Security researchers Mickey Shkatov and Jesse Michael from Intel's security group found that the firmware update process for a popular modem module made by Huawei was insecure. At DEF CON they showed how this could be exploited by malware running on the main OS to write a modified firmware image to the modem and then use it to re-infect the system if the OS is cleaned or even completely re-installed.
Drones falling from the sky
The days when computer-controlled drones will be a normal sighting in the sky might not be far ahead. But if these flying devices are not designed with security in mind, they could also be regularly hijacked by hackers.
At DEF CON, researcher Ryan Satterfield from security firm Planet Zuda showed how he could kill the popular Parrot AR.Drone 2.0 in mid-flight, sending it crashing to the ground in a split second. The drone has a wireless network that can be easily hijacked and an open Telnet port with no authentication.
Satterfield's demonstration wasn't as much a hack as abusing existing features that completely lacked protection and should probably not even be there in the first place, like the open Telnet service.
Another DEF CON talk by researcher Michael Robinson was about hijacking the Parrot Bebop drone.
Manufacturers are rushing to put wireless connectivity into electronic devices and hackers are rushing to show that they're designed with a disregard for the most basic security principles.
DEF CON had IoT hacking galore this year. Attendees could see hackers remotely hijacking electric skateboards, launching a man-in-the-middle attack against a smart fridge, messing with smart scales, taking over smart home automation devices, cameras, thermostats, baby monitors and more.
The on-site IoT hacking contest alone resulted in at least 25 previously unknown, or zero-day vulnerabilities, being found in a variety of devices. The contest was so successful that organizers were still left confirming and reporting some last-minute issues to manufacturers as the show came to an end.
Sign up for CIO Asia eNewsletters.