These were the best hacks at Black Hat and Def Con this year

1 of 8 NEXT PREV

Famed car hackers hijack a Jeep (again)
If you thought your car wasn't safe the first time around, famed car hackers Charlie Miller and Chris Valasek have once again shown that it's really not. Although this new hack requires physical access to the target Jeep, the team said that other, more remote methods could be used -- and a determined hacker wouldn't have any problem installing one.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: Charlie Miller/YouTube

Caption by: Zack Whittaker
This ATM hack could allow thieves to make off with thousands
Anyone in the US knows the pain of chip-and-PIN, the new debit and credit card payment system, after months of bungled rollouts and bad implementations. So here's the worse news: it's not as secure as you might think. A hacker can easily withdraw up to $50,000 from an ATM machine in just 15 minutes, even though card chips are meant to be more secure. The cost of the hack involves a steep investment of about $2,000 worth of equipment though.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: file photo

Caption by: Zack Whittaker
Quadrooter flaws affect most Android devices
Another day, another major Android vulnerability. This time, the software that Qualcomm ships with Android phones which is used to connect its chips and hardware to the rest of the phone is to blame. Over 900 million phones and tablets are said to be at risk. Though most of the flaws have been patched, the last outstanding fix won't be issued until early September.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: ZDNet/CBS Interactive

Caption by: Zack Whittaker
Samsung Pay used for fraudulent payments
A security researcher has figured out how to steal the payment tokens used in Samsung Pay to make in-store contactless purchases using social engineering methods. Once those tokens are loaded into other hardware, the hacker can make fraudulent transactions. Samsung denied this was a problem, indicating that it wouldn't fix the issue, much to the chagrin of the security community.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: Salvador Mendoza/YouTube

Caption by: Zack Whittaker
Severe vulnerabilities discovered in internet protocol
You know it's not going to be a good day when high-profile vulnerabilities threaten the security of over 85 million websites. But that's exactly what happened when researchers discovered four separate flaws in HTTP/2, the new internet protocol, used by nearly one-in-ten websites. The bugs could be used to crash servers and conduct slow-read attacks.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: file photo

Caption by: Zack Whittaker
Apple talks iOS security, announces bug bounty
After a tumultuous ride with the FBI earlier this year, Apple took to Black Hat to show off how strong its iPhone and iPad security is, in one of the first ever in-depth talks on the subject. The company also announced a bounty of up to $200,000 for high-severity bugs, but that was quickly upped by one private company offering more than double that.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: CNET/CBS Interactive

Caption by: Zack Whittaker
Fake boarding pass app gets hacker into airline lounges
The head of Poland's cyber response team flies dozens of times a year, so he knows his airport lounges well. On one recent trip, he figured out how to bypass the QR code reader to get access, even if he gets rejected (which on one embarrassing occasion, he did). It's not a perfect system, but it does highlight the fragility of boarding pass security.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: Przemek Jaroszewski/YouTube

Caption by: Zack Whittaker
This $500 "danger drone" is a flying hacker's laptop
Some hacks are more difficult to carry out than others. Some require getting physically close to a network. When all else fails, strap a laptop to a drone and fly it in. That's exactly what one hacker did. Billed as a drone that "does everything a hacker laptop can do, but one that can fly," it has a 1.2 mile range and can be controlled over the LTE network.
Black Hat 2017
Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)
Photo by: Bishop Fox/Danger Drone

Caption by: Zack Whittaker

1 of 8 NEXT PREV

Weren't in Vegas for the heat and hacking? Here's what you need to know.

Famed car hackers hijack a Jeep (again)

If you thought your car wasn't safe the first time around, famed car hackers Charlie Miller and Chris Valasek have once again shown that it's really not. Although this new hack requires physical access to the target Jeep, the team said that other, more remote methods could be used -- and a determined hacker wouldn't have any problem installing one.

Black Hat 2017

Published: August 12, 2016 -- 16:23 GMT (09:23 PDT)

Caption by: Zack Whittaker

1 of 8 NEXT PREV

| Community Guidelines

Join Discussion

Add Your Comment

Related Galleries

iOS 12: Change these privacy and security settings now

Here are the steps you should take to lock down an iPhone or iPad running iOS 12.
Simple steps to erase your digital footprint

Need help wiping the slate clean? Here are some instructions on removing and wiping services most likely to store your data and online activities.
How to spot a fake ICO (in pictures)

Initial Coin Offerings (ICOs) are part of the cryptocurrency Wild West, but how do you know what is fraudulent and what is legitimate?

The worst cyberattacks undertaken by nation-state hackers

These are the worst known cyberattacks which are believed to be the work of hackers backed by governments and ruling parties worldwide.
How to discover and destroy spyware on your smartphone (in pictures)

If you suspect your device has been tampered with, follow these steps.
McAfee opens Advanced Threat Research Lab

The Hillsboro, Oregon lab showcases a range of threats, including adversarial machine learning used on autonomous vehicles, Windows vulnerabilities, medical device flaws and ...

Apricorn Aegis Padlock SSD: Hardware-encrypted solid-state drive that fits in a pocket

The Apricorn Aegis Padlock SSD fits into the palm of your hand, yet features AES-XTS 256-bit hardware encryption, a wear-resistant keypad, and the case is impervious to dust, grit ...

These were the best hacks at Black Hat and Def Con this year

Famed car hackers hijack a Jeep (again)

Black Hat 2017

This ATM hack could allow thieves to make off with thousands

Black Hat 2017

Quadrooter flaws affect most Android devices

Black Hat 2017

Samsung Pay used for fraudulent payments

Black Hat 2017

Severe vulnerabilities discovered in internet protocol

Black Hat 2017

Apple talks iOS security, announces bug bounty

Black Hat 2017

Fake boarding pass app gets hacker into airline lounges

Black Hat 2017

This $500 "danger drone" is a flying hacker's laptop

Black Hat 2017

Famed car hackers hijack a Jeep (again)

Black Hat 2017

Related Topics:

Join Discussion

Related Galleries