Friday 2 August 2013

Tragedy and controversy fail to slow innovation at Black Hat


V3 reporter Shaun Nichols 
As dawn broke on the 2013 Black hat security conference, attendees and organizers alike had heavy hearts and plenty of apprehension.
Just days prior, news had broke of the death of iconic security researcher Barnaby Jack. The master hacker had made headlines at previous conferences for demonstrating high-profile hacks such as a cash-spitting ATM machine and, more importantly, had no shortage of friends and admirers within the security industry.
Jack had been scheduled to demonstrate at the conference, showing off hacking techniques which could have left implantable biomedical devices vulnerable to attacks. As the show kicked off, many were still in mourning, and Black Hat general manager Trey Ford Solemnly kicked the conference off with a moment of silence.
Further complicating matters was a sense of tension caused by the conference's keynote speaker. NSA chief General Keith Alexander had long been scheduled to open the conference with his address. In the weeks leading up to the speech, however, news broke about the NSA's secret PRISM surveillance programme and the saga of Edward Snowden left many in the security community with a less than stellar opinion of the NSA.
Even with the tension and heartbreak, however, the Black Hat community endured.
Alexander kicked off the show with a surprisingly candid explanation of the NSA surveillance programme which included screenshots and a detailed explanation of the surveillance tools themselves. Despite the occasional outburst from hecklers in the audience, Alexander's keynote went off with minimal interruption and, despite the obvious tension in the air, his keynote drew applause from the thousands in attendance.
With the keynote out of the way, Black Hat's numerous presenters were able to do what they do best: hack stuff.
Among the most fascinating presentations was a demonstration by iSEC researchers which showed how an aftermarket femtocell unit could be modified to become a surveillance and espionage kit. While previous demonstrations had been able to intercept SMS messages, the iSEC researchers took things a step further by intercepting audio from a call live on stage and showing how hansets connected to the femtocell could effectively be “cloned.”
The phone hacking fun continued when a group of researchers from Georgia Tech University exploited flaws in Apple's iOS platform to craft a malicious “charger” system which could take over the device and use an uploaded developer profile to install malware and then hide the applications as otherwise legitimate iOS apps.
In the weeks leading up to Black Hat 2013, the big security story was the high-profile Android flaw which left an overwhelming majority of devices prone to attack. That flaw, discovered by Jeff Forristal of BlueBox, exploited a weakness in the way Android applications are compressed and installed on a handset. According to Forstall, the flaw only came to light when he tried to input coordinates onto a mapping application.
Later in the week, the security community gathered at the room and time slot in which Barnaby Jack would have given his presentation. At the request of the family and Black Hat, press were asked not to record the event or directly quote any of the speakers at the session.
Even amidst the heartbreak and turmoil, Black Hat went on. The show, which started under a dark cloud of grief and suspicion, would go on to celebrate the ingenuity and creativity of the research community, while still paying tribute to one of its fallen heroes. The hackers may have been heartbroken, but they were not halted.

No comments:

Post a Comment