The vulnerabilities uncovered included multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, or weak encryption algorithms. IOActive found that all the devices they accessed were potentially open to abuse. Shifting the focus from airborne planes to satellites in orbit, a well-received 2014 talk by Ruben Santamarta reviewed the security of satellite communication terminals. The presentation looked at ADS-B (in)security from a practical perspective, presenting the “feasibility and techniques of how potential attackers could play with generated/injected air traffic, and as such potentially opening new attack surface” into air traffic control systems. Costin’s talk focused on security aspects of ADS-B (Automatic Dependent Surveillance-Broadcast), a satellite-based aircraft tracking technology, and other flight technologies. Interest in the security of air traffic control systems took off with Andrei Costin’s presentation on the issue during Black Hat 2012. The research paved the road to follow-up studies into the security of medical devices such as pacemakers and insulin pumps. Prior to Jack’s research, embedded systems such as ATMs were widely (but incorrectly) thought to be beyond the scope of potential hack attacks. Either exploitable vulnerabilities in an ATM’s remote management system or unauthorised physical access to a machine (perhaps facilitated by a corrupt insider) might be used to carry out an attack. The end result involved injecting malware into the operating system of cash dispensing machines, causing them to dish out bank notes fraudulently. Jackpotting – as the attack later became known – involved a targeted assault on the software running on ATMs. Hitting the Jackpotīarnaby Jack’s live hack demo on an ATM set the benchmark for spectacular hacks and cutting-edge security research. It remains a testament to the late security researcher, who sadly passed away in April 2021, prompting an outpouring of tributes to a true infosec great characterized by “kindness, boundless energy, and positivity”. The security researcher worked with DNS vendors for months to fix the critical vulnerability before laying the problem bare during Black Hat 2008. Cache from chaosĭan Kaminsky’s reveal of a cache poisoning flaw affecting the software of multiple DNS vendors back in 2008 remains a landmark event in networking security. This prompted his decision to resign in order to present his findings. ISS agreed to a request from the networking giant, but Lunn disagreed. Cisco issued a security fix to its firmware prior to the talk, but not many organizations had applied it by the time it rolled around.Ĭisco initially gave the go-ahead for the talk but had second thoughts with the event imminent. The security researcher demonstrated an exploit – which opened the door to a range of attacks from eavesdropping to disabling the compromised device – while withholding any details. Lunn resigned from his employment with Internet Security Systems in order to deliver a talk on a critical vulnerability in router technology from Cisco. Michael Lunn’s 2005 talk on the security shortcomings of Cisco’s networking technology was important not only because of the potential impact of his discovery, but because it served as an example of an attempt to suppress security research. Without further ado (and in no particular order) here are our top picks from past Black Hat and DEF CON events… Panic in the Cisco Now that Covid-related restrictions have largely been lifted, the 2022 edition promises to be something of a grand reopening of arguably the single most important event in the infosec calendar. This year’s Black Hat – which is again taking place as a hybrid event – and DEF CON offerings are sure to add to the already impressive roster of ground-breaking talks from years gone by. Over the years there’s been thrills, spills, and (of course) ‘sploits, as the top researchers in the security world have descended on Las Vegas for Black Hat USA and DEF CON – a security double bill that’s hard to beat. Hacker Summer Camp is only days away, so in order to whet your appetite, The Daily Swig has compiled a list of some of the best talks of years past.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |