Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.
Hacks, exploits, vulnerabilities -- it's time to showcase them all. In a ten-day security extravaganza in Las Vegas, NV, the world's best security experts, hackers, and researchers come together to show the world how utterly unsafe it is. That's right -- their job is to scare us senseless in an effort to push device makers, car manufacturers, and other industry types into doing something about it.
Here's what you need to take away from the world's largest security conventions, Black Hat, and Def Con.
Move over, Stagefright. A new lurking security flaw is on the scene. Meet "Certifi-Gate," an attack that can take over an entire Android device. It's a common security flaw in commonly used support tools which, according to some hackers, can give attackers full system permissions on an affected device. In a nutshell, that means hackers could exploit the flaw and swipe every shred of mobile device data you have.
Thought your keycard was safe? Think again. Security researchers at Black Hat were able to clone radio-frequency enabled cards, with the aim of using them for nefarious purposes. By exploiting a vulnerability in the so-called Wiegand system, the researchers could effectively break into buildings using open-source hardware. How much did the makeshift skimming device cost? About $10.
OnStar systems are designed to help you, and to keep you safe. But what if a hacker was able to exploit the system and gain access not only to your car, but also its ignition switch? White-hat hackers were able to use a Raspberry Pi device, which cost less than $100, to build a device that can "locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers." That could allow a hacker to not only access, but drive away with a person's car.
Staying with a vehicular theme, if you thought remotely stealing a car was scary, try being in one as it's being driven remotely by a hacker or two. Chrysler vehicles were at risk of being hijacked by hackers, thanks to a security flaw in its in-vehicle entertainment system. As many as 1.4 million cars were recalled as a result -- but that led to more security issues arising. The car maker said it wasn't a "safety defect," which is reportedly why it buried the security flaw for a year and a half.
Smartphones nowadays contain almost every bit of data you own, from emails to phone numbers, and even your fingerprints. Is it that much of a surprise to learn even your fingerprints aren't safe? Researchers have found a way to pilfer your biometrics from many Android devices. In some cases, it's easier than others, because the fingerprint data isn't encrypted. The researchers warned common encryption issues could lead to fingerprints being "remotely harvested... in a large scale."
Nuclear plants, factories, and other industrial units are all at risk of remote shutdown as a result of flaws in commonly-used enterprise networking gear. These flaws can be compromised by a man-in-the-middle attack, which can send wrong or spoofed data, leading "an industrial control system into a unknown and hazardous state."
Read more: Industrial control switches need fixing, now
In case you didn't know, we've got news for you: even processors are hackable. New research at Black Hat showed how older Intel chips running firmware-level security could be exploited by a hacker. That would in theory make it invisible to antivirus products running on the host operating system, and make it resilient to reinstalls and disk drive erasing.
That's right: your thermostat can fight back. Newer devices connected from Philips to Samsung are vulnerable to exploit and hijacking. That's because these devices, such as smart hubs, monitors, and meters, are susceptible to man-in-the-middle attacks, among others. Even smart TVs are at risk of giving up a user's privacy, some reports have said.