In Las Vegas for its 23rd year, DEF CON's cavalcade of controversy spans four very full days of talks and workshops, expo, panels, Capture the Flag (CTF), Queercon, social engineering contests, a Car Hacking Village, the Internet of Things (hacking) Village, Defcon Kids, Deaf Con, the infamous Wall of Sheep, and much more.
And in a complete surprise this week, DEF CON announced its surprise guest for License to Pwn, panel on the still undefined, virulently debated Wassenaar Arrangement (a global agreement on weapons export controls). To put it lightly, the proposed changes to the agreement have caused deep rifts within the information security community.
This panel's guest is none other than Catherine "Randy" Wheeler, who oversees technology controls for the U.S. Commerce Department's Bureau of Industry and Security -- making this session a pivotal event in the history of this issue.
DEF CON 23 demo labs (including things like SpeedPhishing Framework (SPF), a new tool for penetration testers that quickly/automatically deploys phishing exercises in minimal time), and a smart watch attack tool.
DEF CON 23 runs August 6-9 (Thurs-Sun) in its huge new location at Paris and Bally's -- although conference hotels rooms at Paris and Bally's sold out in May.
ANNOUNCEMENT: #DEFCON Registration will begin Thursday 6am
These researchers will release and present six months of medical device honeypot research showing the implications of patient care devices increasing their connectivity. "We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented."
A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. LosT/1o57 created and runs the annual Mystery Box Challenge contest at DEF CON. Cryptically, there are no details for this talk, so we think it'll be interesting.
Certain file formats, like Microsoft Word and PDF, have features that allow for outbound requests to be made when the file open; these researchers explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective.
The Wassenaar Arrangement is a contentious topic, and it has galvanized two deeply divided sides of information security research into taking action -- sometimes carefully considered, sometimes vicious -- into action around the complex topic of regulating research. Updates to it in 2013 established an agreement to place previously undesignated "cybersecurity items" under export control. After 18 months and a half-dozen open advisory meetings, the U.S. took security research communities by surprise with its proposed rule -- and we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial cybersecurity, human rights, and national security. This panel's unexpected special guest is Catherine "Randy" Wheeler, with the U.S. Bureau of Industry and Security.
If you didn't see this talk at Black Hat on Thursday, Sandvik and Auger will talk about how they reverse-engineered the Networked Tracking Scope from former company TrackingPoint, the company's firmware, and TrackingPoint's three apps. TrackingPoint went bankrupt from lack of sales in Spring, shuttering its business and ceasing orders by May 2015. Sandvik and Auger also plan to discuss "the security and privacy implications of network-connected firearms."
"When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. (...) This talk will discuss risk, why its important, and the poor job the hacker community has done when it comes to properly assessing risk."
These researchers found a major flaw in the Brink's CompuSafe and will demonstrate how to crack one open in seconds. "All you need is a USB stick and a large bag to hold all of the cash. We'll discuss how to remotely takeover the safe with full administrator privileges, and show how to enumerate a target list of other major Brink's CompuSafe customers (exposed via configuration files stored right on the safe)."
"With some carefully crafted assembly, we'll show how to break down a reverse engineer by sending them misleading, intimidating, and demoralizing messages through the control flow graphs of their favorite RE tools - turning their beloved IDA (Hopper, BinNavi, Radare, etc) into unwitting weapons for devastating psychological warfare in reverse engineering."
In a world that is sort of being eaten by hypervisors, this talk is kind of a big deal -- and since four of the presenters are Intel security researchers, apparently Intel has cleared them to talk about this. They will "explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines."