These were the best hacks at Black Hat and Defcon this year

If you weren't in Las Vegas for the heat and hacking, we've got you covered.

(Image: file photo)

Black Hat Briefings and Def Con, the two annual security conferences you shouldn't miss, are drawing to a close.

Each year, security researchers and hackers bring their exploits and discoveries to share with the common aim of making the world more secure. But if you weren't in Las Vegas for the heat and hacking, we've got you covered.

From ZDNet, sister-site CNET, and around the web, here's the best of Black Hat and Def Con.

3G, 4G LTE NETWORKS JUST AS PRONE TO STINGRAY PHONE TRACKING

ZDNet: A flaw in modern 3G and 4G LTE cell networks could be used to pave the way for a next-generation of stingray devices, otherwise known as cell site (or IMSI) simulators. These highly controversial surveillance devices are shrouded in secrecy, but are almost exclusively used by police and law enforcement, often without warrants, in order to carry out indiscriminate cellular surveillance.

ICLOUD SECURITY FLAW PUT IPHONE, MAC PASSWORDS AT RISK

ZDNet: A security researcher found a bug, later patched by Apple, which could've let an attacker or insider gain access to an entire account's iCloud Keychain. The vulnerability was found by targeting a weak point in the end-to-end encryption, which let the researcher steal passwords and other secret data, like the Wi-Fi network names and visited websites and their passwords.

CAR WASH HACK CAN ATTACK VEHICLES AND TRAP PASSENGERS

Motherboard: Hackers have shown how to remotely hijack an internet-connected car wash, which they say could be used to hurt someone -- the first cyberattack turned physical attack of its kind. "An attacker can send an instantaneous command to close one or both doors to trap the vehicle inside, or open and close one door repeatedly to strike the vehicle a number of times as a driver tries to flee," wrote Motherboard.

FRUITFLY, A NEAR-UNDETECTABLE BACKDOOR, CAN TAKE OVER YOUR MAC

CBS News: Fruitfly is the name of a stealthy but highly-invasive malware for Macs that went undetected for years. An attacker can remotely take complete control of an infected computer, including accessing user files, and the computer's webcam, screen, keyboard and mouse.

HACKER WARNS RADIOACTIVITY SENSORS CAN BE SPOOFED OR DISABLED

Wired: A series of vulnerabilities in the software and hardware of radiation detection systems can be exploited to, in its worst case scenario, "confuse nuclear engineers, or prevent them from responding to an ongoing radioactive leak." A hacker could disable radiation monitors to allow dangerous nuclear materials to bypass checkpoints.

SECURITY RESEARCHERS HACK ATM TO MAKE IT SPEW CASH

CNET: A security flaw in the embedded system of a Diebold Nixdorf cash dispenser let hackers raid the cash stored inside. A vulnerability near the ATM's speakers in the upper section provided an opening for potential hackers to loosen and expose a USB port. "We're pretty sure we can just ask it to give us the money," said one of the hackers.

b-2-cash-machine.jpg

A FLAW IN CELL NETWORKS LETS HACKERS PRETEND TO BE YOU

CNET: A flaw in how phones switch from modern LTE cell networks to the older, fallback 2G network can let an attacker send text messages and make phone calls from a victim's phone number. The hack works because of the way your phone rushes to keep a connection running when it switches between network technologies, according to the security researchers who found the flaw.

HOW THE FBI TOOK DOWN THE NOTORIOUS AVALANCHE BOTNET

Dark Reading: A senior FBI agent described how the agency took down one of the largest, most damaging international botnets in living memory. Avalanche, the command and control network behind several ransomware and trojans, was a "network of servers used to spread malware campaigns" that facilitated so-called money mule laundering schemes. More than 800,000 domains associated with the complex network.

HOW SECURE - REALLY - ARE U.S. ELECTION SYSTEMS?

USA Today, Reuters: US officials say that no votes were affected in the recent US presidential election. Hackers in Las Vegas have been challenged to "prove it." The hackers have been given rare access to try to break into dozens of pieces of election equipment, including voting machines that are currently in use. The security researchers will spend the weekend trying to hack the machines and trying to alter the voting machines' results.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All