CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Ta-Lun Yen is an independent researcher with interests in reverse engineering, protocol analysis, wireless security, embedded & IoT/ICS device security. Been a member of a Taiwanese InfoSec community "UCCU Hacker". Presented at various conferences & events including HITCON, Black Hat, CODE BLUE. Joined Trend Micro (TXOne Networks) with focus on offensive security.
#
Six years ago, since the advent of System Integrity Protection (SIP) framework on macOS Yosemite, a protection mechanism protects files from being modified even with elevated privileges, which Apple deeply trusts to stop systems being maliciously tampered with or having data being stolen. Apple does not believe in empowering the users and went down a road of taking away privileges from users.
However, during these six years, we have seen more and more attacks allowing bypassing SIP to make modification to crucial files within the system. Moreover, multiple articles on the Internet instruct you to disable SIP entirely. We will introduce multiple bypasses for SIP in this session, and how Apple implemented this protection in the first place.
#
In this research, we discovered and disclosed multiple vulnerabilities in most of the DDS (Data Distrubiton Service) implementations. DDS enables crucial technologies, such as autonomous driving, military tactical systems, or time-sensitive machineries. We approached DDS from the bottom up, and we'll show you how we dissected, fuzzing with and without source code, then found multiple vulnerabilities within it, including a standard-level vulnerability and others, including remote code execution and DoS.