Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The best of Black Hat: The consequential, the controversial, the canceled

Taylor Armerding | July 19, 2017
Over the past two decades, the annual Black Hat conference has had its share of controversy. CSO looks back at the most significant talks and demonstrations.

Credit: REUTERS/Steve Marcus

For two decades, Black Hat has gained a reputation for demonstrations of some of the most cutting-edge research in information security as well as development and industry trends. The event has also had its share of controversy – sometimes enough to cause last-minute cancelations.

Launched in 1997 as a single conference in Las Vegas, Black Hat has gone international with annual events in the U.S., Europe and Asia. This year’s U.S. event – the 20th – at Mandalay Bay in Las Vegas, begins July 22 with four days of technical training, followed by the two-day main conference.

CSO looks at some of the past Black Hat highlights – and a few that didn’t happen.


“Jackpotting Automated Teller Machines” – Barnaby Jack, 2010

The late white-hat hacker superstar took Black Hat by storm with his demonstration that he could make an ATM spew bills the way Vegas slot machines used to spew quarters, all with a few keystrokes from his laptop. Those in the audience described it as something out of the 1995 cyberpunk movie “Hackers.” It later became a plot line for a 2015 episode of the CBS TV crime drama “CSI: Cyber.”

The talk was controversial in part because it was supposed to have happened a year earlier, but Jack’s then-employers pulled his planned 2009 presentation after ATM makers made legal threats. Well in advance of his 2010 presentation, he had alerted the manufacturers about the vulnerabilities he had found in time for them to have remediation in place.


“iOS Security” – Dallas De Atley, 2012

The fact that this talk happened at all was a very big deal – the first time notoriously secretive Apple had cleared an employee to discuss its internal security. It was viewed as an acknowledgement that, after Flashback and Mac Defender malware had infected the Mac OS X operating system, the company could no longer claim that its products “don’t get PC viruses.”

The big deal about the talk itself was that it ended up not being a big deal. De Atley, manager of the company’s Platform Security team, left the packed room “bored and deflated,” according to the New York Times, when he spent the hour essentially reading a white paper synched to a PowerPoint, and then left without taking any questions.

According to one Twitter review, “It was very, very meh.”


“Battery Firmware Hacking” – Charlie Miller, 2011

Miller, at the time a principle research consultant for Accuvant Labs, poked another hole in the prevailing wisdom that Apple devices were more secure than others, by demonstrating that he had figured out both of the passwords protecting the embedded controller in “smart” batteries used in MacBook, MacBook Pro and MacBook Air laptop computers, and once inside, brick them – make them unable to take a charge or discharge any power.


1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.