The Best of Black Hat 2012

Black Hat USA 2012Black Hat USA 2012 took place at the end of last month and gave us quite a few things to think (and worry) about. Here’s a few of my favorite stories from the conference.

Hotel Room Hack
Cody Brocious, a Mozilla software developer and security researcher, figured out a way to break into hotel rooms by manipulating the key card reader through an exposed DC port on the underside of the readers. Here are some details from Forbes:

Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply. …

Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time.

Onity locks can be found on roughly four or five million rooms around the world. Luckily, when Cody tried his hack in-the-wild on real hotel doors it wasn’t consistently successful. Still, you might want to start using that room safe when you leave your room, just in case.

On three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.

Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture.

Learn more about the hack at Forbes >>>

NFC Enabled Phone Takeover
NFC capability has been showing up in more and more new devices. It’s pretty cool technology and sounds good in theory – being able to pay for groceries with your phone or exchange info just by standing near someone – but with Charlie Miller’s new discovery, NFC becomes a cause for concern. From CNN:

Miller’s most startling demo involved completely taking over an Android phone by merely brushing a tag with an embedded NFC chip against it.

A built-in content sharing feature called Android Beam allowed the tag to push a webpage to the Samsung Galaxy Nexus. A browser bug then opened the gate for unlimited access to everything on the phone.

Miller found similar vulnerabilities in the second phone he tested, a Nokia N9 running MeeGo. If the default “content sharing” setting is enabled, an attacker can work a loophole to pair the phone with a second device and go nuts.

Some of these vulnerabilities have already be patched, but it serves as a warning that manufacturers need to think like hackers before releasing a new feature, because if there’s a vulnerability, someone will find it.

Read the full report at CNN >>>

Malicious Point-of-Sale Attacks
This one is probably the most disconcerting hack for the everyday person. How many times a day do you swipe your debit or credit card at one of those little machines in a store? Researchers at MWR InfoSecurity found a way to load malicious code onto these terminals that will allow them to collect credit card information simply by swiping a card themselves. From

MWR researchers showed how a customized card containing malware can be inserted into a POST [point of sale terminal] and install software code that harvests all the card numbers and PINs from previous users of the terminal. The attacker then returns and obtains the information by inserting another card into the terminal or absconds with the information via radio frequency if the terminal supports wireless communication. Either way, cardholder data are compromised.

In addition to compromising customers’ information, merchants also have to worry about a similar hack MWR found that allows hackers to swipe a card and perform a transaction (complete with valid receipt) without actually paying.

Learn more at >>>

On a lighter note, there were a few hack (and hacker-focused) announcements that put a smile on our faces.

Point-of-Sale Video Game
The guys at MWR InfoSecurity may have given everyone a panic attack about swiping their cards at stores (or being out revenue if you’re a merchant) but they also threw in a more light-hearted hack that surely made everyone smile. They used the same method of loading a card with malicious code that would effect a POS system, but this time, the code turned the terminal into a functioning racing game. You could even play the game using the terminal’s pin pad and screen.

Hacking, the Card Game
Are you a high school or college student interested in White Hat security, but don’t know where to start or how to learn the ways of a hacker? Don’t worry, there’s a card game to help you! Control-Alt-Hack is designed to create a more open, comfortable environment for learners to develop skills and ask questions. Here’s more about the game, which is still in production, from CNET:

In Control-Alt-Hack, you work as a researcher for a computer security company that gets hired to stress-test other companies. The deck of 156 cards includes 16 “person” cards to give you an identity during the game. …

Despite the emphasis on fun, the game goes to great lengths to be accurate. The learning objectives, obfuscated behind cute pop culture references like, “I find your lack of encryption disturbing,” include promoting the accessibility of computer science and computer security; teaching that there’s more to computer security than antivirus and the Web; and accurately depicting a diverse range of attack techniques and attacker goals.

Get more details at CNET >>>

Those were my favorite stories from Black Hat 2012. Did I miss any of your favorites?

Essential Guide to Mobile App Testing

Leave a Reply

Your email address will not be published. Required fields are marked *