Black Hat and Def Con Expose Serious Security Issues

Hackers

Image by José Goulão via Flickr

This time every year, the world’s largest hacker convention convenes in Las Vegas.  Hundreds of network security professionals, both “White Hat” and “Black Hat“, discuss security vulnerabilities which can be used to take over everything from cell phones through Defense Department computers.

This isn’t the type of conference you attend with cell phone, tablet and Internet-connected laptop.  It’s the type of conference where you turn off every electronic device you have and leave them at home.  Hacking has been the name of the game for almost 20 years at Def Con.

The scariest hacks out of Def Con?

  • Siemens S7 hacks. NSS researcher Dillon Beresford demonstrated how to hack a Siemens S7 computer, gain read-and-write access to the memory, steal data, run commands, and shut the computers off.
    The scariest part?  These are the computers that are used to run big business, utilities and government systems.
  • Botnets of computers which are used to steal information, now can be controlled by almost untraceable telephone calls.  Researchers Itzik Kotler and Iftach Ian Amit demonstrated a VOIP-based control infrastructure with text-to-speech feedback.
  • Broadband-over-power technology monitoring allows criminals to break into homes, businesses and control power and other infrastructure.
  • A spy drone made from off-the-shelf electronics was demonstrated at both Black Hat and Defcon by its creators, Richard Perkins and Mike Tassey.
  • Hijack cars via their cell phone interfaces.  Remember that OnStar in your car and the new cell-phone controlled cars?  The one which the Secret Service removes from all cars it’s protecting?   A demo at Black Hat hacked a Subaru Outback car alarm, unlocked the doors, and started the vehicle, all using text messages sent over phone links to wireless devices in the vehicle.
  • It’s possible to acquire a person’s Social Security number using nothing more than a photo publicly available in online social-network databases, face-recognition software, and an algorithm for deducing the numbers.

Is this the new electronic future we’ve all been waiting for?

Print Friendly

Leave a Reply