Black Hat USA posted an impressive "first batch" of briefings that will be presented at the Mandalay Bay Convention Center in Las Vegas on August 6 and 7. Here are a few that have already caught my eye.
Jesus Molina makes a tempting case to attend the session Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment. "Have you ever had the urge to create mayhem at a hotel? Force every hotel guest to watch your favorite TV show with you? Or wake your neighbors up (all 290 of them!) with blaring music and with their blinds up at 3 AM? For those with the urge, I have the perfect place for you."
Molina points toward the "St. Regis ShenZhen, a gorgeous luxury hotel occupying the top 28 floors of a 100 story skyscraper," where guests use an iPad2 as a remote control for "lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions. However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely."
If you've ever wanted to get N.A.S.TY then want no more as @rootHak42, aka Jacob Holcomb, will exploit vulnerabilities during Network Attached Shell: N.A.S.TY Systems that Store Network Accessible Shells. "In order to achieve the glorious ro0t (#) shell!...Dozens of previously undisclosed, critical security vulnerabilities" are used "in numerous network storage devices from a handful of goto manufacturers (manufacturers: e.g., Seagate, D-Link, Netgear)." He's talking about network-based storage systems that are used "in millions of homes, schools, government agencies, and businesses around the world for data storage and retrieval." The attacks for the talk were developed to "demonstrate how unauthenticated attackers can compromise and control storage systems with and without user interaction."
The car-hacking talk by Charlie Miller, aka @0xcharlie, and Chris Valasek, aka @nudehaberdasher, was rejected by Black Hat organizers in 2013, but the duo's Def Con presentation practically created a tsunami of press. Previous research only looked at three or four specific vehicles for which "a malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes." This year at Black Hat, Miller and Valasek will enlighten the masses about Remote Automotive Attack Surfaces on a large number of different manufacturers. That helps answer which ones are less secure and how to protect our vehicles from attack.
Oh sure, there's been some cool research into dongles in the past, said Andreas Lindh; but during Attacking Mobile Broadband Modems like a Criminal Would, he will "focus on some more likely scenarios; web-based attacks that are not that hard to pull off but that will allow the attacker to cash in without too much effort." His talk will demonstrate "why it is easy being an Internet criminal."
Speaking of criminals, or real black hats, Rob Ragan and Oscar Salazar ask, "What happens when computer criminals start using friendly cloud services for malicious activities?" That answer, as well as how to trample terms of service and "how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments" will be addressed in Cloudbots: Harvesting Crypto Coins Like a Botnet Farmer.
In the abstract for Cellular Exploitation on a Global Scale, Mathew Solnik and Marc Blanchou explain, "Manufacturers and enterprises have claimed control over not just how your phone operates, but the software that is allowed to run on it. However, few people know that Service Providers have a hidden and pervasive level of control over your device. These hidden controls can be found in over 2 billion cellular devices worldwide. Organizations have been quietly deploying these controls in smart phones, feature phones, basebands, laptops, embedded M2M devices, and even certain cars." If you attend their talk, you will come away armed with open source tools and detailed insight into hidden control mechanisms in Android, iOS, Blackberry, and Embedded M2M devices.
What havoc could you wreak by Attacking Cisco Hosted VOIP Networks? Eavesdropping, call spoofing, bypassing authentication, compromising desktop and mobile clients and more! After discussing zero-day attacks, ID spoofing, man-in-the-middle (MITM) attacks and crashing mobile clients - to name but a few - Fatih Ozavci will give a live demonstration. "Attacking Cisco VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the presenter). It has a dozen modules to test trust hacking issues, signaling attacks against SIP services and Skinny services, gaining unauthorized access, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM."
Silvio Cesare will present Breaking the Security of Physical Devices during which he will show how to break the security of a popular model car and home alarms systems. He will also explain ways to mitigate the attacks, "which essentially comes down to avoiding the bad and buying the good. But how do you know what's the difference? Come to this talk to find out," he said.
Had you started to trust the USB again? You probably won't after BADUSB - On Accessories That Turn Evil. Karsten Nohl and Jakob Lell will tell you about a "new form of malware that operates from controller chips inside USB devices" before demonstrating a "full system compromise from a USB and a self-replicating USB virus" that is "not detectable" with current defenses.
That's a sampling of the mischief and/or knowledge that's in store for Black Hat USA!
Like this? Here's more posts:
- Judge to Microsoft: Hand over cloud data no matter where in the world it is stored
- Targeted ads that track how and where you drive are coming to connected cars
- New NSA Chief expects attacks attempting to damage, destroy critical infrastructure
- Record and rewind: Cops quietly test aerial surveillance to track crime
- Smart toilet spying on health is a hoax, but is there privacy in a public potty?
- No reasonable expectation of privacy when third parties cross the creepy line?
- USA world rankings: #1 for sending spam, #8 for Netflix streaming speeds
- Microsoft shares 2 cybersecurity papers to protect infrastructure and supply chain
Follow me on Twitter @PrivacyFanatic