/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

These were the biggest hacks at Black Hat and Def Con 2015

If there's one thing we know this year, you're not safe anywhere -- at home, in your car, or online.

|
zack-whittaker-hs2016-rtsquare-1.jpg
|
Topic: Security
a-1-hero.jpg
1 of 9 Felix Rieseberg/Twitter

Weren't in Vegas? Here's what you need to know

Hacks, exploits, vulnerabilities -- it's time to showcase them all. In a ten-day security extravaganza in Las Vegas, NV, the world's best security experts, hackers, and researchers come together to show the world how utterly unsafe it is. That's right -- their job is to scare us senseless in an effort to push device makers, car manufacturers, and other industry types into doing something about it.

Here's what you need to take away from the world's largest security conventions, Black Hat, and Def Con.

b-2-certifigate.jpg
2 of 9 Zack Whittaker/ZDNet

Certifi-Gate attacks can take over Android devices

Move over, Stagefright. A new lurking security flaw is on the scene. Meet "Certifi-Gate," an attack that can take over an entire Android device. It's a common security flaw in commonly used support tools which, according to some hackers, can give attackers full system permissions on an affected device. In a nutshell, that means hackers could exploit the flaw and swipe every shred of mobile device data you have.

Read more: "Certifi-Gate"-based attacks could take complete control of Android devices

c-3-rfid.jpg
3 of 9 CNET/CBS Interactive

Hackers can clone RFID access keycards

Thought your keycard was safe? Think again. Security researchers at Black Hat were able to clone radio-frequency enabled cards, with the aim of using them for nefarious purposes. By exploiting a vulnerability in the so-called Wiegand system, the researchers could effectively break into buildings using open-source hardware. How much did the makeshift skimming device cost? About $10.

Read more: A $10 device to clone RFID access keys on the go

d-4-onstar.jpg
4 of 9 ZDNet/CBS Interactive

Bad news for OnStar cars: You can be easily tracked

OnStar systems are designed to help you, and to keep you safe. But what if a hacker was able to exploit the system and gain access not only to your car, but also its ignition switch? White-hat hackers were able to use a Raspberry Pi device, which cost less than $100, to build a device that can "locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers." That could allow a hacker to not only access, but drive away with a person's car.

Read more: Unlock and track any GM OnStar connected car for $100

e-5-wired.jpg
5 of 9 Wired.com

Chrysler vehicles can be remotely hijacked and driven off the road

Staying with a vehicular theme, if you thought remotely stealing a car was scary, try being in one as it's being driven remotely by a hacker or two. Chrysler vehicles were at risk of being hijacked by hackers, thanks to a security flaw in its in-vehicle entertainment system. As many as 1.4 million cars were recalled as a result -- but that led to more  security issues arising. The car maker said it wasn't a "safety defect," which is reportedly why it buried the security flaw for a year and a half.

Read more: Hackers can take over your Jeep, literally driving you off the road | Why Chrysler's car hack 'fix' is staggeringly stupid

f-6-fingerprint.jpg
6 of 9 ZDNet/CBS Interactive

Hackers could grab fingerprints from Android phones

Smartphones nowadays contain almost every bit of data you own, from emails to phone numbers, and even your fingerprints. Is it that much of a surprise to learn even your fingerprints aren't safe? Researchers have found a way to pilfer your biometrics from many Android devices. In some cases, it's easier than others, because the fingerprint data isn't encrypted. The researchers warned common encryption issues could lead to fingerprints being "remotely harvested... in a large scale."

Read more: Hackers can remotely steal fingerprints from Android phones

g-7-nuclear.jpg
7 of 9 Wikimedia Commons

Network switches for major industrial units need fixing

Nuclear plants, factories, and other industrial units are all at risk of remote shutdown as a result of flaws in commonly-used enterprise networking gear. These flaws can be compromised by a man-in-the-middle attack, which can send wrong or spoofed data, leading "an industrial control system into a unknown and hazardous state."

Read more: Industrial control switches need fixing, now

h-8-intel.jpg
8 of 9 Intel

New vulnerability found in older Intel chips

In case you didn't know, we've got news for you: even processors are hackable. New research at Black Hat showed how older Intel chips running firmware-level security could be exploited by a hacker. That would in theory make it invisible to antivirus products running on the host operating system, and make it resilient to reinstalls and disk drive erasing.

Read more: New security vulnerability discovered in old Intel chips

j-10-iot.jpg
9 of 9 CNET/CBS Interactive

Internet of Things poses its own headaches with hackable devices

That's right: your thermostat can fight back. Newer devices connected from Philips to Samsung are vulnerable to exploit and hijacking. That's because these devices, such as smart hubs, monitors, and meters, are susceptible to man-in-the-middle attacks, among others. Even smart TVs are at risk of giving up a user's privacy, some reports have said.

Read more: Critical IoT security flaw leaves connected home devices vulnerable | Smart TVs and wearables are paving the way for massive privacy breaches

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users
iVerify

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router