Scribd Logo
Upload

Welcome to Scribd!

  • 51 views

    Hacking Google Chromeos: Matt Johansen Kyle Osborn

    Uploaded by

    Sumant Luhar
    Matt Johansen and Kyle Osborn are both part of the Threat Research Center at WhiteHat security. They manually assess a large portion of WhiteHat's 4,000+ websites. Whitehat security is a cloud-based vulnerability management service.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    Hacking Google Chromeos: Matt Johansen Kyle Osborn

    Uploaded by

    Sumant Luhar
    51 views14 pages
    Matt Johansen and Kyle Osborn are both part of the Threat Research Center at WhiteHat security. They manually assess a large portion of WhiteHat's 4,000+ websites. Whitehat security is a cloud-based vulnerability management service.

    Original Title

    Usa11preview Johansen

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Matt Johansen and Kyle Osborn are both part of the Threat Research Center at WhiteHat security. They manually assess a large portion of WhiteHat's 4,000+ websites. Whitehat security is a cloud-based vulnerability management service.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    51 views14 pages

    Hacking Google Chromeos: Matt Johansen Kyle Osborn

    Uploaded by

    Sumant Luhar
    Matt Johansen and Kyle Osborn are both part of the Threat Research Center at WhiteHat security. They manually assess a large portion of WhiteHat's 4,000+ websites. Whitehat security is a cloud-based vulnerability management service.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 14

    Hacking Google ChromeOS

    Matt Johansen
    Team Lead
    [email protected] @mattjay

    Kyle Osborn
    Application Security Specialist
    [email protected] @theKos

    August 2011
    Page 1 2011 WhiteHat Security, Inc.

    special thanks to: Googles Security Team Jeremiah Grossman Chris Evans

    Who are we?


    Kyle & Matt are both part of the Threat Research Center at WhiteHat Security and manually assess a large portion of WhiteHats 4,000+ websites.
    Matt:
    - Application Security Engineer turned Team Lead. - Background in Penetration Testing as a Consultant. - Bachelor of Science in Computer Science from Adelphi University

    Kyle:
    - Application Security Specialist - Primary focus on Offensive Security Research - Likes to push the Big Red Button

    Page 2 2011 WhiteHat Security, Inc.

    WhiteHat Security Company Overview


    WhiteHat Security: end-to-end solutions for Web security WhiteHat Sentinel: SaaS website vulnerability management Combination of cloud technology platform and leading security experts turn security data into actionable insights for customers Founded in 2001; Sentinel Premium Edition Service launched in 2003 400+ enterprise customers, 4,000 sites under management Most trusted brand in website security

    The FutureNow List


    Page 3 2011 WhiteHat Security, Inc.

    Google Cr-48 Beta Laptop


    First Chrome OS dedicated device Application to be a Beta Tester open to public WhiteHat one of few security companies to test it first

    Page 4 2011 WhiteHat Security, Inc.

    Chrome OS
    The time for a Web OS is now Eric Schmidt
    What we know: Revolves around the browser Virtually nothing stored locally Cloud heavy (re: reliant) Fast!

    Page 5 2011 WhiteHat Security, Inc.

    Chrome OS (contd)
    Nothing stored locally = no usual software suspects.
    Mobile = App Crazy Chrome OS = Extension Crazy

    In order to get usability / functionality out of a locked up device users must use what is available.

    Page 6 2011 WhiteHat Security, Inc.

    What Does A Hacker See?


    New attack surface!
    With all of these new extensions that arent necessarily developed by Google or any reputable company, security vulnerabilities are bound to be plentiful. Let the Hacking Begin!

    Page 7 2011 WhiteHat Security, Inc.

    ScratchPad
    Preinstalled note-taking extension Auto Sync feature to Google Docs ScratchPad Folder Google Docs Feature Folder/Doc sharing. No permission needed!

    Page 8 2011 WhiteHat Security, Inc.

    ScratchPad Video demo


    Google fixed Scratchpad XSS very quickly but we have a video demo.

    Page 9 2011 WhiteHat Security, Inc.

    Permission Structure
    Why are Extensions any different?
    Individual extensions have unique permissions Use chrome.* API Permissions set by 3rd party developer Some extensions require permission to talk to every website Similar to Mobile Apps

    Page 10 2011 WhiteHat Security, Inc.

    Malicious Extension Demo


    Saving this one for BlackHat.
    What can we do with a very vulnerable extension with wide open permissions which do exist in the wild.

    Page 11 2011 WhiteHat Security, Inc.

    Browser -> Extension Trust Model


    Taking the old Software Security Model and moving it to the cloud.
    Software Security Model Browser Extension Trust Model

    Page 12 2011 WhiteHat Security, Inc.

    Security Implications
    Chromebooks run the first
    consumer operating system designed from the ground up to defend against the ongoing threat of malware and viruses. They employ the principle of "defense in depth" to provide multiple layers of protection, including sandboxing, data encryption, and verified boot. Google.com/Chromebook

    Things Done Very Well Sandboxing tabs so they dont talk to each other Local storage is virtually non existent Attack surface limited to client side browser exploits Handles own plugins (flash, pdfs, etc.) Eliminates most modern virus / malware threats

    Page 13 2011 WhiteHat Security, Inc.

    Thank You! Q&A?


    Matt Johansen
    Team Lead
    [email protected] @mattjay

    Kyle Osborn
    Application Security Specialist
    [email protected] @theKos

    Page 14 2011 WhiteHat Security, Inc.

    You might also like