The Scariest Things We’ve Seen at Black Hat 2021


Every year the Black hat Security conference gathers the best and most terrifying security research in one (sometimes digital) place. That impressed and worried us in 2021.

Another virtual year

Last year Black Hat was completely virtual. This year, the participants had the opportunity to tune in virtually or to take part in person. We chose the former and spent another year behind our respective desks at home and not in the glittering expanse of Las Vegas. Apparently we weren’t the only ones. The images we saw on social media showed a much quieter, more empty black hat.

In his closing keynote, Black Hat and Def Con founder Jeff Moss took it calmly: “It seems strange to me,” said Moss. “Well, weird. Less pressured.”

3 separate keynotes

Typically, Black Hat held a single, lengthy keynote speech at the start of the convention. There were three speakers this year: security expert Matt Tait on Wednesday, Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly on Thursday morning, and Homeland Security Secretary Alejandro Mayorkas on Thursday evening.

Tait used his time to talk about what attacks on the supply chain are like turn the economy of hacking on its headwhich removes the natural brakes on bad behavior on the internet.

Both Mayorkas and Easterly called on the research and hacker communities to work with the government. Mayorkas put it bleakly, saying that China, Russia and Iran are trying to build a more repressive internet. Easterly reiterated its concerns, but also reiterated its support for strong encryption. It’s not scary, it’s actually a relief.

Bank! Bank! Data theft!

If you’ve got $ 200,000 lying around and have an incredibly deep understanding of both encryption mechanisms and electrical engineering, we have a new hobby for you. Take the money, buy a big laser, and use this knowledge to extract secrets from microchips. And yes, the laser is absolutely necessary.

Training videos for Iranian hackers

Security coverage has given us some unique experiences, such as planning the demise of US democracy. This year we had a new experience: a training video for Iranian hackers.

While this was rightly scary, the researchers focused on some of the quirky, humanizing aspects of the hacking group. We saw them typing URLs incorrectly, struggling with CAPTCHAs, and being hit by ransomware.

Who is with you in this capsule?

The security ninja Kya Supa was out of the office and lived in a capsule hotel, which is similar to a temporary stay in an IoT appliance. His natural tendency to hack the many remote systems got a big boost when another resident he named Bob didn’t stop talking loudly at 2 a.m.

In his black hat briefing, Supa described the steps he took and the vulnerabilities he exploited to gain full control of the hotel’s devices, which he used to keep Bob up all night by turning off the lights remotely turning it on and off, switching the bed to sofa mode and back, and more.

Do not worry; Supa shared its findings with the hotel management and the manufacturer of the vulnerable devices. The hotel now has a completely new control architecture so that you can sleep peacefully in your capsule.

Your new enemy? Your browser

Apps are great, but they are a hassle to install and not always on the device you need them on. A new technology promises to make the web more like an app by allowing access to your device’s files. There are some major advantages, but what are the disadvantages? You’re pretty serious too.

5G? More like 5 AUUUUGH

Some of the most sensational research this year is on the sparkling new 5G cellular technology that most of us have only heard of and will not experience firsthand for many years. Separately, savvy researchers Marco Grassi and Xingyu Chen demonstrated how they could achieve remote code execution on 5G baseband.

One thing 5G should be doing was improving security. IMSI catchers, sometimes called stingrays, are fake cellular base stations that trick nearby phones into connecting. Older stingrays were able to track large groups of people and sometimes intercept their data.

5G is still vulnerable to some IMSI catcher attacks, but according to Ravishankar Borgaonkar and Altaf Shaik, it can fight them off significantly better. Hopefully, mass surveillance and data tapping should get out of the picture with 5G. However, targeted tracking may still be possible.

Haunted by the spirit of Excel 4

Only the oldest of us remember Excel 4 as it was superseded by Excel 5 in the early 1990s. And VBA replaced the dangerously powerful Excel 4 macro system, whose capabilities range from spreadsheets to every aspect of Windows.

However, it turns out that Excel 4 lives on in macro-activated spreadsheets and is a common entry point for malware attacks. Because these macros can easily change their code while it is running, it is easy for malware programmers to obfuscate their code and thereby hide malicious behavior from antivirus tools or researchers. The malicious behavior might only occur on a specific date or only when certain conditions are met.

VMWare’s Giovanni Vigna led a team that developed a way to expose macros that use this devious technique. In fact, their Symbolic Execution System finds the inputs that trigger malware behavior by using the script. executes every possible input. It’s always a happy day when the good guys defeat the malware programmers.

Psst! Your messenger is listening

The researcher Natalie Silvanovich was fascinated by the FaceTime bug You can use it to eavesdrop on a victim’s phone. She wondered, are there any more of these vulnerabilities out there? When she looked at how mobile messaging platforms implemented WebRTC, she concluded that this is all too common. In her work, she tracked down bugs in Signal, Facebook Messenger, and other popular messaging platforms. But don’t worry: your conversations are safe again.

MacOS data protection a pinch of porous

While there are supposedly 50 ways to leave your lover, experts Wojciech Reguła and Csaba Fitzl showed research that revealed more than 20 ways to overcome macOS privacy. The team was able to gain permissions in a number of ways and reminded us that there are vulnerabilities everywhere.

Your router is annoying you

Here’s another reason to hate your crappy ISP: It could be the router / modem combination they gave you give away your location. Rob Beverly and Erik Rye conducted extensive data fusion research and discovered that certain low-end routers used a certain form of IPv6 address that they could trace back to within 50 meters of their actual location. This is a good excuse to update your router.

Windows says hello a little too easily

Passwords are terrible and passwordless authentication is the future. But Omer Tsarfati tricked Windows Hello – a passwordless login feature – by creating a fake camera and Feed it with pre-made footage. Maybe these COVID face masks can protect your health and logins?

Stalkerware is everywhere

With the proliferation of IoT technology, parental control software and “Find My” apps, abusers now have a wealth of engineered resources to control and monitor their victims. Lodrina Cherne and Martjin Grooten warn that stalkerware is only a symptom of the larger problem of intimate partner violence (IPV). The couple say Silicon Valley needs to be aware of how their products are being used against survivors.

The holes in a number of pipes

Pneumatic hose systems (PTS), which are regularly used by hospitals to transport samples, documents and medicines, are not entirely safe. Ben Seri and Barak Hadad from the security research company Armis showed how the PTS can be hacked without user interaction and even installed Doom on one of the consoles. Your research company is working with the company that makes the PTS to patch the system and prevent future exploits.

Source link


Leave A Reply