2024-10-23 –, Schengen 1 & 2
In this lightning talk, we show inherent security risks of running BEAM virtual machines that power Erlang and Elixir applications. We'll demonstrate how easily nodes can be interconnected and exploited to execute arbitrary code, create reverse shells, and compromise entire clusters. Through live terminal sessions, attendees will witness how attackers can run code on host machines, replace running code, and even infect other nodes—all leveraging BEAM's distributed capabilities. This talk aims to raise awareness about these critical security issues and provide insights on mitigating risks in production environments.
Key Demonstrations depending on time and preparation -_-:
- Show how easily nodes can be connected, and how one can execute code on remote nodes (it's a feature, not a bug)
- Show how to use :erlang.term_to_binary and Base.url_encode64 to serialize and transmit malicious functions.
- Show basics Reverse Shells running on the BEAM
- Show how one can replace Modules using Code.compile_string/1 and hot code swapping.
- Show what the BEAM can do with SSH (an attacker can start an SSH server inside the BEAM VM, and also initiate SSH connections to further exploit remote systems.)
- Illustrate how to spread malicious code to connected nodes using spawn and rpc:cast.
- Discuss the risk of connecting to a unknown remote node