Thousands of hackers and other cybersecurity professionals converged on Las Vegas this week for the annual Black Hat conference. Among the interesting topics: Can smart bulbs and smart lighting systems be hacked?
Here are some highlights:
A lightbulb worm?
Are smart bulbs vulnerable to hackers?
“Could a worm spread through a smart light network? Colin O’Flynn researched the idea, and “in particular dives into the internals of the Philips Hue smart light system, and details what security has been deployed to prevent this,” Black Hat notes about his presentation.
“Examples of hacking various aspects of the system are presented, including how to bypass encrypted bootloaders to read sensitive information. Details on the firmware in multiple versions of the Philips Hue smart lamps and bridges are discussed. [He] concentrates on examples of advanced techniques used in attacking IoT/embedded hardware devices.”
O’Flynn developed the world’s first open-source platform for side-channel power analysis and glitching attacks, and has spoken around the world about the application of this platform to various targets. Previously he worked with Atmel developing low-power wireless embedded systems.
Read more at:
News website Dark Reading covers numerous research highlights, including:
- Researchers Show How To Steal Payment Card Data From PIN Pads
Attack works even against chip-enabled EMV smartcards.
- Kaminsky Creates Prototype To Lock Out Attackers
Security expert warns the Internet could be lost to regulators and hackers if industry doesn’t start locking down security.
- Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing
Researchers from Rapid7 at DefCon will demonstrate vulnerabilities that allow attackers to turn point-of-sale devices into keyboards
- This Time, Miller & Valasek Hack The Jeep At Speed
Car hacking duo accelerates — literally — their epic Jeep Cherokee hack..
- Browser Exploits Increasingly Go For The Jugular
Black Hat USA panel to discuss browser attacks, which now go from browser userland to root privileges in no time flat.
Read the details at:
Highlights from The Associated Press:
- USB DANGERS
What happens when you drop nearly 300 USB drives on a college campus?
Spoiler alert: People not only pick them up, but they also plug them into their computers and open the files on them.
That was what Google researcher Elie Bursztein found in a study presented at Black Hat.
As part of his study, Bursztein dropped 297 USB drives in parking lots, hallways, outdoor areas and other places on the University of Illinois’ Urbana-Champaign campus. Inside the drives he installed special software that would allow them to “call home” if plugged in.
Of those drives 290, or 98 percent, were picked up and 135, or 45 percent, were plugged in and called home. The figures are concerning to security professionals who have long worried that systems could be hacked if a hacker dropped malware-infected USB drives near the offices of a company they wanted to breach for workers to pick up.
Bursztein said getting his program onto a small enough circuit board attached to a USB plug, then camouflaging that with a silicone outer shell was tricky but not impossible. The per-key cost was around $40.
- HACKERS AS INTERNET GUARDIANS
Hackers have played a key role in both shaping and protecting the internet since its early days and still do.
That’s what technologist Dan Kaminsky told a crowd of hackers and cybersecurity professionals Wednesday as he kicked off the annual Black Hat conference in Las Vegas.
Kaminsky is co-founder and chief technologist of the cybersecurity firm White Ops and he encouraged those in attendance to stay curious, but to always remember the importance of keeping the internet safe for everyone.
He also noted the important role that encryption technology has played in enabling e-commerce and economic growth over the past 20 years and encouraged the crowd to share its security knowledge in order to improve security for everyone.
- HACKERS FOR HILLARY
A fundraiser for Democrat Hillary Clinton’s presidential campaign was set to take place Wednesday in the same venue as Black Hat and feature the conference’s founder.
The event, slated for an upscale Mexican restaurant, promised to deliver discussions of cybersecurity policy with Black Hat and Def Con founder Jeff Moss. Also slated to attend were Michael Sulmeyer, the Clinton campaign’s Cybersecurity Working Group coordinator, along with Jake Braun, former Department of Homeland Security White House liaison.
Despite its founder’s involvement, the event isn’t officially tied to Black Hat. Tickets are being sold online and start at $100 for young professionals and run as high as $2,700.
The Democrats might be able to use the cybersecurity help after an embarrassing hack of emails from the Democratic National Committee that led to the resignation of chairwoman Debbie Wasserman Shultz and other party officials.