The annual back-to-back security and hacking conferences, Black Hat and Defcon just ended in Las Vegas. These conferences are full of presentations and briefings on deep research in cybersecurity and privacy, and the findings presented often make the headlines. It's well worth browsing their websites, where many research papers and summaries are presented. Here are some of the most interesting findings from this year's conferences.
- Voter machine hacking. Defcon hosted a "voter machine hacking village" for the first time, in which hackers were invited to try to break into real voting machines. Within a couple of hours, hackers were able to break security systems, mostly by gaining physical access to ports, and finding default administrative passwords and WiFi vulnerabilities. For more, see Graham Cluley's blog post.
- Spyware on Blu phones. Researchers at Black Hat claimed that Android phones being sold on Amazon, including those from the popular Blu, contained spyware in a firmware update utility that sends personal data back to servers in China, including IMSI and IMEI numbers, GPS logs, contacts and the content of SMS messages. In response, Amazon decided to stop the sale of the affected phones, although Blu disputed the claim. For more, see this ThreatPost article.
- Browser data can be easily de-anonymized. Researchers from Germany showed how "anonymized" browsing data available for sale can be readily de-anonymized in a presentation at DefCon. A judge’s porn preferences and the medication used by a German MP were among the personal data uncovered. For more, see this Guardian article.
- Power grid vulnerabilities. The vulnerabilities of power grids worldwide were highlighted in a BlackHat presentation that analyzed the malware and cyberattack strategies that brought down the Ukraine power grid in December 2016. For more, see details of the presentation on the Black Hat site.
- Radiation monitoring vulnerabilities. Multiple vulnerabilities were found in devices widely used to monitor radiation levels and nuclear sites and elsewhere. For more details including a detailed PDF report, see the Black Hat site.
Again, more details on these and other presentations can be found on the Black Hat and Defcon sites.