Quark Script is a tool designed to detect black-box vulnerabilities in Android, which was presented at BlackHat Asia Arsenal 2024. It features three main characteristics :

• Creativity and Innovation : Delving deep into black-box vulnerability discovery, resolving automation issues, providing user-friendly and practical APIs, and encouraging users to script detection with creativity and innovation.
• Dynamic and Static Analysis : Integration of static analysis tools (such as Quark itself) and dynamic analysis tools (such as Frida).
• Reusable and Shareable : Once a user creates a Quark Script, it can be applied to analyze different targets and shared with other users.

What is special about the threats targeting critical infrastructure? Stealth.

Critical infrastructure refers to the systems, assets, and networks that are essential for the functioning of a society, economy, or country. Cellular Networks, both private and public, are part of Communication infrastructure.

APTs targeting communication infrastructure are not ransomware gangs; they are often backed by nation-states. Espionage or data exflitration is the primary aim. The implants are designed to stay undetected in the infected system for a long time (E.g.: BPF Door, Cyclops Blink).

Private cellular networks are increasingly finding applications in Defense systems, manufacturing industry, V2X communications and so on. Over generations, from 3G to 4G to 5G, Packet core and Radio systems have transitioned to an open architecture. Monolithic architecture and proprietary protocols are giving way to component disaggregation (SBA, ORAN) and interface standardization (SBI, E2). Parts of packet core and RAN have been cloudified.

The transition to open architecture and cloud gives cellular networks the flexibility to support various private network deployment scenarios. Not surprisingly, the attack surface of cellular networks has also expanded. More interfaces are exposed in cloud, edge and in internal networks. CT and IT networks blend in private networks, thus risking threats crossing over from one domain to the other.

The motivation to compromise cellular networks is clear. This talk is about attack vectors from cellular technology.

In the IoT environment, effective implementation of machine identity management is not only the cornerstone of production security and efficiency but also an inevitable requirement to address increasingly complex security challenges. Adhering to relevant standards, leveraging PKI and cryptographic techniques, and integrating machine identity management into overall identity and access management will help establish a more robust IoT security foundation.

Software-Defined Vehicles ( SDVs ) leverage Over-The-Air ( OTA ) update to continuously provide users with a diverse range of services and an enhanced experience. However, this software-centric approach introduces a dynamic landscape of cybersecurity threats alongside its conveniences. Traditional Electronic Control Unit ( ECU ) system design struggle against the evolving demands of SDV. To support rapid software changing, we must reconsider automotive ECU design philosophy. So, which traditional cybersecurity design principles are being challenged? Which remain essential? This presentation will share practical experiences in ECU cybersecurity functional design, exploring the challenges to embracing the era of SDV.

As cloud computing, AI intelligence, and remote maintenance technologies flourish, the concept of the Industrial Internet of Things (IIoT) is progressively implemented across various critical infrastructures. This not only breaks the limitations of traditional industrial control environments but also brings unprecedented convenience while introducing numerous cybersecurity risks. In this context, building a secure and reliable industrial control system within the IIoT environment has become an urgent issue to address.

In this presentation, we will explore the key strategies for asset owners, service providers, system integrators, and product manufacturers in tackling cybersecurity risks associated with IIoT. Additionally, we will introduce how the ISASecure certification program develops global cybersecurity certification suitable for IIoT devices and gateways, based on risk assessment results combined with the ISA/IEC 62443 standards. We will also delve into the various stages of product development, control measures, and certification standards to help attendees thoroughly understand the philosophies and objectives behind these standards.

Besides presenting the latest global cybersecurity trends, we will share the newest developments and information from the ISASecure certification program to support Taiwan's industry in aligning with global cybersecurity standards. These efforts aim to comprehensively enhance our cybersecurity protection capabilities in the AIoT domain, focusing not only on software security but also on hardware security measures. Through such measures, we can effectively reduce cybersecurity risks in the IIoT environment, ensuring that technological innovation and cybersecurity protection progress hand in hand, laying a solid foundation for the future development of the industry.

With the release of the latest version of "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions" by the US FDA in September 2023, and the update of "Guidelines for Industry on Management of Cybersecurity in Medical Device" by the Taiwan Ministry of Health and Welfare in 2021, addressing the requirements of cybersecurity has become a significant challenge for medical device manufacturers who have already implemented the IEC 62304 standard. The key to solving this challenge lies in the IEC 81001-5-1 standard, which builds upon IEC 62304 and incorporates requirements from IEC 62443-4-1 for Secure Software Development Lifecycle (SSDLC), serving as guidance for manufacturers to achieve secure software development practices. This presentation will share practical insights into the challenges that manufacturers may face when implementing software security development processes and emphasize the key considerations they should focus on.

It's not news when taking about Man-in-the-Middle (MitM) attacks. However it may causes more impact against OT, rather than IT. In this talk , we describe objectives to launch MitM attacks against OT, breakdown some major OT protocols vulnearbilities that could be leveraged to launch MitM attacks, and provide prevention/mitigation methods against such MitM attacks.

With the increasing clarity in the application of SBOM, more and more critical infrastructure industries are engaging in PoC. This prompts us to consider whether we are adequately prepared for the development of SBOM. We know that merely listing the software and versions of asset through SBOM is insufficient to improve supply chain security. In light of this, we will deep into the concept, generation, and application of SBOM. Once we have SBOM, what technologies should we align with to effectively apply the concept? Additionally, we will also analyze the current use of SBOM in global critical infrastructure industries to illustrate the concerns it brings.

The U.S. Department of Defense (DoD) announced the "Cybersecurity Maturity Model Certification" (CMMC) information security requirements for DIB (Defense Industrial Base) partners. The soon-to-be legalized CMMC is expected to be fully implemented in fiscal year 2026. As such, all DIB including their contractors/subcontractors must demonstrate adequate CMMC satisfaction before contracts would be awarded. CMMC will have a direct impact on all the manufacturers in the global supply chain. For Taiwanese manufacturers, CMMC presents both a challenge and opportunity. To be able to demonstrate adequate level of CMMC compliance is a key to winning a Defense contract. However, the purpose of CMMC doesn't stop here. It may go beyond current scope as company's product design and engineering that embedded the spirits of CMMC would definitely gain more competing edges, thus more customers. We are here to prepare those interested parties to become CMMC compliance and gain better competitive edge globally.

Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.

Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.

A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.

However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.

In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.

As various regulations are implemented within tight deadlines, the automotive industry has been vigorously seeking certification processes and safety architecture evaluations in recent years. When manufacturers are choosing suppliers or attempting to establish their laboratories to tackle these issues, they encounter practical challenges, particularly with TARA (Threat Assessment & Risk Analysis) and VMS (Vulnerability Management Systems). The question arises: How can one accurately set the Security Boundary? This crucial yet often unaddressed issue, which neither ISO documentation nor consultants provide clear answers to, will be tackled in this presentation. Drawing from extensive experience in industry advisory roles, we will outline some fundamental guidelines. Additionally, we will use 'realistic' architectural diagrams and documents, which do not disclose any proprietary secrets, for live demonstrations and analysis.

Welcome to a concise exploration of In-Vehicle Networking (IVN), where we trace its evolution over the last twenty years. Initially, we'll discuss the fundamentals of IVNs, highlighting their critical role as the vehicle's nerve center, managing everything from engine performance to entertainment systems.

We then examine the various protocols that underpin IVNs, akin to diverse languages facilitating communication between car components. This section aims to demystify the technicalities, making them accessible and understandable.

However, IVNs come with vulnerabilities. A significant portion of our discussion will address cyber risks, focusing on incidents like "CAN injection," a cyberattack that can compromise vehicle operations. We aim to simplify cybersecurity concepts, providing clear and digestible explanations.

Finally, we'll look at the defenses in place to protect IVNs against cyber threats. This includes an overview of current security mechanisms, explained in an engaging and straightforward manner, suitable for those new to the subject of cybersecurity.

When it comes to the application of information security in IoT, AI, and servers, the concept of hardware-based security design becomes crucial. Hardware security chips are microchips specially designed to protect data and systems from malicious attacks. In IoT applications, hardware security chips can ensure the security of communication and data transmission for IoT devices, thereby protecting personal privacy and system integrity. In AI applications, these chips can prevent unauthorized access and tampering, ensuring the reliability and security of machine learning models. In the case of servers, hardware security chips can help prevent malicious software attacks and provide secure data storage and access control. Overall, the application of hardware security chips in these areas provides crucial support for data security and system protection, helping us to build a more reliable and secure digital ecosystem.

The most harmful malware that spreads through Microsoft OS vulnerabilities is probably WannaCry. However, 15 years ago, there was a worm called Conficker, which also spread through Microsoft vulnerabilities. Conficker continues to spread widely on the Internet today.

In November 2008, Conficker worm propagated through the Microsoft RPC vulnerability. Even now, devices in the wild are still attacked for spreading Conficker worm samples against SMB servers on public networks. 

In this session, we will start from the suspicious traffic discovered on honeypots, analyze Conficker worm network propagation behavior, and investigate the attack source and exploit payload collected by us. We also explore the threat about this type of attacks to industrial control systems and propose possible defense solutions.

The Internet of Vehicles (IoV) is a new technology that has developed rapidly in recent years, bringing revolutionary changes and unlimited business opportunities to the automotive industry. But beyond this postive side, as IoV technology matures and becomes more popular, the cybersecurity risks it brings are also increasing. This agenda will explain the security threats of IoV, and showcase practical experience sharing and solutions such as security assessment results and vulnerability analysis of IoV-related devices, with a view to improving the safety of vehicles and passengers.

Near-RT RIC (RAN Intelligent Controller) is a pivotal component within O-RAN, crucial for monitoring and managing RF resources and optimizing network performance. In the research, we reveal a couple of potential vulnerabilities in the form of malicious/anomalous xApps, subcomponents designed to optimize resource allocation, and the RIC Message Router (RMR), facilitating communication between these components.

Emerging security risks limit the Internet of Things' potential. The fundamental way to solve this problem is to combine the advantages of the most secure hardware, software, and operating system solutions to create an interlocking security ecosystem.

PUFsecurity developed a series of chip-level hardware security solutions based on the patented Physical Unclonable Function (PUF), including the hotly discussed hardware root of trust and the indispensable crypto coprocessor. We use the unique secret generated by PUF to develop robust technologies such as key management, encryption and decryption, authentication, and anti-tamper technologies and wrap them into a highly integrated IP that is easy to deploy and use, protecting and connects the entire security operation ecosystem from the hardware level.

In this speech, we will gradually explain the role of hardware security, that is, chip security, in the entire information security trust chain, and then explain the technology, operation, and critical designs against attacks.

As countries worldwide expand their deployment of 5G networks, Taiwan is also catching up by promoting the widespread adoption of 5G network services and introducing numerous 5G User Equipment (UE). In this session, our focus will be on industrial-grade communication Internet of Things (IoT) devices, with the goal of "Pwn it before open it." This aims to enable successful research and yield findings before obtaining the physical product. The content will revolve around sharing the hurdles encountered during the research process, the methods employed to overcome them, and the approach to research. We will also share the cybersecurity vulnerabilities discovered in industrial-grade communication IoT devices and methods for mitigation and prevention. 

Because of cost control, IoT devices often only take necessary compliance tests without assessing possible security concern. However, as the governance raise cybersecurity requirements, the audit for cybersecurity and managament of private data become mandated. How to comply to different regulations becomes invetable challenge for device manufacturers.

Using a python-base 5G network componet emulator to emulate user equipment (UE) authentication and authorization procedure when 5G UE registration to 5G core network (5GC) via a 5G base station (gNB). Our presentation include two major categories of security attack surface: the 1st category is to deceive and hyjack a legal UE by 5G false base station (FBS) with 5G false core network; and 2nd category is demostation of penetrating 5G core network (5GC) from a malicious UE.

This session intends to explore security vulnerabilities from mobile applications to vehicles and the cloud, specifically focusing on challenges faced in real-world operations. We will address common security issues in the development phase, such as insecure user authentication, data leakage, injection attacks, and misconfigurations in security settings. Drawing from both publicly available case studies and our practical experience, this session will thoroughly explore these issues and discuss effective strategies for improvement and solutions.

Panasonic is committed to developing diversified Internet of Things (IoT) products to make people's lives better. Recognizing the importance the group places on product network security and customer privacy, the Panasonic Product Security Center and Panasonic Cyber Security Lab have established a threat intelligence collection platform since 2017 and have continued to conduct extensive analysis and research on threats to IoT products.

The main focus of this agenda includes :

1. How Panasonic collects and analyzes threat intelligence through the IoT threat intelligence project ASTIRA.
2. Sharing Panasonic's IoT product security measures at different stages of the product lifecycle.
3. Sharing a simple IoT product security usage guide for individuals, enterprises, or organizations.

Cryptocurrency Wallet Security : Exploring the challenges and solutions facing Web3 wallets in the rapidly evolving virtual asset landscape. Covering key principles, security threats like private key theft and phishing, and strategies for enhanced security including multi-signature wallets and smart contract auditing. Attendees gain valuable insights and can win a CoolWallet in the Q & A. Ideal for blockchain professionals and cryptocurrency enthusiasts seeking practical security knowledge.

As of 2023, Matter has been certified for 1,386 devices across 23 types, making it one of the fastest standards ever adopted by manufacturers. Main ecosystem vendors have announced devices that support Matter over Thread or Matter over Wi-Fi. With the new release of the latest version of Matter 1.2 by the Connected Standard Alliance, which supports more device types and improves security specifications, this speech will focus on the requirements of the Matter security standard, and how to implement the security of Matter IoT devices with Secure Vault™ security technology, and one-stop Matter development platform based on MG24 SoC.

Modern vehicles are equipped with a variety of wireless protocols, such as GSM, WiFi, Bluetooth, GPS, and Remote Keyless systems. While these protocols offer convenience, they also provide opportunities for attackers to remotely infiltrate vehicles. This session will explore the various security concerns associated with these wireless protocols from an attacker's perspective, utilizing real-world examples.

As new technologies such as the Industrial Internet of Things (IIoT), Industry 4.0 and cloud integration begin to be introduced into industrial control systems (OT), the evolution of OT networks is becoming increasingly complex. Innovative technologies not only improve production efficiency and flexibility, but also bring new cybersecurity challenges. As technology continues to evolve, cybersecurity risks are also constantly changing. Threats such as malware intrusion, data theft, and service interruption are increasingly intensifying. These threats pose severe challenges to the stability and security of OT systems.

The agenda will share the current status of OT network systems, explore the changing trends and security considerations faced by OT systems, and hope that participants can have a deeper understanding of security challenges in industrial environments and provide information security response suggestions.