/>
X

These were the biggest hacks at Black Hat and Def Con 2015

If there's one thing we know this year, you're not safe anywhere -- at home, in your car, or online.
zack-whittaker-hs2016-rtsquare-1.jpg
By Zack Whittaker on
a-1-hero.jpg
1 of 9 Felix Rieseberg/Twitter

Weren't in Vegas? Here's what you need to know

Hacks, exploits, vulnerabilities -- it's time to showcase them all. In a ten-day security extravaganza in Las Vegas, NV, the world's best security experts, hackers, and researchers come together to show the world how utterly unsafe it is. That's right -- their job is to scare us senseless in an effort to push device makers, car manufacturers, and other industry types into doing something about it.

Here's what you need to take away from the world's largest security conventions, Black Hat, and Def Con.

b-2-certifigate.jpg
2 of 9 Zack Whittaker/ZDNet

Certifi-Gate attacks can take over Android devices

Move over, Stagefright. A new lurking security flaw is on the scene. Meet "Certifi-Gate," an attack that can take over an entire Android device. It's a common security flaw in commonly used support tools which, according to some hackers, can give attackers full system permissions on an affected device. In a nutshell, that means hackers could exploit the flaw and swipe every shred of mobile device data you have.

Read more: "Certifi-Gate"-based attacks could take complete control of Android devices

c-3-rfid.jpg
3 of 9 CNET/CBS Interactive

Hackers can clone RFID access keycards

Thought your keycard was safe? Think again. Security researchers at Black Hat were able to clone radio-frequency enabled cards, with the aim of using them for nefarious purposes. By exploiting a vulnerability in the so-called Wiegand system, the researchers could effectively break into buildings using open-source hardware. How much did the makeshift skimming device cost? About $10.

Read more: A $10 device to clone RFID access keys on the go

d-4-onstar.jpg
4 of 9 ZDNet/CBS Interactive

Bad news for OnStar cars: You can be easily tracked

OnStar systems are designed to help you, and to keep you safe. But what if a hacker was able to exploit the system and gain access not only to your car, but also its ignition switch? White-hat hackers were able to use a Raspberry Pi device, which cost less than $100, to build a device that can "locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers." That could allow a hacker to not only access, but drive away with a person's car.

Read more: Unlock and track any GM OnStar connected car for $100

e-5-wired.jpg
5 of 9 Wired.com

Chrysler vehicles can be remotely hijacked and driven off the road

Staying with a vehicular theme, if you thought remotely stealing a car was scary, try being in one as it's being driven remotely by a hacker or two. Chrysler vehicles were at risk of being hijacked by hackers, thanks to a security flaw in its in-vehicle entertainment system. As many as 1.4 million cars were recalled as a result -- but that led to more  security issues arising. The car maker said it wasn't a "safety defect," which is reportedly why it buried the security flaw for a year and a half.

Read more: Hackers can take over your Jeep, literally driving you off the road | Why Chrysler's car hack 'fix' is staggeringly stupid

f-6-fingerprint.jpg
6 of 9 ZDNet/CBS Interactive

Hackers could grab fingerprints from Android phones

Smartphones nowadays contain almost every bit of data you own, from emails to phone numbers, and even your fingerprints. Is it that much of a surprise to learn even your fingerprints aren't safe? Researchers have found a way to pilfer your biometrics from many Android devices. In some cases, it's easier than others, because the fingerprint data isn't encrypted. The researchers warned common encryption issues could lead to fingerprints being "remotely harvested... in a large scale."

Read more: Hackers can remotely steal fingerprints from Android phones

g-7-nuclear.jpg
7 of 9 Wikimedia Commons

Network switches for major industrial units need fixing

Nuclear plants, factories, and other industrial units are all at risk of remote shutdown as a result of flaws in commonly-used enterprise networking gear. These flaws can be compromised by a man-in-the-middle attack, which can send wrong or spoofed data, leading "an industrial control system into a unknown and hazardous state."

Read more: Industrial control switches need fixing, now

h-8-intel.jpg
8 of 9 Intel

New vulnerability found in older Intel chips

In case you didn't know, we've got news for you: even processors are hackable. New research at Black Hat showed how older Intel chips running firmware-level security could be exploited by a hacker. That would in theory make it invisible to antivirus products running on the host operating system, and make it resilient to reinstalls and disk drive erasing.

Read more: New security vulnerability discovered in old Intel chips

j-10-iot.jpg
9 of 9 CNET/CBS Interactive

Internet of Things poses its own headaches with hackable devices

That's right: your thermostat can fight back. Newer devices connected from Philips to Samsung are vulnerable to exploit and hijacking. That's because these devices, such as smart hubs, monitors, and meters, are susceptible to man-in-the-middle attacks, among others. Even smart TVs are at risk of giving up a user's privacy, some reports have said.

Read more: Critical IoT security flaw leaves connected home devices vulnerable | Smart TVs and wearables are paving the way for massive privacy breaches

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos