Here Are The Most Terrifying Security Nightmares Revealed At Black Hat Conference! Lets begin with Hacker heaven: The curtains open to the most awaited terrifying week when hackers and security gurus arrive at Las Vegas to showcase their skills and present alarming works. Presided over the last week, there have been disturbing and heart wrenching stories of planes targetted by rogue code, snoops watching closely and spying on your security cameras, and secretive, indiscernible code that can convert any USB drive into an unbeatable malware vessel. black hat, def con, hackers, password hacking, hacked planes, harmful flash drives, hotel automation, nas, digital security, scary stories If the past is to be believed and understood, then most of these works are send a chill down the spine when seen in theory than in fact. They give you a shocking glance into the dangers apparent in connected world thats speeding up. Explained in detail are some of the most alarming security narratives hailing out of Black Hat and Def Con in 2014. Silent Killer - BAD USB We could begin with one of the most alarming disclosures, where researchers from Security Research Labs claim that they have developed a proof-of-concept attack which looks at targetting the thumb drives firmware, instead of the files on the drive. The infected drive, on plugging into any computer, acts like a keyboard to download malware. The hard-to-find, hard-to-stop malware and any thumb drive that can be connected to PCs can be thoeretically used as most of the thumb drive makers do not usually protect their firmware and since antimalware solutions do not scrutinize firmware for any wicked activities. Luckily, this kind of an attack is not found. Heavens Falling Ruben Santamarta, a researcher at IO interactive, claims hes detected imperfections that would enable him to hack into the satellite communications of airplanes through their Wi-Fi and in-flight entertainment systems. This could further open doors for attackers to interfere with the planes navigation and safety systems, resulting in more physical repercussions. However, the initiators of the communications equipment understated the threat, stating the odds of an attack as well as the potential damage as neglible. They further mentioned that theyre working at plugging the holes, as told to Rueters. Say cheese..!!! Is your Dropcam live feed spyed by an unknown? Dropcam being hacked !! thats exactly what Synacks Patrick Wardle and Colby Moore found out when they tore apart one of the $200 security cameras. In order to check how it works, they investigated on one of the cameras and found numerous flaws that would open doors for attackers and allow them to to view the videos stored by a hacked Dropcam. It could also allow them to upload third-party videos that would appear as originated from the camera. It would basically allow the attacker to hijack or take over the video stream, as told by Wardle to PCWorld. But to get a hand at this scary-sounding hack: The hacker would need to get his hand on to your Dropcam physically. And if the attacker has got himself enough unchained, undisturbed access to your home for time long enough it would take to enact this hack, then the victim is in all likelihood going to face larger issues than just a spied-on video feed. Take a note of.. When the Tor network was in the limelight in the past year, due to Edward Snowden, NSA leaker for his Silk Road drug trading post and endorsements, it offered anonymity while one browses the web. It stated that by shifting your traffic from the various cycles of relay node before the finishing line, each node getting to know the identity of the nodes it directly connects with. However Carnegie Mellon researcher Alexander Volynkin mentioned that its not very expensive to break the Tor networks anonymity. Although he did not confirm how that would be done. Volynkin abruptly called off his Black Hat demonstration on the CMUs urge. And, eventhough Tors operators have revealed a group of malicious relay nodes undertaking the activity of decryptying user anonymity, those nodes are surmised to be bound to the now-cancelled demonstration. Symantec Endpoint Un-Protection Symantecs Endpoint Protection was detected with a trio of vulnerabilitie that could offer attackers high-level access to victims computers - Mati Aharoni, lead trainer and developer for Offensive Security, found. This could mean that attackers could rupture your defenses through your own security software. Fortunately Symantec has done its homework and already plugged the holes. Expelled routers Why blame the software when your own home networking equipment is the source of your security downfall. At the Black Hat keynote, Dan Geer - In-Q-Tel chief information security officer, brought to everyones notice that your router is one of the most elementary and exciting targets for attackers, Ars Technica. These are easily available in online scans. More often than not they retain their default login information, and almost all infact majority of the people do not update their routers to the newest and latest firmware. But yes, readers are very well informed that home networking is the most vulnerable. Its THE STORY of 2014. A router hacking contest sponsored by Electronic Frontier Foundation - dubbed as SOHOplessly Broken will be played during the Def Con. No NAS A researcher claimed that Network-attached storage devices (NAS) are much more flawed than routers. In 2013, a major study into router vulnerabilities was led by Jacob Holcomb, a security analyst at Independent Security Evaluators. He focused on NAS boxes in his Black Hat talk this year. Holcomb said, There wasnt one device that I literally couldnt take over. At least 50 percent of them can be exploited without authentication. He further said By compromising a NAS device an attacker could also hijack traffic from other devices on the same network, using techniques like ARP spoofing. Halcomb also said that although he had reported all the vulnerabilities to NAS box makers, the ones that he showcased at the show have not yet been touched on and it could take months for the fixes to reach the customers. The wrong kind of network management Network management gone wrong and how..!! Does Carrier IQ ring any bells.??? Well, at first is was termed to be a rootkit for carriers to spy on all your traffic, however it was found to be more mundane. It was termed to be a tool to help carriers manage network capacity. Your phone is vulnerable to attack, with the device management tools that carriers load onto handsets, said Accuvants Mathew Solnik and Marc Blanchou at Black Hat. They also said that exploits can be used to run remote code and avoid the operating systems indigenous defenses. 70 to 90 percent of all phones sold worldwide,including other devices like laptops, wireless hotspots, and Internet of Thing gizmos that include the device management systems are at risk from the vulnerable OMA-DM protocol, as per research. Who needs Slim Jims? Although the vulnerability of the Internet of Things is the freshly brewed topic among hackers this weekend, but one should not bypass the fact that security of objects used daily with built-in wireless connections goes beyond Dropcam spies and Tweeting coffee pots. A tool made from cheap and easily available parts are assembled together and that is very much capable of capturing the keyless entry systems of automobiles- says Qualsys researcher Silvio Cesare Hes tried the technique on his 10-year-old car, but mentioned that it requires the attackers to stay in range for up to two hourws in order to be effective.I can use this to lock, unlock, open the trunk, it effectively defeats the security of the keyless entry. Cesare told Wired. Therefore dont look for carjackers to trade in their crowbars for computers!!!! Hacking hotels Jesus Molina, security consultant gave a detailed and a practical presentation at Black Hat on The IoT vulnerabilities. It was indeed an eye opener. He figured out how to reverse-engineer the Digital Butler iPad app provided to guests, therefore abusing a flaw in the KNX/IP home automation protocol powering the app at the five-star St. Regis Shenzhen hotel in China where he was staying. Molina restricted his idle jobs to causing various Do Not Disturb lights in hallways. He brought to attention that the flaw can be used to control the lights, TVs, temperature, in-room music, and even to control the automated blinds in over 200 rooms—without the attacker in the same country as the hotel. Although The St. Regis dismissed the claim as unsubstantiated, but nevertheless temporarily suspended the control system of the in-room iPad remote controls for system upgrading as told to the South China Morning Post. What more?: Massive Russian hacker database Las Vegas desert did not bring out the scariest security news of the week, but rather, it came from Asia, where a massive database of 1.2 billion stolen username/password combinations and 500 million email addresses were accumulated by the Russian hackers - said Alex Holden of Hold security. Although the report is debatable as there are some unanswered doubts, the announcement of a $120 per month security service made by Hold Securitys which reveals that it lets you know if your name gets up in the database has left some doubts on its accuracy, knowing Holdens strong reputation in the security industry. Therefore, Brian Krebs - noted security researcher and journalist has claimed to have seen Holdens data and research firsthand and can vouch for it stating can definitely say its for real. Time to pull up your socks and revise on those critical security habits. Keep on pawning in the real world Eventhough all these stories leave you a bad after taste and one would want to be cushioned from these nighmares, it is important to know that most of these stories revealed at the Black Hat and Def Con are mostly academic and not actively used by attackers. They can give you the shivers but are less worse in reality. But the eight scariest digital security stories of 2014 are true!!
Posted on: Fri, 22 Aug 2014 22:14:02 +0000
Trending Topics
Recently Viewed Topics
© 2015