Saturday, 27 July 2013

Black Hat 2013: Hacking Home Security Systems, Cars, NSA

Black Hat
In just a few days, Las Vegas is going to be overrun by information security folks for Black Hat and DEF CON. As always, there will be drama and excitement.
The Black Hat conference and DEF CON are where white hat, black hat, blue hat, and grey hat types rub elbows. There Federal government and law enforcement folks listen to some of the latest research coming out of the community, and rumor has it some career recruiting happens there, too. The research presentations are all so interesting and it's hard to pick which ones to attend.
Black Hat 2013 Bug
Home Security Under Attack
Two talks on home networking equipment are scheduled for Wednesday, followed by three more on Thursday.
Bishop Fox researchers will be talking about breaking home security systems, such as cracking simple door sensors, intercepting signals and bypassing the keypad. The Trustwave team will be talking about how home-based technologies, such as locks, thermostats, and other devices that can be remotely controlled, open the door to cyber-attacks and home invasions.
On Thursday, a researcher from Tactical Network Solutions will look at zero-day vulnerabilities in consumer and enterprise network surveillance cameras manufactured by D-Link, Trendnet, Cisco, IQInvision, Alinking and 3SVision. A researcher from SensePost will show how protocols used by home automation systems (such as those that handle heating, ventilation and air conditioning systems, lighting, and physical security) are vulnerable to attacks. A team from iSec Partners will demonstrate the vulnerabilities in a Samsung Smart TV.
If that isn't enough to scare you from ever having anything with an IP address in your house ever again, over at BSides Las Vegas, Bharat Jogi, a researcher at  Qualys, will be demonstrating serious vulnerabilities he found in D-Link surveillance system that allowed him to take over all the IP cameras associated with the system.
Hack-a-Car
After the car hacking sessions, I may never get in a car again. Good thing you don't really need a car in New York City.
Two researchers will demonstrate a device that can bypass security in a car's electronic control unit as part of Black Hat Arsenal. Hacker and security researcher extraordinaire Charlie Miller and Chris Valasek from IOActive will demonstrate how to hack various car network systems, including those related to braking and steering, at DefCon. 
The Opening Keynote
A few months ago, Black Hat announced that General Keith Alexander, the head of the National Security Agency, commander of the US Cyber Command, and the man in charge of PRISM, will be delivering the opening keynote. With Edward Snowden still holed up in the transit lounge in Russia (soon to become a temporary resident in Russia, perhaps?), and details about PRISM and other surveillance programs dribbling out, we all wonder—is Gen. Alexander still going to show up next Wednesday?
In previous years, Black Hat and Def Con has been styled as a "neutral" zone where the black hats and the feds can co-exist peacefully, and even speak with each other. Sure, there are games like "Spot the Fed," but it has always been about fun. However, Def Con this year requested the feds to stay away to "avoid conflict."
Considering that Black Hat attendees are not known for being a docile bunch, the keynote will be interesting.
"He has guts.  He's going into the belly of the beast—hacker central—right in the midst of the Eric Snowden leak story," John Dickson, head of The Denim Group, wrote in a blog post.
Dickson has some questions he would like the chief spook to answer, though. While some are a little flippant—"How quickly did you unfriend Eric Snowden on Facebook when he boogied to Hong Kong?"—or silly—"Seriously, how much fun was it when you hit the 'Go' button for Stuxnet?"—some touched upon the massive surveillance the government does—"How anonymous is Anonymous?" and "What happens in Vegas, stays in Vegas is a total myth, right?"
You can see the full list of questions on Dickson's blog here.
We will be covering many sessions from Black Hat and Def Con next week, so check in regularly for updates.

No comments:

Post a Comment