As more and more aspects of daily life become digital, there are more and more ways for our privacy to be compromised through computer security vulnerabilities. Every year, tens of thousands of security experts and professionals attend conferences such as Black Hat and DefCon to learn about and present their research. Many of these presentations include both the theoretical design of a computer security vulnerability as well as an implementation of an attack that exploits it.
As a comps group, our goal was to find papers that presented interesting attacks and create our own implementations of them. We split into three teams to work the following three attacks:
Charger surfing is a hardware-level attack on phone charging cables with the main goal to steal a phone’s password using nothing more than the electrical data being transmitted along a charging phone’s USB cable. DHT crawling is an attack on the bit torrent network protocol that allows an attacker to see what files are currently being torrented and what IP addresses are downloading them. Finally, the Excel macros attack is a novel implementation of a common attack which embeds malicious code into the macros on an excel worksheet.
Overall, each team was able to achieve some level of success in replicating these attacks. Despite the relative success of each project, one of the main takeaways from this comps project is that replication can be incredibly challenging, even when one seemingly has all the information they need.
To see more in-depth information about each project, click on its link. You can also view the source code or download the presentation slides.