Cristofaro Mune Relatore

Cristofaro Mune is a Co-Founder and Security Researcher at Raelize and he has been in the security field for 20+ years. He has 15+ years of experience with evaluating SW and HW security of secure products. His research on Fault Injection, TEEs, Secure Boot, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.
  • The Hidden Threat. Breaking into Connected Devices for Infrastructure Compromise Security for organizations and critical infrastructures usually rhymes well with IT security. In years, we have built tools, practices, polices to prevent, detect, mitigate and respond to attacks targeting endpoints like PCs, servers (and maybe mobile phones), critical networks as well as the network infrastructure they are connected with. On the other hand, network-connected devices, like printers, small routers, Wi-FI APs, and even badge readers or access control systems, are often much less considered in the scope of the typical security posture. Such devices are often regarded as "hardware" and only relevant from a functional point of view. In this talk we discuss how devices may pose severe threats to the security of organizations and, potentially, critical infrastructures. We will show how important it is to consider devices as relevant endpoints and apply proper security practices. We will give a live demonstration, on stage, of how a simple overlook in a security policy, may allow an attacker to penetrate a network, bypassing existing security measures. We will also demonstrate how a compromised device can become an entry point for mounting further attacks, allowing an attacker to extend control over other devices or to directly target the infrastructure. We will then discuss how it may be possible for a proximal attacker to leverage vulnerable implementations for exploiting the Wi-Fi SoC (System-on-Chip) present on the device. We will cover, by analyzing public vulnerabilities, how he could then compromise the Application SoC and gain full control the device. This would allow him to gain a foothold in the network where the device is located, without performing any IP traffic and leveraging a stealthy attack vector. Finally, we will analyze the scenario where a Wi-Fi SoC vulnerability may be used for a worm-like propagation across neighboring devices. This would allow an attacker to compromise all the Wi-Fi capable devices, without performing any IP traffic ever. This would also allow him to cross network security boundaries without being detected. We believe that should an attack like the ones described in our talk succeed, it may be potentially devastating in the context of sensitive organization and critical infrastructures. Reflections will be performed all along the talk, covering possible mitigations and improvements, both in technology and processes. We will point out how an the passive use of technology is likely insufficient, and an improved security posture is required in order to tackle these attacks, which are, nowadays, within reach of advanced attackers. We hope our thought-provoking talk will make the audience aware of the threats posed by connected devices in security critical infrastructures, as well to as start a reflection on the best practices to apply in order to minimize the related risks. - 15:15/16:00, 28 May 2022
  • Chiacchiere con i Relatori Utilizziamo quest'ultima parte di evento per fare qualche domanda ai relatori - 16:45/17:15, 28 May 2022
  • Acquisition in the billions. Breaking cryptographic keys with fast SCA Cryptography nowadays makes an integral part of our lives, protecting communications, sensitive data, personal information as well as many other aspects of our digital life. Even very simple devices come equipped with hardware engines for accelerating cryptographic operations. In many cases, encryption keys are protected in hardware, securing them from vulnerable software implementation and exploits, regardless of how clever they can be. On the other hand, side channel analysis (SCA) attacks remain perfectly applicable even against keys protected in hardware. In fact, they only relies on observable physical quantities to infer the value of the key being used. Critical components (e.g. smart card ICs, secure elements, secure SoCs) are often validated to be resistant to SCA attacks, with the time required for a successful attack being a critical variable for determining such resistance. - 16:45/17:30, 10 Jun 2023