Security professionals descending on Las Vegas this week for the annual Black Hat conference will see lots of creative hacking.
More than 50 presentations are planned for Black Hat 2011, which runs through Aug. 4, with security researchers disclosing more than 20 software and system vulnerabilities. Presentations will detail security flaws in everything from USB devices, industrial control systems, iPhones, Android devices, Chrome OS and printers.
Some of the researchers have already publicly disclosed their presentations. Charlie Miller, a security researcher from Accuvant, revealed how he managed to hack the microcontroller chips that control the batteries inside Apple's MacBook, MacBook Pro and MacBookAir, and corrupt them to the point that the devices no longer recognized the battery packs.
Zscaler Labs researcher Michael Sutton will show how embedded Web servers in printers and scanners can be discovered on the Internet. The Web servers are found in practically any appliance that has an IP address and are ubiquitous in home and business networks. Network-connected devices are regularly deployed with virtually no security whatsoever, Sutton said. He will demonstrate how a cyber-attacker could access a device remotely and view all the documents that have been scanned, listen to phone calls and see the faxes received.
Two researchers from WhiteHat Security's Threat Research Center, Matt Johansen and Kyle Osborn, discovered a plethora of serious security flaws in Google's Chrome OS. The pair claimed the security flaws found could result in exposing user emails and documents and stealing session cookies to hijack their accounts.
In their panel on "war-texting," Don Bailey and Matthew Solnik, researchers from iSec Partners, will discuss finding mobile-networking vulnerabilities in automobiles that would allow an attacker to unlock them and turn the engine on remotely. Bailey devised a method for exploiting the GSM network to send malicious SMS (Short Message Service) communications that can upload data and transmit information.
"War-texting" is a variation of "War-driving," where people drive around in autos with devices designed to discover and intercept signals from unprotected wireless LANs. With War-texting, they are intercepting messages sent between servers and autos.
Dillon Beresford, a security researcher at NSS Labs, will be presenting his work on exploiting Siemens Simatic S7 process logic controllers. The talk, originally scheduled for the TakeDownCon security conference in May, was withdrawn after Siemens worried about potential ramifications if he publicized the vulnerabilities before they could be patched. At Black Hat, Beresford is expected to cover new vulnerabilities and demonstrate how attackers can impersonate the communication control used by the industrial control systems.
Researcher Dino Dai Zovi performed a detailed audit of the security mechanisms and features in iOS 4 for his presentation. Dai Zovi will be making recommendations on what organizations can do when deploying iOS devices to their employees.
Independent security researcher James Arlen will discuss the threat of attacks on high-frequency trading systems. The rapid evolution of high-frequency computer-based trading means there is not a lot of security oversight on those systems, Arlen said. These systems execute trades in microseconds, which would be a problem for most IT departments because most security products have operational latencies measured in milliseconds, according to Arlen. Traditional IT environments are just too slow to handle the risks facing high-frequency trading systems.
And finally, Moxie Marlinspike, founder of start-up Whisper Systems, will discuss issues in the SSL (Secure Sockets Layer) and the fragile certificate authority infrastructure. The attack on root certificate authority Comodo, in which an attacker managed to issue valid certificates for domains belonging to Google, Yahoo, Skype and other companies, highlighted some of the issues. Marlinspike will release a client-side software tool for Firefox to avoid having to rely on the certificate authority infrastructure to determine which sites were trusted and authentic.