Download - Usa11preview Johansen
-
7/29/2019 Usa11preview Johansen
1/14
1Page 2011 WhiteHat Security, Inc.
1
Hacking Google ChromeOS
Matt JohansenTeam [email protected]
@mattjay
August 2011
Kyle OsbornApplication Security [email protected]
@theKos
special thanks to:
Googles Security Team
Jeremiah Grossman
Chris Evans
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
7/29/2019 Usa11preview Johansen
2/14
2Page 2011 WhiteHat Security, Inc.
2
Who are we?
Kyle & Matt are both part of the Threat Research
Center at WhiteHat Security and manually assess alarge portion of WhiteHats 4,000+ websites.
Matt:
-Application Security Engineer turned Team Lead.
- Background in Penetration Testing as a Consultant.
- Bachelor of Science in Computer Science from Adelphi University
Kyle:
-Application Security Specialist
- Primary focus on Offensive Security Research
- Likes to push the Big Red Button
-
7/29/2019 Usa11preview Johansen
3/14
3Page 2011 WhiteHat Security, Inc.
3
WhiteHat Security Company Overview
The FutureNow List
WhiteHat Security: end-to-end solutions for Web security
WhiteHat Sentinel: SaaS website vulnerability management
Combination of cloud technology platform and leading security
experts turn security data into actionable insights for customers
Founded in 2001; Sentinel Premium Edition Service launched in
2003
400+ enterprise customers, 4,000 sites under management
Most trusted brand in website security
-
7/29/2019 Usa11preview Johansen
4/14
4Page 2011 WhiteHat Security, Inc.
4
Google Cr-48 Beta Laptop
First Chrome OSdedicated device
Application to be aBeta Tester open to
public WhiteHat one of fewsecurity companies totest it first
-
7/29/2019 Usa11preview Johansen
5/14
5Page 2011 WhiteHat Security, Inc.
5
Chrome OS
The time for a Web OS is now Eric Schmidt
What we know:
Revolves around the browser
Virtually nothing stored locally
Cloud heavy (re: reliant)
Fast!
-
7/29/2019 Usa11preview Johansen
6/14
6Page 2011 WhiteHat Security, Inc.
6
Chrome OS (contd)
Nothing stored locally = no usual software suspects.
Chrome OS = Extension CrazyMobile = App Crazy
In order to get usability / functionality out of a locked updevice users must use what is available.
-
7/29/2019 Usa11preview Johansen
7/14
7Page 2011 WhiteHat Security, Inc.
7
What Does A Hacker See?
New attack surface!
With all of these new extensions thatarent necessarily developed by Googleor any reputable company, securityvulnerabilities are bound to be plentiful.
Let the Hacking Begin!
-
7/29/2019 Usa11preview Johansen
8/14
8Page 2011 WhiteHat Security, Inc.
8
ScratchPad
Preinstalled note-takingextension
Auto Sync feature toGoogle DocsScratchPad Folder
Google Docs Feature Folder/Doc sharing. Nopermission needed!
-
7/29/2019 Usa11preview Johansen
9/14
9Page 2011 WhiteHat Security, Inc.
9
ScratchPad Video demo
Google fixed Scratchpad XSS very quickly but we have
a video demo.
-
7/29/2019 Usa11preview Johansen
10/14
10Page 2011 WhiteHat Security, Inc.
10
Permission Structure
Why are Extensions any different?
Individual extensions have
unique permissions
Use chrome.* API
Permissions set by 3rd party
developer Some extensions require
permission to talk to every
website
Similar to Mobile Apps
-
7/29/2019 Usa11preview Johansen
11/14
11Page 2011 WhiteHat Security, Inc.
11
Malicious Extension Demo
Saving this one for BlackHat.
What can we do with a very vulnerable extension withwide open permissions which do exist in the wild.
-
7/29/2019 Usa11preview Johansen
12/14
12Page 2011 WhiteHat Security, Inc.
12
Browser -> Extension Trust Model
Taking the old Software Security Model and moving it tothe cloud.
Software Security Model Browser Extension Trust Model
-
7/29/2019 Usa11preview Johansen
13/14
13Page 2011 WhiteHat Security, Inc.
13
Security Implications
Chromebooks run the first
consumer operating system
designed from the ground up to
defend against the ongoing threat
of malware and viruses. They
employ the principle of "defense in
depth" to provide multiple layers of
protection, including sandboxing,
data encryption, and verified boot.
Google.com/Chromebook
Things Done Very Well
Sandboxing tabs so they
dont talk to each other Local storage is virtually
non existent
Attack surface limited to
client side browser exploits Handles own plugins
(flash, pdfs, etc.)
Eliminates most modern
virus / malware threats
-
7/29/2019 Usa11preview Johansen
14/14
14Page 2011 WhiteHat Security, Inc.
14
Thank You!Q&A?Matt JohansenTeam [email protected]
@mattjay
Kyle OsbornApplication Security [email protected]
@theKos
mailto:[email protected]:[email protected]:[email protected]:[email protected]