES is not a real person. Or more precisely that a real person is behind this pseudonym. Honestly, what kind of parents would name their children after a world famous director ?
Well, my parents did that. To their defense I don't think they have seen any movie directed by my illustrious homonym.
Apart from that Lucas GEORGES is a veteran reverse engineer with 10 years of work under his belt. He used to be particularly competent on Windows security but as the world is trying to step away from Microsoft prying hands, Lucas tries to do it too.