Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ten scary hacks I saw at Black Hat and DEF CON

Lucian Constantin | Aug. 13, 2015
Security researchers and hackers gathered in Las Vegas over the past week to show off and learn about the latest vulnerabilities that affect devices and software that the world relies on every day. Black Hat and DEF CON, the world's top security conferences, did not disappoint.

Security researchers Mickey Shkatov and Jesse Michael from Intel's security group found that the firmware update process for a popular modem module made by Huawei was insecure. At DEF CON they showed how this could be exploited by malware running on the main OS to write a modified firmware image to the modem and then use it to re-infect the system if the OS is cleaned or even completely re-installed.

Drones falling from the sky

The days when computer-controlled drones will be a normal sighting in the sky might not be far ahead. But if these flying devices are not designed with security in mind, they could also be regularly hijacked by hackers.

At DEF CON, researcher Ryan Satterfield from security firm Planet Zuda showed how he could kill the popular Parrot AR.Drone 2.0 in mid-flight, sending it crashing to the ground in a split second. The drone has a wireless network that can be easily hijacked and an open Telnet port with no authentication.

Satterfield's demonstration wasn't as much a hack as abusing existing features that completely lacked protection and should probably not even be there in the first place, like the open Telnet service.

Another DEF CON talk by researcher Michael Robinson was about hijacking the Parrot Bebop drone.

IoT massacre

Manufacturers are rushing to put wireless connectivity into electronic devices and hackers are rushing to show that they're designed with a disregard for the most basic security principles.

DEF CON had IoT hacking galore this year. Attendees could see hackers remotely hijacking electric skateboards, launching a man-in-the-middle attack against a smart fridge, messing with smart scales, taking over smart home automation devices, cameras, thermostats, baby monitors and more.

The on-site IoT hacking contest alone resulted in at least 25 previously unknown, or zero-day vulnerabilities, being found in a variety of devices. The contest was so successful that organizers were still left confirming and reporting some last-minute issues to manufacturers as the show came to an end.


Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.