HIDING @ DEPTH - EXPLORING, SUBVERTING AND BREAKING NAND FLASH MEMORY

Black Hat USA 2013

Presented by: Josh Thomas (m0nk)
Date: Wednesday July 31, 2013
Time: 17:00 - 18:00
Location: Augustus 1 & 2

In the world of digital storage, gone are the days of spinning platters and magnetic residue. These technologies have been replaced with electron trapping, small voltage monitoring and a lot of magic. These NAND devices are ubiquitous across our culture; from smart phones to laptops to USB memory sticks to GPS navigation devices. We carry many of these devices in our pockets daily without considering the security implications. The NAND-Xplore project is an attempt to explain how NAND Flash storage functions and to expose logical weaknesses in the hardware and implementation architectures. The project also showcases how the vulnerable underpinnings of NAND hardware can be subverted to hide and persist files on mobile devices. The project will release two open source POC tools for Android, one to inject and hide files on raw NAND based devices and another to find those files. The tools will showcase how advanced malware or other offensive tools could be using NAND to hide peristent files on your devices and how you would go about discovering them. The project also considers how typical forensic software interacts with NAND devices and how those tools can be subverted. Lastly, the talk will cover how remote NAND manipulation can brick devices beyond repair, from Smartphones to SCADA, and how this vulnerability cannot realistically be patched or fixed (Hint: your current tools probably don't work as well as you would like to believe).

Josh Thomas

Security researcher, mobile phone geek, mesh networking evangelist and general breaker of things electronic. Typical projects of interest span the hardware / software barrier and rarely have a UI. m0nk has spent the last year or two digging deep into Android and iOS internals, with a major focus on both the network stack implementation and the driver and below hardware interfaces. He uses IDA more frequently than Eclipse (and a soldering iron more than both). His life dreams are to ride a robot unicorn on a moonlit beach and make the world a better place, but mostly the unicorn thing... Josh is currently employed by the nice people @ Accuvant LABS and the very mean people @ MonkWorks, LLC.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats