During the first week of August, like-minded individuals converged on Las Vegas to celebrate their shared love of a future deeply imbued with technology and a society improved by science and rational thought. Those people were at the Star Trek convention. A few casinos away, a similar group gathered to talk about all the new and exciting ways they’d discovered to steal information and hack into systems. Those people were at Black Hat.
Black Hat bills itself as the premier show for offensive security, and it lived up to its promise. This year, we knew we’d hear about hacking Linux-powered rifles, remotely taking control of cars, and attacking Android phones with malicious text messages. But also tackled were the Stagefright Android vulnerability, another flaw by which a clever attacker could use dormant plugins on most Android devices to take control of the phone as if the attacker were holding it, and a clever attack that could steal all of your files from a cloud storage service without you ever being the wiser.
Black Hat is also about learning about how to be a better hacker or security researcher, as the case may be. This year saw attendees learning how to use special security software designed for security research and a session that explained how to carry out research without getting arrested.
Two PC Magazine colleagues and I attended Black Hat this year, and somehow we made it back alive. We bring with us terrifying tales, but also good advice, and the hope that our digital lives can be made safer and more robust through better security.
Hacking Cars From a Cell Phone
Chris Valasek and Charlie Miller have been working on various attacks on cars for a while now, but their most recent efforts are perhaps the most dramatic to date. They found a way to gain control of the onboard entertainment unit, and use it as a backdoor into more of the car’s systems. The end result is seizing control of a car remotely, and being able to drive it off the road.
Miller and Valasek’s previous work required having physical access to the car in order to attack it. But this latest research only required being near the car for an initial attack, which makes it much scarier. Not to worry, though! Chrysler has since recalled 1.4 million vehicles to address the problem. But as cars become even more connected and intertwined with complex electronics, this probably won’t be the only attack we see.
Gas Pump Attack
Speaking of cars, Trend Micro set out to discover if hackers were going after gas pumps. The short answer: yes. The longer answer: Hackers are attacking gas pumps a lot. Researchers Kyle Wilhoit and Stephen Hilt told the crowd at Black Hat that they observed 23 attacks on a honeypot gas pump system between February and July.
Though the researchers used a bogus gas station system to lure hackers, such attacks could cause some real problems. Depending on what the attacker gained access to, he or she could change how gas is distributed, what kind of gas is being pumped, and trick the system into thinking there’s plenty of fuel available when there’s actually none.
Turning Your Computer Into a Secret-Spewing Radio Station
When you have a computer or a network that is really important, you isolate it from the Internet behind what’s called an air gap. But Ang Cui showed that even then, hackers may not be shut out. According to his research, specially made malware can use the components inside consumer electronics to broadcast messages in the RF range. Once infected, a device can spew its secrets to a hacker on the other side of steel reinforced concrete.
Of course, infecting a device requires direct access. And the infected electronics need to have sufficiently long wires to serve as a broadcast antenna. But it’s one of the more ingenious attacks we saw at Black Hat this year.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE