NEWS ANALYSIS: The most talked about trends at Black Hat 2013 will include the Internet of things, hacking mobile platforms, Android vulnerabilities, privacy and government snooping.
This year’s annual Black Hat security conference is about to get underway this week. The conference always promises a security professional's mix of research, vulnerability disclosures and general updates on the state of digital security.
This year’s keynote speakers include Gen. Keith Alexander, director of the NSA and commander of the U.S. Cyber Command and someone right in the middle of the government privacy versus protection debate. Here are the five trends as I see them shaping up in advance of the conference.
1. Hacking PCs is so, so yesterday. The state of Microsoft Windows security used to be a big topic. Of course, there are still Black Hat panels on Windows vulnerabilities. “A Tale of One Software Bypass of Windows 8 Secure Boot” is the topic of one panel. But as the personal computer industry has slowed so has interest in Windows hacks.
Or maybe—and this is clearly how Microsoft would like to view the digital world—all those dollars poured into shoring up the Windows security system is finally paying off. But in any event, with mobile devices and Web applications much more inviting targets these days, hacking PCs is clearly a passé activity for the most modern hacker based on the Black Hat agenda.
2. The Internet of (Hacked) Things. If the Windows hacker is no longer at the forefront, that position has been usurped by the Thing Hacker. The rise of the connected world of sensors, home security and self driving cars sounds great until you find that you are not doing the driving. I’m guessing that the Internet of Things and Thing Hacking will become its own conference in the not too distant future. One presentation is titled, “Let’s Get Physical: Breaking Home Security Systems and Bypassing Building Controls.”
3. Calling Android. There are lots of panels and activity around mobile security. The focus on mobile security is often aimed at Android devices. Why Android? First hackers like to go after the big targets (which is why Windows mobile is not getting much attention) and iOS and Apple devices still tend to be more secure than the Android gang. One session is titled, “Android: One Root to Own Them All."
4. Privacy, identity and security. The three topics are intertwined. Despite the rise of biometrics and other non-traditional identification methods, hacking passwords is still a large and growing industry. If you can’t assure identity, you can’t assure security and that simple equation gets an endless amount of venture investment and activity. Take it from me—the rise of all those connected mobile devices puts security beyond the reach of mere mortals. Whereas cloud computing is overtaking traditional data center computing, it will take something on the scale of cloud security to lock down the mobile, social, connected digital world.
5. Snoops with Badges. The extent of government access to the digital world as evidenced by the information released by Edward Snowden has created a new level of discussion regarding the role of government and the digital public. Black Hat (and its somewhat related DEF CON conference) was always a place where the hackers in white hats, black hats and government hats all mingled. That is no longer the case with DEF Con out and out trying to block
government employees from attending. The role of the NSA in digital monitoring has propelled the discussions on the proper role and limits of privacy versus protection to an intensity level not previously seen in the 16 years of Black Hat.
Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008 authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article. All duties are disclaimed. Lundquist works separately for a private investment firm which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.