These were the best hacks at Black Hat and Def Con this year

Anyone in the US knows the pain of chip-and-PIN, the new debit and credit card payment system, after months of bungled rollouts and bad implementations. So here's the worse news: it's not as secure as you might think. A hacker can easily withdraw up to $50,000 from an ATM machine in just 15 minutes, even though card chips are meant to be more secure. The cost of the hack involves a steep investment of about $2,000 worth of equipment though.

Another day, another major Android vulnerability. This time, the software that Qualcomm ships with Android phones which is used to connect its chips and hardware to the rest of the phone is to blame. Over 900 million phones and tablets are said to be at risk. Though most of the flaws have been patched, the last outstanding fix won't be issued until early September.

A security researcher has figured out how to steal the payment tokens used in Samsung Pay to make in-store contactless purchases using social engineering methods. Once those tokens are loaded into other hardware, the hacker can make fraudulent transactions. Samsung denied this was a problem, indicating that it wouldn't fix the issue, much to the chagrin of the security community.

You know it's not going to be a good day when high-profile vulnerabilities threaten the security of over 85 million websites. But that's exactly what happened when researchers discovered four separate flaws in HTTP/2, the new internet protocol, used by nearly one-in-ten websites. The bugs could be used to crash servers and conduct slow-read attacks.

After a tumultuous ride with the FBI earlier this year, Apple took to Black Hat to show off how strong its iPhone and iPad security is, in one of the first ever in-depth talks on the subject. The company also announced a bounty of up to $200,000 for high-severity bugs, but that was quickly upped by one private company offering more than double that.

The head of Poland's cyber response team flies dozens of times a year, so he knows his airport lounges well. On one recent trip, he figured out how to bypass the QR code reader to get access, even if he gets rejected (which on one embarrassing occasion, he did). It's not a perfect system, but it does highlight the fragility of boarding pass security.

Some hacks are more difficult to carry out than others. Some require getting physically close to a network. When all else fails, strap a laptop to a drone and fly it in. That's exactly what one hacker did. Billed as a drone that "does everything a hacker laptop can do, but one that can fly," it has a 1.2 mile range and can be controlled over the LTE network.