Hardware Backdooring X11 with much class and no privileges

No ratings

Presented at Hacker2HackerCon 2014 by

Matias Katz

X11 is much more powerful than we think. In this talk I will show how to generate a backdoor for any Linux or BSD machine that runs X11, X-Window or Xorg, by using only syscalls to X, no binaries, or Opcodes, or privileges to be executed, which can be invoked by hardware interruptions or an open port on the victim computer. What's under the hood: This attack takes advantage of a feature included in the "dbus" IPC software (http://en.wikipedia.org/wiki/D-Bus) that controls the lock screen. By tampering with it, you can easily invoke an unlock. The hardware interruptions that excecute the code can be easily implemented by the attacker according to his choice, but the trick is to chose the correct hardware that can be controlled while the computer is locked, which are only a few. In the demo I will show all the ways I could unlock the screen, with hardware interruptions, an open UDP port, or even without having the backdoor running in the background and just calling it. Dbus is bundled with gnome, kde, freedesktop, xfce and more X systems, making (almost) any Linux or BSD box vulnerable to this attack. Matias Katz is a Penetration Tester who specializes in Web security analysis. He loves to build simple tools to perform discovery and exploitation on any software or network. He has spoken at BlackHat, H2HC, Ekoparty, TEDx, Campus party, OWASP and many important conferences. He is the founder and CEO of Mkit Argentina (www.mkit.com.ar), a company that specializes in computer, physical and human security solutions. He is also the founder of Andsec conference (www.andsec.org). And he is Super Mario World master!!