Ten scary hacks from Black Hat and Defcon

| | Comments

Share

During the Black Hat and Defcon conferences, researchers wheeled out their best new attacks on everything from browsers to automobiles, demonstrating ingenuity and diligence in circumventing security efforts or in some cases in exploiting systems that were built without security in mind. Here's a handful of the ones that deserve the most concern.

Next Prev
Next Prev yah

Siemens S7 hack

NSS researcher Dillon Beresford demonstrated how to hack a Siemens S7 computer, gain read-and-write access to the memory, steal data, run commands and shut the computers off. All this is very bad when you consider these devices are used to control machines in factories, utility networks, power plants, chemical factories and the like. His findings were so troublesome that he pulled out of an earlier conference where he'd been scheduled to present the information until Siemens could patch the vulnerabilities he exposed.

Next Prev yah

VoIP botnet control

Botmasters can use VoIP conference calls to communicate with the zombie machines in their botnets, researchers Itzik Kotler and Iftach Ian Amit of security and risk assessment firm Security Art. They released a tool called Moshi Moshi that converts touchtones into commands the bots can understand and turns text into speech to capture information on compromised corporate computers and read it into voicemail for the botmaster to pick up later. The techniques enable botmasters to control their hijacked machines from wireless phones and even payphones.

Next Prev yah

Powerline device takeover

Independent researchers Dave Kennedy and Rob Simon showed Defcon a device they customised that can tap into home power lines to monitor and control home alarm and security camera systems. Using the device and broadband-over-power line technology, burglars could plug the device into an electric outlet on the outside of a house and monitor devices inside the home. They could deduce, for example, that if the alarm system is turned on and security cameras activated then the residents are not at home. The device can send signals that jam signals from the security devices, leaving burglars free to break in without worry that alarms will be set off, the researchers say.

Next Prev yah

Hacker drone

A spy drone made from off-the-shelf electronics was demonstrated at both Black Hat and Defcon by its creators, Richard Perkins and Mike Tassey. The model plane, Wireless Aerial Surveillance Platform (WASP), was tricked out with electronics that can crack codes and pick off cellphone calls, and an onboard computer that can execute a flight plan designed to have the plane circle above a target while it does its work. The researchers say that if they can build one, so can just about any country or corporate espionage group that puts its mind to it, so beware.

Next Prev yah

Car hijack via phone networks

A demo at Black Hat hacked a Subaru Outback car alarm, unlocked the doors and started the vehicle, all using text messages sent over phone links to wireless devices in the vehicle. The same type of exploit could just as easily knock out power grids and water supplies, says Don Bailey, a security consultant with iSec Partners, who presented the research. The common thread is that the car alarm and certain devices on critical infrastructure networks are all connected to public phone networks in ways that are fairly simple to compromise, and the prospect is threatening enough that the Department of Homeland Security wanted a briefing beforehand.

Next Prev yah

Hack faces to find Social Security numbers

A demo at Black Hat and Defcon showed it's possible to acquire a person's Social Security number using nothing more than a photo publicly available in online social network databases, face recognition software and an algorithm for deducing the numbers. The point is to show that a framework of digital surveillance that can go from a person's image to personal data exists today, says Alessandro Acquisti, a professor at Carnegie Mellon University, who presented the research. "This, I believe and fear, is the future we are walking into," says Acquisti.

Next Prev yah

Remotely shut down insulin pumps

Insulin pumps that diabetics rely on to keep their blood sugar in balance can be shut off remotely, a researcher demonstrated at Black Hat. Jerome Radcliffe, a diabetic himself, showed how he could pick off wireless signals used to control the pump, corrupt the instructions and send the altered commands to the machine. He could force the wrong amount of insulin to be pumped or shut the device off altogether, either of which could be fatal in the wrong circumstances. The problem, he says, is that the devices weren't designed with security in mind.

Next Prev yah

Embedded web server menace

There are embedded web servers that come in photocopiers, printers and scanners meant to make administering the devices easier, but they lack security, leaving them open to being pilfered for documents recently scanned or copied, Michael Sutton, vice president of security research at Zscaler Labs, told Black Hat. He says he's able to find these web servers through scripts he wrote to scan huge blocks of IP addresses and recognize tell tale web header fingerprints. "There's no breaking-in required," Sutton says.

Next Prev yah

Spreading false router tables

A researcher at Black Hat revealed a vulnerability in the router protocol Open Shortest Path First that lets attackers install false route tables on uncompromised routers in an OSPF-based network. That puts networks using the protocol at risk of attacks that compromise data streams, falsify network topography and create crippling router loops. The solution? Use another protocol such as RIP or IS-IS or changing OSPF to close the vulnerability, says Gabi Nakibly, a researcher at Israel's Electronic Warfare Research and Simulation Center, who discovered the problem.

Next Prev yah

SAP flaw

A flaw in SAP's NetWeaver software enables hackers to dodge authentication into the ERP system, says researcher Alexander Polyakov of security firm ERPScan, who presented his findings at Black Hat. The implications of this are that attackers could gain access to data and delete it, he says. He was able to Google hack servers that contained the flaw, he says, which was present on about half the servers he tested. SAP says it plans to issue a fix for the problem.

1
/12

Share

Comments

Latest UK

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message