![\"blackhat_title_EN\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/08\/05101755\/blackhat_title_EN.jpg\")
<\/a><\/p>\nThere are two conflicting realities at the Black Hat security conference: on the one hand, the event is thoroughly and unapologetically corporate. It\u2019s packed with the most brilliant, highly paid, and well-respected computer scientists and IT security professionals in the world. The vast majority of briefings are enterprise-focused, though, lucky for us, there were a number of consumer talks this year as well.<\/p>\n
On the other hand, this place is absolutely crawling with goons. If you have a computer or a smartphone or anything of any value whatsoever, during Black Hat, Las Vegas, Nevada \u2013 Caesar\u2019s Palace in particular \u2013 is among the most hostile environments in the western world (these are the actual, albeit slightly hyperbolic, words of an email I received from the company that hosts the event). Wireless networks, ATMs, and really anyone you\u2019ve never met before are not to be trusted. Part of the fun for the hacker-clientele in attendance at Black Hat is to humiliate and possibly steal from you as well. The press room is a maze of ethernet cords and the only safe place to get online. That we spend most of the day away from the safety of the press room Internet connections sitting offline in briefings at one of the most famous tech conferences in the world is very strange.<\/p>\n
What\u2019s stranger still is the odd dichotomy between the tinkerers with no formal education and the researchers with PhDs in mathematics. The line between cybercriminals and plain-clothed agents of the federal government is incredibly obscure \u2013 especially when you realize that both groups seek to learn about the very same attack techniques. Have no doubt though, nearly everyone here is a hacker and hacking is the only thing anyone is really talking about.<\/p>\n
\u00a0<\/p>\n
Hacking Humans<\/b><\/p>\n
Sadly, Barnaby Jack died just a week before he was scheduled appear here in a briefing called \u201cImplantable Medical Devices: Hacking Humans.\u201d The brilliant security researcher was at the forefront of implantable medical device research (implantable medical devices are those, like insulin pumps and pacemakers, that are implanted in a patient\u2019s body), a topic we intend to explore on the Kaspersky Daily very soon. Many of these devices transmit signals and have the capacity to communicate wirelessly with devices outside the body. These are obviously and increasingly hackable, and the loss of Barnaby Jack is an unfortunate. The beloved hacker from New Zealand famously hauled two ATMs into a presentation hall at Black Hat a few years back. Throughout the course of the talk, he sat on his laptop and compromised the ATMs in every way imaginable. He manipulated their display screens, made one of them think that the $20 bills encased within were $5 bills, and \u2013 of course \u2013 closed his briefing in style by forcing the other ATM to spew money out all over the stage.<\/p>\n
\u00a0<\/p>\n
Hacking Homes<\/b><\/p>\n
There were three home-security related briefings at Black Hat this year. In what may have been the simplest and most straight-forward briefing at the entire event, researchers Drew Porter and Stephen Smith demonstrated how incredibly easy it is to circumvent home and office security systems. There are some 36 million vulnerable systems deployed in the U.S. and the ones they examined consisted of three primary components: door and window sensors, motion sensors, and a keypad. The keypad, they said, is the brains of the operation. The keypad arms and disarms the system and communicates to a third party when any of the sensors has been tripped.<\/p>\n
Porter and Smith showed that they could trick circuit-based sensors with incredibly inexpensive items like magnets and strips of metal. Circuit-based sensors are those that create a circuit when the two sides of the sensor are touching (closed circuit: good). When that circuit is broken (open circuit: bad), perhaps by opening a door or window, the sensor sounds an alarm and communicates that there has been a breach to the keypad. The keypad then informs the third party that the alarm has sounded.<\/p>\n
The motion sensor alarms could be spoofed nearly as easily. The researchers didn\u2019t explain why and my understanding of the electromagnetic spectrum is somewhat limited, but for whatever reason, infrared lighting caused some trouble for the motion sensor alarms. When the researchers exposed the sensors to infrared lighting, which is conveniently created by lighting a common lighter, the sensors would not alarm. They were also able to trick the motion sensors in simpler ways. Just shielding themselves from the motion sensors with a large piece of cardboard or styrofoam was enough to trick the sensors into believing there was no movement.<\/p>\n
Most alarmingly, the keypads are vulnerable as well. Basically, the key pad receives electrical signals from the sensors. If the sensors are triggered, they tell the keypad and the keypad tells whichever third party it is programmed to tell. Maybe the police, maybe your smartphone. The keypads communicate in three ways: by landline, cellular, and data transmission. It\u2019s possible to jam or intercept traffic on all of them.<\/p>\n
In another talk, Daniel Crowley, David Bryan, and Jennifer Savage discussed the risks we face when we connect our home appliances like space heaters or door locks or even toilets to our home networks<\/a>. More specifically, Behrang Fouladi and Sahand Ghanoun demonstrated an attack targeting vulnerabilities in Z-Wave home automation systems. The Z-Wave protocol is growing in popularity and capable of controlling HVAC systems, door locks, lighting, and any number of other things in your home.<\/p>\n The biggest concern with much of the vulnerable home security system equipment is that it can\u2019t be patched like a computer or a piece of software. When Microsoft learns of a bug, they build a patch, and ship it to you on patch tuesday. Most security systems lack the ability to auto-update their respective firmware, so, in order to fix a bug in a product, a technician would need to come to the system to service it, which is both expensive and troublesome. In most cases no one is bothering to fix these bugs, but rather leaving systems vulnerable. Moreover, if you connect your system to the Internet, you should make sure it has some protection from remote attacks and that the update process is is secure as well. should be protected from remote hacks. Many vendors are simply not ready to play in this field \u2013 as you\u2019ll see for yourself in the next paragraph.<\/p>\n \u00a0<\/p>\n Hacking Like a Hollywood Hacker<\/b><\/p>\n A Maryland based vulnerability researcher named Craig Heffner presented a demonstration in which he hacked personal- and enterprise-grade surveillance cameras Hollywood-style. He claims that thousands of these cameras, deployed in homes, businesses, hotels, casinos, banks, and even prisons, military, and industrial facilities, are Internet accessible are vulnerable to the kinds of attacks you see in the movies. Heffner developed a proof-of-concept attack where he could remotely freeze and manipulate video on the devices.<\/p>\n \u00a0<\/p>\n Hacking Phones<\/b><\/p>\n Two talks in particular could have the effect of shattering all trust in the mobile ecosystem. One was the German researcher from Security Research Labs Karsten Nohl\u2019s SIM card\u00a0 attack. The other was Jeff Forristal\u2019s \u201cOne Root to Own Them All,\u201d dedicated to the widespread so-called Android master key vulnerability, which I will be publishing a full report on for you shortly.<\/p>\n Basically, a SIM card is a very small, but full-featured computer dedicated to secure storage and transmission of your data over cellular network. Nohl realized that the SIM cards in perhaps as many as a billion smart phones are vulnerable because they communicate using the data encryption standard, commonly referred to as DES. DES used to be the cryptographic standard, once endorsed by the National Security Agency. As a researcher pointed out to me on a cab ride we shared to the airport, DES is highly favorable because it requires little memory and it works fast. Unfortunately it\u2019s quite old and also easily cracked. So apparently these SIM cards are manufactured so the the network operators and service providers can communicate with them after they\u2019ve been sold to the end-user. This communication is necessary for patching an billing and a number of other purposes as you can read in this excellent write-up<\/a>. The communication between the SIM cards and the service providers are basically text messages that aren\u2019t displayed on the phone but processed directly by the SIM card. Nearly every phone in the world, Nohl said, contains a SIM card with the capacity to send and receive these sorts of text messages without the user\u2019s knowledge. In three years, Security Research Labs found just one phone that ignores these over-the-air (OTA) communications entirely.<\/p>\n In order to secure these communications, the messages are either encrypted or protected by cryptographic signatures or both. These measures made little difference to Nohl as he managed to crack the messages no matter what protection was used. The keys are largely based on the old DES algorithm. The OTA server belonging to the network providers and the SIM cards themselves use the same key \u2013 likely a decision made to conserve space on the SIM cards. If you figure out the key then you can trick the SIM card into thinking that you are the network provider. Nohl\u2019s demonstration involved a lot of math that I just won\u2019t go into, but the important thing to know is that once he convinced these SIM cards that he was the provider\u2019s OTA server, he could exploit<\/a> this situation in multiple ways: send premium-rate text messages, control call forwarding, update SIM card firmware and posslibly steal other data from SIM card, e.g. secure keys of payment application bundeld on some SIM cards.<\/a> The good news is that many operators have begun shipping more secure 3DES or AES-enabled SIM cards\u00a0 for a couple years now, and in light of Nohl\u2019s research, some of the big telcos quickly implemented various network-based fixes.<\/p>\n \u00a0<\/p>\n Hacking the Law<\/b><\/p>\n Marcia Hoffmann from the Electronic Frontier Foundation<\/a> led a cautionary briefing about the legal pitfalls researchers face when they expose security vulnerabilities. Part of the reason the Internet remains so hard to secure is that well-intentioned hackers often find themselves in legal trouble for exposing vulnerable systems. Much of her talk centered around specific case-studies, but her overall message was a warning: vague language leads to selective enforcement, she said. What she meant is that many of the laws that the government uses to prosecute alleged offenses online are wildly outdated, created at a time where the Internet and computers look nothing like what they look like today, and in need of serious repair.<\/p>\n \u00a0<\/p>\n Hacking TVs<\/b><\/p>\n Unsurprisingly, so-called Smart TVs, which look more and more like the common computer with every passing day, are just as vulnerable. Separate briefings presented by SeungJin \u2018Beist\u2019 Lee and Aaron Grattafiori and Josh Yavor demonstrated a vast array of potential attacks against these wildly expensive devices, which are selling in the tens of millions every year.<\/p>\n I was unable to sit in on either of these talks, but I did catch the pre-briefing press conference. According to Grattafiori and Yavor, they discovered a number of vulnerabilities in the underlying operating systems of these Internet-conected television sets. The duo claimed \u2013 and would demonstrate it in their briefing \u2013 that an attacker could remotely hijack a number of applications on the platform to take control of the devices and steal account information stored within. Potential exploitations could give attackers the ability to commandeer control of built-in cameras and microphones to perform various surveillance-related activities in addition to using these systems as a stepping stone into the locak networks on which they operate.<\/p>\n \u00a0<\/p>\n Hacking Cars<\/b><\/p>\n You have to wait for this one. Charlie Miller and Chris Valasek attended Black Hat, but they\u2019ll be presenting their automobile hack at DEF CON \u2013 the more hardcore hacker conference \u2013 that starts the day Black Hat ends. I won\u2019t be there, but I\u2019ll definitely write all about their demonstration as soon as I can. In the meantime, watch Miller and Valasek giggle from the back seat<\/a> as Forbes\u2019 security reporter, Andy Greenberg, drives a car that the two have ripped apart and are actively hacking. You can also read more about car hacking in this Kaspersky Daily report<\/a>.<\/p>\n \u00a0<\/p>\n Hacking the Internet<\/b><\/p>\n