defcon2018
Latest
LED signs could soon hide secret messages
From free decoder rings hidden in our cereal and Enigma machines used during world war two to the end-to-end encryption of iMessage, the sending and receiving of secret messages has always been a part of our daily lives. Thanks to technology, apps and services that offer end-to-end encryption are now commonplace. But what if you want to share a piece of information with an individual or group in a public area?
Can hackers stop trolls from manipulating the media?
In the past few years conversations about the media have evolved into heated debates about collusion, lies, ethics, confirmation bias, gatekeepers and, of course, the stupidest of all phrases, "fake news." What's rarely mentioned in these conversations is that the media is being hacked/manipulated on an ongoing basis. So could security researchers and hackers patch its "vulnerabilities?" It's an idea floated by Matt Goerzen and Dr. Jeanna Matthews of research institute Data and Society.
If you’re still using a fax machine for ‘security’ think again
While the human race, by and large, has moved on from fax machines, they're still out there. The medical and real estate industries still cling to the technology -- possibly because they believe its more secure or an easier way to get a signature from a client or patient. Well easier for them, the rest of us not so much. As for secure, turns out, that's not true.
This cute Def Con badge beckons you to hack it
At previous Def Cons I wrote about the unofficial badges and the culture surrounding those pieces of technology. This year I was determined to move past my infatuation with blinking lights and colorful PCBs (printed circuit boards). Then I saw the Maneki Neko badge. It's the iconic beckoning cat (literally what "maneki-neko" means) with a moving 3D-printed arm and two 16-segment LEDs that blink at you while it waves.
Dozens of kids hack election site replicas in just minutes
The Def Con hacker conference has been demonstrating how vulnerable voting machines are to hacks through its Voting Village, wherein adults are given the chance to compromise various models of voting devices. But this year, Def Con also let kids get in on the game, opening up replicas of states' election websites to children aged eight to 16. The event, put on by r00tz Asylum and supported by the University of Chicago and the Democratic National Committee, showed just how vulnerable these sites are to attack.
Security flaws could open body cameras up to hacks
At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various models of body cameras can be hacked, tracked and manipulated. Mitchell looked at devices produced by five companies -- Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc -- and found that they all had major security flaws, Wired reports. In four of the models, the flaws could allow an attacker to download footage, edit it and upload it again without evidence of any of those changes having occurred.
Android exploit targeted apps' shoddy use of external storage
Many mobile security flaws revolve around obvious avenues like websites or deep, operating system-level exploits. The security team at Check Point, however, has discovered another path: apps that make poor use of external storage like SD cards. While apps would ideally stick to internal storage (which Google sandboxes against outside influence) as much as possible, some apps have relied unnecessarily on unprotected external storage and didn't bother to validate the data coming from that space. An intruder could take advantage of that poor security policy to manipulate the data and cause havoc -- Check Point called it a "man-in-the-disk" attack.
Elaborate hack turned Amazon Echo speakers into spies
Some people worry that hackers could infiltrate their smart speakers and spy on them, but that hasn't been the practical reality -- not for Amazon's Echo, at least. A team of researchers from China's Tencent has come about as close as you can get right now, however. They've disclosed an attack on the Echo that uses both a modified speaker and a string of Alexa web interface vulnerabilities to remotely eavesdrop on regular models. It sounds nefarious, but it requires more steps than would be viable for most intruders.
Machine learning can 'fingerprint' programmers
Programmers tend to have their own distinct styles, but it's not really feasible to pore over many lines of code looking for telltale cues about a program's author. Now, that might not be necessary. Researchers have developed a machine learning system that can 'de-anonymize' programmers, whether it's through raw source code or compiled binaries. As explained to Wired, the approach trains an algorithm to recognize a programmer's coding structure based on examples of their work, and uses those to pinpoint common traits in code samples. You don't need large chunks of a given program, either -- short snippets are often enough.
