Conference:  Defcon 31

Authors: Ryan Johnson Senior Director, R&D at Quokka, Mohamed Elsabagh Senior Director, R&D at Quokka, Angelos Stavrou Founder and Chief Scientist at Quokka

2023-08-01

Prepaid Android smartphones present an attractive option since they can be used and discarded at will without significant financial cost. The reasons for their use are manifold, although some people may use them to dissemble their true identity. Prepaid smartphones offer value, but there may be an additional "cost" for their cheap price. We present an examination of the local attack surface of 21 prepaid Android smartphones sold by American carriers (and 11 unlocked smartphones). While examining these devices, we discovered instances of arbitrary command execution in the context of a "system" user app, arbitrary AT command execution, arbitrary file write in the context of the Android System (i.e., "system_server"), arbitrary file read/write in the context of a "system" user app, programmatic factory reset, leakage of GPS coordinates to a loopback port, numerous exposures of non-resettable device identifiers to system properties, and more. The only user interaction that our threat model assumes is that the user installs and runs a third-party app that has no permissions or only a single "normal" level permission that is automatically granted to the third-party app upon installation. The installed third-party app can leverage flaws in pre-loaded software to escalate privileges to indirectly perform actions or obtain data while lacking the necessary privileges to do so directly. Due to a wide range of local interfaces with missing access control checks and inadequate input validation, a third-party app’s behavior is not truly circumscribed by the permissions that it requests. Due to the common inclusion of pre-loaded software from Android vendors, chipset manufacturers, carriers, and vendor partners, exploit code can have significant breadth. The inter-app communication used to exploit these vulnerabilities may be difficult to classify as inherently malicious in general since it uses the standard communication channels employed by non-malicious apps. We pick up again where we left off from our DEF CON 26 talk … raiding the prepaid Android smartphone aisles at Walmart. We provide another snapshot on the state of security for Android carrier devices. In this talk, we examine 21 different prepaid Android smartphones being sold by the major American carriers, and we also cover 11 unlocked Android devices, which are primarily ZTE smartphones. We identified vulnerabilities in multiple layers of the Android software stack. For each discovered vulnerability, we step through the attack requirements, access vector, and attack workflow in order to help developers and bug hunters identify common software flaws going forward.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Jihye Choi

2022-10-28

The conference presentation discusses two technologies, Mig and GPUdirect RDMA, for efficient use of GPU resources in AI and HPC tasks. Mig allows for splitting one unit of GPU into multiple instances, while GPUdirect RDMA enables efficient distributed processing. The presentation includes a POC result for each technology and highlights some points to consider for Kubernetes testing.

• Mig technology allows for efficient use of GPU resources by splitting one unit of GPU into multiple instances
• GPUdirect RDMA enables efficient distributed processing for deep learning tasks
• POC results show that Mig technology is suitable for model development and inference tasks, while GPUdirect RDMA is suitable for larger scale tasks
• Points to consider for Kubernetes testing are discussed in the presentation

Conference:  CloudOpen 2022

Authors: Sean Pomeroy, Jesse Goodier

2022-06-24

The presentation discusses the use of open source tools for cost optimization in Kubernetes deployments.

• Open source tools like Kube Cost and Open Cost can help with cost optimization in Kubernetes deployments
• Kube Cost provides recommendations for reducing costs and improving efficiency
• Open Cost provides raw cost data that can be used to develop custom cost optimization algorithms
• Discipline is required to adhere to labeling strategies for accurate cost information
• Kube CTL Cost is a useful tool for querying cost information based on namespaces and labels

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Carlos Sanchez

2022-05-20

Optimizing resource usage in Kubernetes clusters through hibernation and workload distribution

• Built hibernation and workload distribution systems to optimize resource usage
• Applied at both application and infrastructure levels
• Recommendations for setting CPU and memory requests and limits
• Use of standard VMs with CPU to memory ratio based on application usage
• Explicitly setting JVM heap size to avoid surprises

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Evan Sheng, David Morrison

2021-10-13

Airbnb's journey to heterogeneous clusters and the technical and organizational hurdles they faced in migrating from homogeneous clusters

• Airbnb migrated from running homogeneous Kubernetes clusters to heterogeneous clusters to improve cost and efficiency
• Changes were required in almost every part of their infrastructure to support multiple different node types
• They faced three specific technical and organizational hurdles in this journey
• Heterogeneous clusters have been instrumental for Airbnb and their team