This year’s Black Hat Briefings and DEF CON conference returned to Las Vegas with new vulnerabilities and exploits currently plaguing the world of cyber security. As usual, there was no short amount of hackers revealing new bugs and making practical demonstrations of new bypassing methods.
2017 marks the 20th anniversary of the first Black Hat Briefings and, in recent years, the event has shifted from a small gathering of computer security aficionados to a big-time conference where hackers and industry-leading firms like Cisco rub elbows and work together to solve current challenges.
Together with DEF CON, the two events are known as Hacker Summer Camp, and they bring cyber enthusiasts to the Nevada desert every year in search of opportunities and knowledge about both new breaching and protection methods. Here are some of the highlights of this year’s camp.
2017 Hacker Summer Camp: Mobile platforms are full of exploits
At Black Hat USA 2017, mobile platforms were in the spotlight. No user is untouchable, as demonstrated by hackers at the event because our devices and data are compromised at a network level.
One of the highlights of the conference was the fact that 4G LTE and 3G networks have a cryptographic flaw in their connection protocol to cellular towers that makes them just as vulnerable as old-time payphones. Theoretically, cyber criminals could use this to sting phones and listen in on people’s conversations.
A similar vulnerability found in the procedure by which phones change from LTE to 2G allows hackers to intercept the signal and “impersonate” your number to make calls and send text messages as if they were you. “The Ghost Telephonist” hack was first discovered in China and has been replicated in the U.S.
Apple devices were shown to be particularly vulnerable as well these last two weeks, with the reveal of the Fruitfly malware for Mac and an already-patched iCloud bug. The first one is stealthy and, if infected, allows hackers to take over Mac computers, while the second one gives them access to their iCloud Keychain.
Virtual vulnerabilities transcend to the physical world
DEF CON 2017 also had some highlights of its own, starting with the Voting Machine Hacking Village, a competitive event in which hackers had to break into voting machines used in past U.S. elections to demonstrate how vulnerable they are.
— Reuters Top News (@Reuters) July 30, 2017
Cyber enthusiasts not only achieved their goal in less than 90 minutes, but they also did it in various ways. Hardware-wise, the hackers were able to crack the machines open and find new flaws at a component level, and with software, they managed to gain remote control over them and tamper with the results.
Other instances in which physical breakthroughs happen were shown. A traditional ATM hack was showcased with a new twist: exposing a USB port behind an easily removable part to stick a flash drive and essentially command the teller to hand the money over.
Another impressive and innovative achievement included the hacking of an Internet-connected carwash. Hackers could control the machines and doors of the facilities to trap people inside and avoid the escape of a hypothetical driver by hitting the car with the automated tools.