The Scariest Hacks from Black Hat and Defcon

posted Aug 24th 2011 8:04am by Jeremy Cook
filed under: news

Although [HAD] is generally all about legal hacking, this list of demonstrated hacks could be used for the dark side as well. Hopefully by demonstrating hacks like this, most people can be more aware of how they use their information. Computer security experts also have a chance to hone their skills and see where potential vulnerabilities lie.

Some of the highlights from this article include hacking a Siemens S7 PLC, which can be used for factory automation, a “hacker drone” that we’ve featured before, and a method to deduce someone’s social security number from personal photos on social networking sites. Also scary is a method to shut down certain personal insulin pumps. Although serious in itself, one would hope that other life preserving devices would be adequately protected against intrusion.

One hack that seems like it could have interesting uses in the legal-hacking world is the idea of VoIP botnet control. Although “botnet control” obviously implies illegal use, controlling a computer with voice or touchtones can and does have many legal uses.

Comments [12]

12 Responses to The Scariest Hacks from Black Hat and Defcon

studioeng says:

August 24, 2011 at 8:53 am

The only problem with companies implementing ‘proper’ security measures requires them to use their brains, which means it costs the consumer more. It’s a balancing act. Some freaky stuff going down there and I bet that’s not even scratching the surface!

Reply Report comment

that1guy says:

August 24, 2011 at 8:56 am

I have an insulin pump but mine does not have any wireless communication. Besides the security implications, wireless tech is pretty much useless on insulin pumps anyway. I do all of my insulin deliveries from the unit itself so I have no reason to use a remote device. However, future pumps that will be wearable under the clothes will definitely need to utilize wireless tech of some sort so I hope this is an eye-opener for them.

Reply Report comment

Drake says:

August 24, 2011 at 9:07 am

Easy hack for all medical/electrical implants … a microwave magnetron with a focusing cone to make a little to no divergence beam . . .would that fall under “high voltage hacks”?

Reply Report comment

Bazoo says:

August 24, 2011 at 9:19 am

@that1guy
Most insulin pumps now have some sort of wireless capability in order to communicate with blood sugar monitors. The new ones (well, new as of two years ago) have the capability of relaying a signal from a seperate sensor that measures glucose levels in the the wearers bloodstream, which the relays a message to the glucose monitor, which then (convoluted, I know) relays a message to most modern pumps to push specific levels of insulin, depending on the rate of increase. I’ve seen some on a bluetooth signal, but I’m not sure that they all use the same transmission types. It’s a fairly localized, low power signal, from what I understand, but, for what it’s worth, most modern pumps have the wireless capability even if it hasn’t been initialized. I’m just not the security of such devices has kept up with it’s ability to be intruded upon, as security costs money and pays out poorly, where as medical equipment (even slightly defective) pays out decent returns.

Reply Report comment

Thomas Wrobel says:

August 24, 2011 at 9:44 am

“requires them to use their brains, which means it costs the consumer more. ”

Because brains require energy and they have to eat more?

I think from at least a hardware perspective more
good security doesnt cost more, its just different choices and one-of costs associated with them.
In many case’s it could be cheaper.

Reply Report comment

Max says:

August 24, 2011 at 1:17 pm

“from at least a hardware perspective more
good security doesnt cost more”

So, if for example, I make a padlock out of cheese because it is cheap, that has the same security as a high tensile steel padlock?

It costs more to implement physical security as well as virtual security.
Virtual security costs money for a developer to sit down and write code that uses secure connections. Have you ever tried to understand the maths that goes on behind SSL, then add in all the handshaking and key exchanging etc… required for a reasonable secure system and the pure coding time costs a bucketload.
Or, you can always use an existing library, that someone charges you for.
Or you can use freeware and then potential customers (like goverment) quite often get scared off because the Chinese have the same source code as what went into your product, so they could reverse engineer it and discover backdoors….

Good security is NEVER as cheap as no security.
Bad security can be less secure than no security and still cost a lot of money!

Reply Report comment
- Blue Footed Booby says:
  
  August 25, 2011 at 9:40 am
  
  In many cases the hardware for “security done right” can be cheaper, but how does a company figure out what hardware is needed, and how to set it up? Once it’s set up, how do they *know* that everything was set up correctly, and how do they maintain it? How do they set up procedures and policies to keep employees from circumventing the protection? Doing *anything* right in a corporation bigger than like 30 people requires a tremendous amount of planning and administration. The actual hardware isn’t the whole of it, or even the thoughest part. Very often, the hidden cost of half-assing it is actually less than the cost of doing things right. This is why you periodically get companies deciding not to fix product defects that are getting people injured–paying the lawsuits was estimated to cost less than fixing the problem, assuming they didn’t get caught by the regulator body.

anyone says:

August 24, 2011 at 11:21 am

i hate how these get posted. if you have a good exploit, don’t ruin it by bragging to everyone about it. it will end your good times and its no better than winning a useless internet forum/irc/etc. battle

Reply Report comment

johan says:

August 24, 2011 at 11:38 am

Trolling?

Reply Report comment

PocketBrain says:

August 24, 2011 at 11:33 am

@anyone: errr, it’s not about bragging, it’s about informing people. This isn’t a black hat forum.

Reply Report comment

Oren Beck says:

August 24, 2011 at 1:20 pm

@ PocketBrain: Yep, you’ve got the concept laid out as it should be.

Sadly, it’s also a case of “Perception risks BECOMING Reality”

IF we’re perceived as Black Hats for not being stridently condemning of the reality that there ARE quite Black Hats indeed among all of us, we’re primarily guilty of Perception being as it is. Failure to condemn is wrongly equated as giving tacit approval or even encouragement, even when it’s neither. I’d wish that everyone would be 100% ethical but that’s an unrealistic wish.

The simple truth in “Reality Hacking” depends upon presentation and context management. Hold that thought a moment, then re-read the “Scary Hacks” through a filter of “Intent To PREVENT” etc. As what explains why one would post an exploit Vs stashing it in his or her Grimoire for private usage.

It’s a bit cool to discover a vector for exploit. What takes one from Zero to Hero is how you handle the power of your skills. Preventing that Insulin pump from being an attack vector makes you a lifesaver. Killing someone by mishandling such skills makes you indefensible. But- that’s maybe less than one-in how many million of “us” that would have Uberskills+no morals? That reality is one I can live with

Call what I’ve written about this- another “Social Hack” so to speak.

Reply Report comment

Maave says:

August 24, 2011 at 9:32 pm

The printer thing isn’t that scary, that trick has been around since the 90s.
I like the car hacking and the malicious routing tables.
The SSN lookup sounds much too vague, they’re probably misrepresenting the talk.

Can’t wait for the official videos. A few neat things at this Defcon. (I still like CCC more :P)

Reply Report comment