The 10 scariest presentations in this year's Black Hat and DefCon
Every year, the world’s craziest and most inspired security professionals and hackers all over the world gather in an annual event that takes place in Las Vegas. Actually, there are two events, which take place at the same time and place- Black Hat and DefCon. Black Hat is more “official” you could say, have very expensive tickets (1800$) and a formal schedule with serious attendees who are mostly corporate employees. DefCon on the other hand is the even where the tickets are relatively cheap (200$) and any free spirit can attend and have fun; there are games hosted, talks are more on the “darker” side of things, and its generally the hacker conference that most people imagine.
Now that you know what Black Hat and DefCon are, we’ll see the most interesting and slightly dreadful subjects that were covered by the experts in this year’s event. Big thanks to PCWorld for this list.
1. The USB Firmware vulnerability Proof of Concept (namely ‘BadUSB’)
As we covered in this topic right here, the researchers from Security Labs had recently discovered a security hole in USB drives that is technically unpatchable, and what it can do is actually pretty serious: it hides from the system the fact that it’s a USB drive and pretends that it belongs to another hardware class that can then perform malicious actions in the computer, right under the nose of antivirus scanners. Karsten Nohl & Jakob Lell, the guys who found the vulnerability demonstrated how a system could be compromised using this flaw.
Slides of their talk at Black Hat 2014 can be found here.
2. Hacking into airplanes
Researcher Ruben Santamarta of IOActive has found how to hack satellite communications equipment on passenger seats using their WiFi and inflight entertainment systems, a top-priority issue that allows attackers to interfere with the plane’s navigation and overall safety. However, Cobham Plc (one of the makers of the equipment systems that Santamarta hacked into, along with Harris Corp, EchoStar Corp's Hughes Network Systems, Iridium Communications Inc and Japan Radio Co Ltd) stated that to take advantage of a flaw like this, one must have physical access to Cobham’s equipment – something that only authorized personnel has.
3. Flaws in DropCam allow hackers to take over your camera
Patrick Wardle (director of research at Synack) and Colby Moore (security research engineer at Synack) have found some security holes in the video monitoring solution DropCam, which they presented in DefCon in Synday. These issues do not have a high risk though, because one has to have physical access to the camera in order to actually take advantage of them.
4. Tor’s vulnerability
One talk that was cancelled is Alexander Volynkin’s (researcher at Carnegie Mellon), for reasons that are not very clear. The official notice from Black Hat says that the materials Volynkin found were not yet approved by SEI (Software Engineering Institute) for public release. Rumors have it that the talk was going to uncover malicious relay nodes that Tor was using for months, but were eventually found by Tor’s developers and had the software updated (more details can be found here). For those who are not aware of Tor and how it works, it’s a browser different from the rest that uses many relay nodes in order to hide a user’s real location (which is the reason why it’s called “the Onion network”).
5. Vulnerabilities in Symantec’s Endpoint Protection
Mati Aharoni, lead trainer and developer for Offensive Security (does Kali Linux ring a bell?), is responsible for the discovery of 3 zero-day flaws in Symantec’s Endpoint Protection product which allowed logged-in users to gain higher-level access to a computer. Aharoni kept the good stuff (proof-of-concept code) for the Advanced Windows Exploitation training class at the Black Hat conference, but it’s now available for everyone in exploit-db. Symantec was quick to fix the security holes so administrators will be safe from them as long as they download the fix from the company’s FileConnect service.
Here is a short video in which the exploitation process is demonstrated, released a few days ago.
6. Routers are common targets
Dan Geer (In-Q-Tel Chief Information Security Officer) discussed an issue that concerns everyone who connects to the internet through a router. He says that routers are rarely updated to the latest firmware by their owners, leaving huge security holes for attackers to take advantage of and do essential damage to the end users. In DefCon, a contest named “SOHOpelessly Broken” was held and tested the hackers’ router-hacking skills.
7. NAS Boxes are susceptible to attacks too
Jacob Holcomb is a security analyst at Independent Security Evaluators and this year he talked about how vulnerable NAS (Network-Attached Storage) devices are to hackers. In fact, he tested NAS boxes from 10 manufacturers and he was able to find vulnerabilities in all of them that could lead to devastating damage. As he said, “There wasn’t one device that I literally couldn’t take over. At least 50 percent of them can be exploited without authentication”. Let’s see how long it takes for manufacturers to fix the holes and release patches for the users.
8. Remote device management
Have you heard of the OMA-DM (OMA Device Management) protocol? It allows carriers to remotely install firmware updates, change network settings and do other things in your device that could ultimately be vulnerable and give attackers the chance to take control of the device. Mathew Solnik and Marc Blanchou, researchers at Accuvant, addressed this issue and demonstrated how the devices could be exploited remotely.
9. Wireless Car Hack
Silvio Cesare has found a way to wirelessly unlock keyless car locks, and guess what- he’s showing it in Black Hat. His method includes hardware parts that cost about 1000$, and possibly have the attacker stay in range for two hours. You could say that it’s not worth it since there are cheaper and quicker methods for stealing a car (not sure if they’re more efficient though) but hacking is all about stealth and that’s what Cesare came to teach us. You can watch a video of him demonstrating the attack in his own 10-year-old car in this article from Wired, along with details from Cesare’s interview.
10. Controlling every connected automation device in a 5-star hotel
Jesus Molina, while enjoying the luxury of St. Regis Shenzhen hotel in China, decided to reverse-engineer the “Digital Butler” iPad app that was given to guests and he ended up playing with the lights, the TV, room temperature, in-room music and even the automated blinds, not only in his own room but in every room in the hotel. In fact, he didn’t even have to be in the hotel (or in China) to do this. The details of his hack were discussed in the Black Hat conference.
I hope you found those subjects entertaining and got even just a little bit more informed, but the most important thing is to be concerned about the digital security around you (or better yet, lack thereof). Let’s hope next year’s Black Hat/DefCon is even better!