Search for: All records

iOS is one of the most valuable targets for security researchers. Unfortunately, studying the internals of this operating system is notoriously hard, due to the closed nature of the iOS ecosystem and the absence of easily-accessible analysis tools. To address this issue, we developed TruEMU, which we present in this talk. TruEMU is the first open-source, extensible, whole-system iOS emulator. Compared to the few available alternatives, TruEMU enables complete iOS kernel emulation, including emulation of the SecureROM and the USB kernel stack. More importantly, TruEMU is completely free and open-source, and it is based on the well-known and highly extensible emulator QEMU. This talk will start by presenting the challenges and the solutions we devised to reverse engineer current iOS boot code and kernel code, and explain how to provide adequate support in QEMU. Then, to showcase TruEMU's usefulness and capabilities, we will demonstrate how it can completely boot modern iOS images, including iOS 14 and the latest iOS 15, and how it can properly run different user-space components, such as launchd, restored, etc. Later, we will showcase two promising ways to use TruEMU as an iOS vulnerability research platform. Specifically, we will demonstrate how to use TruEMU to enable coverage-based fuzzing of the iOS kernel USB stack. Further, we will show how TruEMU provides a platform to implement coverage-based, syscall-level fuzzing. This platform enables security researchers to automatically explore multiple attack surfaces of iOS. In sum, building a complete emulator for iOS is a daunting task. Many features (i.e., many peripherals) still need to be implemented to allow a complete emulation of a modern iOS device. We hope this talk will also bootstrap a large community involvement in this project that will progressively shed more light on the obscure corners of iOS security. 

In this work, we present the fabrication of a two-step thermoresponsive ultrafiltration (UF) membrane through polymerization of a lyotropic liquid crystal (LLC). A mixture of commercially available Pluronic F127 block copolymer, water (containing ammonium persulfate as the initiator), and polymerizable oil (n-butyl acrylate/ethylene glycol dimethacrylate) is used to create an LLC with lamellar structure, as characterized by cross-polarized light microscopy and atomic force microscopy. Differential scanning calorimetry is employed to evaluate the thermoresponsive behavior of the polymerized LLC (polyLLC). Two-step thermoresponsiveness (~35 °C and ~50 °C) of the polyLLC is observed due to the lower critical solution temperature (LCST) of F127 and melting of the crystalline structure of the polyethylene oxide (PEO) chains of the F127 surfactant. In the next step, the obtained mesophase is cast on a nonwoven polyester support sheet followed by thermal polymerization. The hydration capacity, water flux, water flux recovery after fouling, and molecular weight cut-off (MWCO) of the obtained membrane are evaluated at different temperatures to examine its thermoresponsiveness. The experimental results reveal that the UF membrane has a reversible thermoresponsive behavior at the LCST and PEO melting of polyLLC. Additionally, cleaning efficiency of the fouled membrane can be enhanced by using its thermoresponsive behavior, resulting in an extended lifetime of the product. Furthermore, the MWCO of the membrane can be altered with temperature due to the pore size change with temperature stimulus. 

Universal Serial Bus (USB) is the de facto protocol supported by peripherals and mobile devices, such as USB thumb drives and smartphones. For many devices, USB Type-C ports are the primary interface for charging, file transfer, audio, video, etc. Accordingly, attackers have exploited different vulnerabilities within USB stacks, compromising host machines via BadUSB attacks or jailbreaking iPhones from USB connections. While there exist fuzzing frameworks dedicated to USB vulnerability discovery, all of them focus on USB host stacks and ignore USB gadget stacks, which enable all the features within modern peripherals and smart devices. In this paper, we propose FUZZUSB, the first fuzzing framework for the USB gadget stack within commodity OS kernels, leveraging static analysis, symbolic execution, and stateful fuzzing. FUZZUSB combines static analysis and symbolic execution to extract internal state machines from USB gadget drivers, and uses them to achieve state-guided fuzzing through multi-channel in- puts. We have implemented FUZZUSB upon the syzkaller kernel fuzzer and applied it to the most recent mainline Linux, Android, and FreeBSD kernels. As a result, we have found 34 previously unknown bugs within the Linux and Android kernels, and opened 7 CVEs. Furthermore, compared to the baseline, FUZZUSB has also demonstrated different improvements, including 3× higher code coverage, 50× improved bug-finding efficiency for Linux USB gadget stacks, 2× higher code coverage for FreeBSD USB gadget stacks, and reproducing known bugs that could not be detected by the baseline fuzzers. We believe FUZZUSB provides developers a powerful tool to thwart USB-related vulnerabilities within modern devices and complete the current USB fuzzing scope. 

In this study, we examine the polymerization kinetics with different thermal initiators in lamellar and hexagonal lyotropic liquid crystal (LLC) structures directed by Pluronic L64. Ammonium persulfate is used to initiate the polymerization from the water phase, whereas azobisisobutyronitrile and benzoyl peroxide are employed to commence the reaction through the monomer phase. While the mesophase structure remains intact for all the initiation systems, the kinetics of polymerization and conversion vary significantly. The obtained differential scanning calorimetry (DSC) results reveal that, under the same conditions, the initiation from water (IFW) system results in enhanced reaction rates as well as higher monomer conversions compared to the initiation from oil (IFO) system. A higher termination rate in LLC nanoconfinements induces lower reaction rates in the IFO system. Moreover, our work on different LLC structures shows that the effect of nanoconfinement on the polymerization rate can be minimized through IFW. Chemorheology not only confirms the results obtained from DSC, but also shows that, in similar monomer conversions, the polymers obtained from the IFW system exhibit improved mechanical properties over the samples produced through the IFO process.