Evil USBs, Google Glasses capturing your passwords and bitcoin mining are just a few of the tactics that top hackers from around the world are bringing to Vegas for the Black Hat conference this week.
Black Hat USA, an annual intense four-day hacking conference, is in its 17th year. It draws more than 7,500 of the world’s most renowned security experts: Black Hats and White Hats and everything in between.
Talented independent hackers, in house IT specialists, security architects, cryptographers, penetration testers, security software developers and more are here for cutting-edge briefings, training, and parties.
For those so inclined, Black Hat offers training to hone hacking skills and experts teach hands-on attack and defense courses.
Breaking Future Threats
Every year, leading security researchers take to the Black Hat stage to reveal their groundbreaking work in information security risks, research and trends.
During 25 and 50-minute speaking slots, they address a range of vulnerabilities from popular consumer devices through to critical international infrastructure.
Keynote speaker and In-Q-Tel CISO (Chief Information Security Officer) Dan Geer kicked Black Hat off with a bang on Wednesday, posing some radical ideas to improve security – not least of which was his call to the U.S. to buy all cyber security vulnerabilities and make them public.
Why? To eliminate any arsenals of cyber weapons outside of the U.S.
Geer also made a number of other bold recommendations including mandatory reporting similar to Center for Disease Control (CDC) processes and source code liability for companies whose products fail. He also recommended that abandoned products should be made open source so others can adopt and maintain them.
The first day of briefings was full of thought-provoking presentations.
“My Google Glass Sees Your Passwords!” by Xinwen Fu, Qinggang Yue and Zhen Ling presented a technique for capturing passwords by using a touchscreen device from as far as ten feet away.
“CloudBots: Harvesting Crypto Coins Like a Botnet Farmer” by researchers Bishop Fox, Rob Ragan and Oscar Salazar looked at how criminals can use free cloud services for nefarious activities. Given the rise of crypto currency, they explained how bitcoin mining operations in the cloud can be done easily with botnets mining for digital gold on someone else's systems. Botnets are networks of computers taken over by hackers with their owners’ knowledge. A ‘botnet farmer’ could, for example, use one of these networks to harvest someone’s bitcoin money to pay his or her phone bill.
Even before Thursday morning’s talk on USBs, it was already generating buzz in mainstream media.
In “BadUSB—On Accessories that Turn Evil” security researchers Karsten Nohl and Jakob Lell, talked about malware called BadUSB that can be installed on a USB device to take over a PC. It can invisibly infect the controller chips of USB devices, redirect a user’s Internet traffic, exfiltrate data and even spy on the user.
There was also a lively roundtable on Thursday about the vulnerabilities related to medical technology. Rapid7’s Jay Radciffe moderated a discussion entitled “Is there a doctor in the house? Security and Privacy in the Medical World” examining the risks of connected devices and the information on those risks available to users.