Black Hat Hacker Conference Reveals New Hacks
The Black Hat hacker conference is a yearly event that takes place in Las Vegas in which several hackers come together and congregate. This year’s conference just finished wrapping up, and a lot of startling new revelations came to light.
During the presentation, several electronics devices were hacked as a demonstration. Several very important devices that we rely on for security were hacked, including hotel room locks, iris scanners, Google Bouncer, point of sale terminals, and near-field communication technology.
One particularly disturbing piece of the presentation came from a software developer named Cody Brocious, who is currently employed at Mozilla. He displayed a homemade device that was able to unlock hotel room doors. The equipment to make the device only costs about $50.
The gadget is similar to the hardware that hotels use to electronically lock their guests’ doors. So far, testing reveals that the device only works about 33% of the time. However, there are several million hotel locks all around the world available for experimentation.
Biometric security was also hacked at the conference. Biometric security devices includes things like fingerprint scanners, iris scanners, etc. Spanish researchers demonstrated how they could create an image of a person’s eye and use it to gain entry to areas protected by iris scanners. The hacking technique worked 80% of the time.
Among the technologies cracked by security researchers at the show were hotel room locks, iris scanners, Google Bouncer, point of sale terminals, and near-field communication technology.
Google introduced Bouncer to its online app store, GooglePlay. The Bouncer app was designed to seek out and get rid of malicious software placed onto apps that downloaded by many unsuspecting people. This is an extremely covert form of hacking, and many thought that the Bouncer program would help to prevent the problem. Doubt was cast on that notion at Black Hat by Trustwave. The company demonstrated how, through the use of sophisticated masking techniques, it was able to slip a pernicious app under Bouncer’s radar and remain camped in GooglePlay for two weeks before the researchers took it down.
Malicious apps, though, aren’t the only ones snooping in data stored in smart phones, according to a study released at Black Hat by Appthority. It found that 96 percent of iOS apps and 84 percent of Android apps have the capability to access sensitive information on a smart phone, such as contacts, location, and calendar information.
Electronic commerce was also a target of boffins at Black Hat. A pair of researchers demonstrated a payment card they designed that would infect a point of payment terminal when it was swiped by the device. The card planted on the terminal a Trojan that collected credit card information and PIN numbers entered into the device. That information could be later extracted from the terminal with another malicious card.
The researchers also showed how vulnerabilities found in the terminal could be used to fool store clerks into thinking a purchase had been approved by a bank when it hadn’t.
Near Field Communications, an up and coming technology used for financial transactions from mobile phones, also attracted the attention of Black Hat researchers. Accuvant researcher Charlie Miller showed how a tag embedded with an NFC chip could be used to compromise the information in an Android phone simply by brushing against it.