TLS decryption attacks and back-doors to secure systems – Chris Hanlon
Abstract
In this presentation, we show the audience how to use well documented protocol weaknesses to generate fraudulent domain security certificates, decrypt “secure https” web traffic, and decrypt TLS encrypted emails. Then we show the audience how to use these weaknesses as backdoors to break into Cisco Meraki firewalls, Google Nest security cameras, physical building locks, Dropbox accounts, Onedrive accounts, Outlook.com accounts, Skype message histories, Amazon AWS Virtual Machines, Oracle Cloud virtual machines, LogMeIN remote access accounts, Online Medical Records, online backups, windows bit-locker encrypted hard drives, apple file-vault encrypted hard drives drives, and many other systems. Later in the presentation the end of the presentation: we cite related research showing multiple government agencies successfully using these TLS interception attacks against citizens, businesses, other governments, … then provide simple solutions to prevent this type of attack.
Bio
Chris Hanlon is the founder of Agile Data Security a company dedicated to helping businesses secure their software development life-cycle, protect their technology assets (computers, routers, servers, databases and cloud systems) and reduce their vulnerability to social engineering attacks. During his “free time”, Chris finds/reports security vulnerabilities, hosts hack-a-thons, uses real world exploits to help developers understand security vulnerabilities, lectures at colleges, presents at conferences, organizes security conferences, and volunteers on the presentation review board for a BSides Conference. Based on multiple vulnerability submissions, Chris was added to the Google Security Hall Of Fame in 2014. Chris has also been recognized for security vulnerabilities reported to the University of British Columbia and a Linux Kernel File System Module.