black hat conference
Latest
Apple may soon hand special iPhones to security researchers
Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program.
Security experts hack payment terminals to steal credit card info, play games
If a payment terminal could be forced into servitude as a crude handheld gaming device, what else could it be made to do? Researchers at the Black Hat conference showed just what mischief a commonly used UK PoS terminal could get up to when they inserted a chip-and-pin card crafted with malicious code. That enabled them to install a racing game and play it, using the machine's pin pad and screen. With the same hack, they were able to install a far less whimsical program as well -- a Trojan that could record card numbers and PINs, which could be extracted later by inserting another rogue card. On top of that, criminals could use the same method to fool the terminal into thinking a transaction was bank-approved, allowing them to walk out of a store with goods they hadn't paid for. Finally, the security gurus took a device popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control. Makes you want to put those credit cards (and NFC devices) away and stick to cash -- at least you can see who's robbing you blind. [Original image credit: Shutterstock]
Apple to present at Black Hat conference for first time, talk about iOS' padlocks
Apple is taking a different, more cautious tack when it comes to security these days. That doesn't make it any less surprising that the company is planning to give a presentation at the Black Hat conference: the company will have someone on stage for the first time and won't just socialize in the corridors. When he takes to the podium on July 26th, platform security manager Dallas De Atley will go into detail regarding iOS' security measures in front of an audience used to finding a way around them. The company hasn't said whether that involves current or future technology; we suspect that Apple may be eager to show what iOS 6 brings to the table, however. If it all goes down like Black Hat general manager Trey Ford says it will, Apple may both open up a bit on security and set more of the agenda this week -- instead of letting conference goers set it themselves.
Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets
Whether you see Windows Vista and Windows 7 Gadgets as handy tools or a blight upon a pristine desktop, you might want to shut them off for safety's sake. Mickey Shkatov and Toby Kohlenberg have found that the desktop widgets' web-based code have flaws that would allow malicious Gadgets, or even hijacked legitimate Gadgets, to compromise a PC without having to go through the usual avenues of attack. Microsoft's short-term answer to the vulnerability is a drastic one, though: a stopgap patch disables Gadgets entirely, leaving just a barren desktop in its wake. There's no word on a Gadget-friendly solution arriving before Kohlenberg and Shkatov present at the Black Hat Conference on July 26th, but we suspect Microsoft's ultimate answer is to move everyone to Windows 8, where Gadgets aren't even an option. We understand the importance of preventing breaches, of course -- we're just disappointed that we'll have to forgo miniature stock tickers and weather forecasts a little sooner than expected.
WhiteHat Security hacks into Chrome OS, exposes extension vulnerability at Black Hat
It's been a rough Black Hat conference for Google. First, FusionX used the company's homepage to pry into a host of SCADA systems, and now, a pair of experts have discovered a way to hack into Chrome OS. According to WhiteHat security researchers Matt Johansen and Kyle Osborn, one major issue is Google's vet-free app approval process, which leaves its Chrome Web Store susceptible to malicious extensions. But there are also vulnerabilities within native extensions, like ScratchPad -- a note-taking extension that stores data in Google Docs. Using a cross-site scripting injection, Johansen and Osborn were able to steal a user's contacts and cookies, which could give hackers access to other accounts, including Gmail. Big G quickly patched the hole after WhiteHat uncovered it earlier this year, but researchers told Black Hat's attendees that they've discovered similar vulnerabilities in other extensions, as well. In a statement, a Google spokesperson said, "This conversation is about the Web, not Chrome OS. Chromebooks raise security protections on computing hardware to new levels." The company went on to say that its laptops can ward off attacks better than most, thanks to "a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced."
Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.
Google search opens SCADA systems to doomsday scenarios
Google, the service so great it became a verb, can now add security risk to its roster of unintended results. The search site played inadvertent host to remotely accessed Supervisory Control and Data Acquisition (SCADA) systems in a Black Hat conference demo led by FusionX's Tom Parker. The security company CTO walked attendees through the steps required to gain control of worldwide utility infrastructure -- power plants, for one -- but stopped short of actually engaging the vulnerable networks. Using a string of code, unique to a Programmable Logic Controller (the computers behind amusement park rides and assembly lines) Parker was able to pull up a water treatment facility's RTU pump, and even found its disaster-welcoming "1234" password -- all through a Google search. Shaking your head in disbelief? We agree, but Parker reassured the crowd these types of outside attacks require a substantial amount of effort and coordination, and "would be extremely challenging to pull off." Panic attack worn off yet? Good, now redirect those fears to the imminent day of robot-helmed reckoning.
Several Apple notebook models susceptible to battery hack
Security researcher Charlie Miller discovered a potential vulnerability affecting the batteries within select MacBook, MacBook Pro and MacBook Air models. The firmware on the chipset that controls the battery is secured with a single, easy to break default password. Once a hacker has this password, he could use it to manipulate the settings of the battery and possibly install malware that infects the computer every time it boots. Miller discovered this vulnerability when Apple issued an update that included code for the battery. He figured out the two default passwords and was able to reverse engineer the firmware. He then rewrote it to do whatever he wanted. He plans to show off this hack at the upcoming Black Hat Conference in August. This is more of an informative hack and not one likely to land on your computer. Thus far, Miller is the only one to discover this vulnerability and he is not releasing any details until next month. He also contacted Texas Instruments and Apple so a patch could be issued before the details of the hack goes public.
Researcher will enable hackers to take over millions of home routers
Cisco and company, you've got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic's Craig Heffner claims he's got a tool that can hack "millions" of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He's already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply -- for the love of Mitnick, change your default password! -- but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.
Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation
As it turns out, Infineon may have been a little bit... optimistic when it said its SLE66 CL PE was "unhackable" -- but only a little. The company should have put an asterisk next to the word, pointing to a disclaimer indicating something to the effect of: "Unless you have an electron microscope, small conductive needles to intercept the chip's internal circuitry, and the acid necessary to expose it." Those are some of the tools available to researcher Christopher Tarnovsky, who perpetrated the hack and presented his findings at the Black Hat DC Conference earlier this month. Initially, Infineon claimed what he'd done was impossible, but now has taken a step back and said "the risk is manageable, and you are just attacking one computer." We would tend to agree in this case, but Tarnovsky still deserves serious respect for this one. Nice work, Big Gun.
Researchers claim GSM calls can be hacked on the cheap
Callers, your worst nightmare is coming true... maybe. According to a report, a group of hackers at the Black Hat conference in Washington D.C. claim that they're able to hack GSM calls with equipment costing about $1,000. If you believe the team (and we're inclined to at least have a listen), they can decrypt GSM phone conversations and text messages on a network using inexpensive tools called field programmable gate arrays. Until now, the cost of the technology required to hack GSM transmissions has been prohibitively expensive for all but your government and large-scale snooping operations, but that's beginning to change. Not only can this technique allow access to calls, but some of the tech demonstrated at the conference might also enable a user to pinpoint a phone's distance from the surveillance hardware, and find out what type of device is being used. There was no mention of CDMA hacking, so you might want to move over to Sprint for all your seedy activities. Er, we mean stay on Sprint.
