BlackHat2008
Latest
Defcon duo: how-to shut off a pacemaker, almost get free rides on the T
Defcon already delivered by exposing California's FasTrak toll system for the security hole that it is, but that's not nearly all that's emerging from the Las Vegas exploitation conference. For starters, a plethora of medical device security researchers have purportedly figured out a way to wirelessly control pacemakers, theoretically allowing those with the proper equipment to "induce the test mode, drain the device battery and turn off therapies." Of course, it's not (quite) as simple as just buzzing a remote and putting someone six feet under, but it's a threat worth paying attention to. In related news, a trio of MIT students who were scheduled to give a speech on how to hack CharlieCards to get free rides on Boston's T subway were stifled by a temporary restraining order that the Massachusetts Bay Transit Authority snagged just before the expo. Don't lie, you're intrigued -- hit up the links below for all the nitty-gritty.Update: MIT published the Defcon presentation in a PDF.Read - Pacemaker hackRead - Massachusetts Bay Transit Authority sues MIT hackersRead - Restraining order on said hackers
FasTrak toll system exposed, could use a serious dose of security
Ah, Black Hat. How we adore you. Each year there's always one speaker who shows up and completely undermines something that most people assume is rock solid. This year, our pals at Hack-A-Day were in attendance to hear Nate Lawson expose California's FasTrak toll system for the security hole that it is. Essentially, toll transponders that are purchased and slapped onto vehicles offer up exactly no authentication, meaning that anyone with an ill will and an RFID reader could wander through a parking lot and lift all sorts of useful information. Think it can't get worse? The transponders reportedly support "unauthenticated over the air upgrading," which means that each tag could be forced to take on a new ID if the right equipment was present. We don't have to spell out "potential disaster" for you, now do we?[Image courtesy of Mindfully]
