With less than a month until Black Hat USA 2014 and some hot talks in the lineup that are already making headlines, we've put together a cheat sheet of hot talks lined up for the professional infosec industry's most contentious domestic conference.
Black Hat USA returns for its 17th year to Las Vegas, with four days of trainings and two packed days of talks from August 2-7. It will be the conference's first time in a new location, the Mandalay Bay Hotel and Casino.
Last year's Black Hat USA left some tough shoes to fill after a lively keynote by the NSA's General Keith Alexander.
It was also the last US Black Hat run by Trey Ford, who is so admired in infosec communities that some are cautiously calling it our first "post-Trey" Black Hat — even though Mr. Ford remains on the conference's review board.
Here's our cherry-picked shortlist of hot talks to see at Black Hat 2014.
Speakers: Vijay Balasubramaniyan Raj Bandyopadhyay and Telvis Calhoun
Overview: One of the places Enterprise is most vulnerable to attack is at the human endpoints — your employees. Enterprises are vulnerable to "human hacking," the effective social engineering of employees, contractors, and other trusted persons. In particular, financial institutions have seen a significant increase in account takeover attacks over the phone by sophisticated fraudsters socially engineering call center agents.
The customer information required is often obtained by gathering intelligence through reconnaissance, probing systems or humans. In this talk, the researchers will show how to detect both the account takeover calls using acoustical anomalies and the reconnaissance calls leading to it through graph analysis.
Using acoustical anomalies, the researchers claim they're able to detect over 80 percent of these calls with less than a 2 percent false positive rate, and that their graph analysis is able to see reconnaissance calls for 46 percent of these account takeovers 10 days before the actual takeover. These results are presented on a dataset of over hundreds of million calls.
In the process, they'll reveal the lifecycle of a phone fraudster as one works through both the call center agent and its technology to extract information about a customer and take over their account.
Speakers: Alexander Volynkin and Michael McCord
Overview: From the Daily Dot's already-quivering writeup Hackers promise to break Tor on a $3000 budget,
Two hackers are promising to show how they’re able to deanonymize Tor users with a measly $3,000 budget at Black Hat 2014, a major hacking conference in Las Vegas next month.
"In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity," the presenters, Alexander Volynkin and Michael McCord, explain.
With "a handful of powerful servers and a couple gigabit links" (...) thousands of Tor clients and hidden services can be revealed "within a couple of months," the pair says.
Speakers: Karsten Nohl and Jakob Lell
Overview: USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe — until now. This talk introduces a new form of malware that operates from controller chips inside USB devices.
USB sticks, as an example, can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user. They will demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.
Speaker: Alex Stamos
Overview: Alex will detail his first six months as the CISO of Yahoo; he'll review the impact of the government surveillance revelations on how Yahoo designs and builds hundreds of products for across dozens of markets.
The talk includes discussion of the challenges Yahoo faced in deploying several major security initiatives and useful lessons for both internet companies and the security industry from his experience.
Speakers: Mathew Solnik and Marc Blanchou
Overview: Few people know that service providers have a hidden and pervasive level of control over your device. These hidden controls can be found in over 2 billion cellular devices worldwide. Someone with knowledge of these controls and the right techniques could potentially leverage them for cellular exploitation on a global scale.
Layer by layer, Mathew and Marc have reverse-engineered/deconstructed these hidden controls to learn how they work and will discuss and disclose how over-the-air code execution can be obtained on the major cellular platforms and networks (GSM/CDMA/LTE). Including but not limited to Android, iOS, Blackberry, and Embedded M2M devices.
Speakers: Yeongjin Jang, Tielei Wang, Byoungyon Lee and Billy Lau
Overview: The researchers will disclose their process for jailbreaking the latest version of iOS (version 7.1.1), running on any iOS device including the iPhone 5s as well as older iPads and iPods. They will discuss the steps in a walkthrough, and say they'll include a detailed disclosure of several new vulnerabilities and the exploit techniques that they've developed.
Payment system threats
Talk: Mission mPOSsible
Speakers: Nils and Jon Butler
Overview: Mobile Point-of-Sale (mPOS) systems are everywhere and allow your favorite merchants globally to use their favorite iDevice (and others) to complete transactions.
The problem is that Nils and Jon Butler have found a series of vulnerabilities that allow them to gain code execution on these devices through each input vector — simply put, they can hack some of the leading chip and pin payment solutions. They’ll be live demoing their attacks and showcasing a new malicious credit card.
Speaker: Billy Rios
Overview: Airport securitycheckpoints see millions of people every day. How secure is this sophisticated technology? Billy Rios will be revealing vulnerabilities of these security systems as well as how the devices used to detect threats actually work.
Speaker: Ruben Santamarta
Overview: Satellite Communications (SATCOM) play a vital role in the global telecommunications system. We live in a world where data is constantly flowing. It is clear that those who control communications traffic have a distinct advantage.
The ability to disrupt, inspect, modify, or re-route traffic provides an invaluable opportunity to carry out attacks. Ruben focused his research on Earth station terminals that encompass the equipment located both on the ground and on airplanes and ships (thus this segment includes air and sea).
He found that 100 percent of the devices could be abused. These vulnerabilities allow remote, unauthenticated attackers to fully compromise the affected products. In certain cases, no user interaction is required to exploit the vulnerability, just sending a simple SMS or specially crafted message from one ship to another ship can do it.
Home automation hacks
Speakers: Yier Jin, Grant Hernandez and Daniel Buentello
Overview: The Nest Thermostat is a smart home automation device that aims to learn about your heating and cooling habits to help optimize your scheduling and power usage. Debuted in 2010, the smart NEST devices have been proved a huge success that Google spent $3.2B to acquire the whole company.
Although OS level security checks are available and are claimed to be very effective in defeating various attacks, instead of attacking the higher level software, the researchers went straight for the hardware and applied OS-guided hardware attacks. As a result, their method bypasses the existing firmware signing and allows us to backdoor the Nest software in any way we choose.
This hack would allow remote attackers to essentially have a spy in the home with the ability to learn the schedule of users (when they're home and not), saved wifi passwords, etc.
Speaker: Logan Lamb
Overview: Logan will demonstrate a generalized approach for compromising three systems: ADT, the largest home security dealer in North America; Honeywell, one of the largest manufacturers of security devices; and Vivint, a top 5 security dealer.
He will suppress alarms, create false alarms, and collect artifacts that facilitate tracking the movements of individuals in their homes.
Speaker: Jesus Molina
Overview: Jesus takes a look at the gorgeous luxury hotel, The St. Regis ShenZhen, where every guest room has a remote control in the form of an iPad2. It controls everything from the lights to the temperature to the blinds and more.
Jesus found several fatal flaws that allow an attacker to control virtually every appliance in the hotel remotely (even from another country). The talk will discuss the full anatomy of the attack as well as the huge implications this has for large scale home automation applications as more and more hotels are offering this amenity.
Speaker: Silvio Cesare
Quick Overview: In this talk, Silvio will look at a number of household or common devices and things, including a popular model car and physical security measures such as home alarm systems.
Among other things, Silvio built an Arduino and Raspberry Pi based device for less than $50 dollars that could be trained to capture and replay fixed codes (used in most alarm systems) to defeat the alarms.
He'll also show that by physically tampering with a home alarm system by connecting a device programmer, the eeprom data off the alarm's microcontroller can be read. This means that an attacker can read the secret passcode that disables or enables the alarm.
Speakers: Charlie Miller and Chris Valasek
Overview: Automotive security concerns have gone from the fringe to the mainstream with security researchers showcasing the susceptibility of the modern vehicle to local and remote attacks.
We know that a malicious attacker leveraging a remote vulnerability can do some pretty dangerous things such as turning the steering wheel or disabling the breaks. The issue is that research has only been presented on three to four particular vehicles.