Explore the vulnerabilities of Inter-Process Communication (IPC) in this conference talk from Hack.lu 2018. Delve into the concept of Man-in-the-Machine (MitM) attacks and examine various IPC mechanisms, including network sockets on localhost and Windows named pipes. Investigate potential security risks in standalone password managers, analyzing specific cases like RoboForm and 1Password. Learn about client and server impersonation techniques, as well as Man-in-the-Middle attacks on Password Boss. Discover the security implications for FIDO U2F keys and unauthorized access. Gain insights into mitigation strategies to address these vulnerabilities and enhance IPC security.
Overview
Syllabus
Intro
Traditional network threat model
Our focus: Inter-process communication (IPC)
Man-in-the-Machine (Mit Ma)
What makes IPC vulnerable
Network socket on localhost
Network socket: Client impersonation
Network socket: Server impersonation
Network socket Man-in-the-middle
Windows named pipe: Access control
Windows named pipe: Client impersonation
Windows named pipe: Server impersonation
Windows named pipe: Man-in-the-Middle
USB HID devices
Standalone password managers
Client impersonation on RoboForm
1Password - Key derivation protocol
Server impersonation on 1Password
Password managers with Native messaging
Man-in-the-Middle on Password Boss (2)
FIDO U2F security key
Unauthorized access of FIDO U2F key
Mitigation
Conclusion
Taught by
Cooper
