Security, Hacker Conferences Have Tech Industry Buzzing

Here’s a roundup of some of the stories that have technophiles buzzing

Stories about lost wages aren't the only scary things being talked about in Sin City this week. The best security researchers and hackers from around the world have gathered in Las Vegas, and news about their work has been creeping out like a toxic flood.

The Black Hat security conference wrapped up Thursday and the Def Con hacker conference is going on now and is scheduled to end Sunday.

Here's a roundup of some of the stories that have technophiles buzzing.

--Murder by hacking. Diabetic and security researcher Jay Radcliffe demonstrated how an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim. According to ZDNet, having the pump's serial number is one key to performing the hack, which is concerning since many products ship with product codes displayed on outside packaging. Read more at ZDNet and PCWorld.

--Your house can be hacked. Researchers Dave Kennedy and Rob Simon showed how they could disrupt and spy on home automation networks in residences and offices using devices connected to Ethernet networks that communicate via public power lines. Once plugged into a power outlet outside or near the target building, the X10 Black Out device they created can be programmed to jam the signals that turn lights on and off and open doors, as well as disable security systems, change climate controls, and interfere with other functions of a home automation network. They also showed off their X10 Sniffer device, which can see whether the doors are open and lights are on and can track people with motion sensors and see what part of the house they might be in. Read more.

--Unmanned spy plane cracks Wi-Fi passwords, intercepts cell phone conversations. Security researchers Mike Tassey and Richard Perkins unveiled a remote controlled, unmanned aerial vehicle capable of cracking Wi-Fi passwords, exploiting weak wireless access points and mimicking a GSM tower to intercept cell phone conversations. They built the Wi-Fi Aerial Surveillance Platform to show how an ordinary remote controlled hobby airplane can be easily converted into something more sinister. Read more.

--Long-term global cyberspying uncovered. McAfee issued a report that said it had identified a single perpetrator of cyberattacks that lasted up to five years on a wide range of governments, American corporations and even United Nations groups, and that the pattern of targets suggested the attacker was a "state actor." After blogging about "Operation Shady RAT," McAfee VP of Threat Research Dmitri Alperovitch was thronged by reporters. Alperovitch said the cyber-spying campaign was the "biggest transfer of wealth in terms of intellectual property in human history." Read more at The New York Times and VentureBeat.

--New threat: Hacking batteries. Security researcher Charlie Miller demonstrated how he was able to completely control the microprocessor embedded in batteries used in Apple Macintosh laptops and then remove or bypass the built-in safeguards. He suggested it would be possible to overheat a battery and start a fire by convincing a controller that the battery was discharged, even though it was completely full, but said he has not tried it and an analog fuse may prevent disaster. Read more at CNET and PCWorld.

--Why Facebook's facial recognition is creepy. Alessandro Acquisti, Ralph Gross, and Fred Stutzman showed how they took publicly available photos of students from Facebook and then used facial recognition technology to identify the students as they looked into a webcam. In another test, the researchers took photos from 277,978 Facebook profiles and compared them to profiles from an online dating Website where people don't use their real names. They were able to correctly identify 10 percent of the dating site's members using facial recognition technology. Read more.

In other Black Hat news, Microsoft announced a contest that offers more than $250,000 in prizes to security researchers who can develop better solutions to counter security threats. Conference organizers also handed out Pwnie Awards, including one to Sony for "Most Epic Fail."

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityhackersfirewallsBatteries / fuel cellsfuture technologybest of the webComponentssonynetwork securitymcafeeMicrosoftsecurity

More about AlessandroAppleCNET NetworksFacebookFredInc.McAfee AustraliaMicrosoftSnifferSonyUnited NationsX10

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christina DesMarais

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place