Black Hat Hackers Highlights: Awards, Attacks, and Apple

Black Hat Hackers Highlights: Awards, Attacks, and Apple

Hotel locks, iris scans, GooglePlay and other "secure" technologies are cracked in demonstrations at the security conference.

Denizens of the digital world are feeling a little less secure this week as another edition of the Black Hat hacker conference wrapped up in Las Vegas.

Among the technologies cracked by security researchers at the show were hotel room locks, iris scanners, Google Bouncer, point of sale terminals, and near-field communication technology.

Those attending the conference and staying in hotel rooms must have found unsettling a presentation by Mozilla software developer Cody Brocious. He demonstrated a homebrewed device made for $50 that unlocks hotel rooms.

The gadget is similar to what hotels use to program locks to accept master key cards. However, the device works only on locks made by Onity, and it works about 33 percent of the time. On the other hand, there are from 4 to 5 million hotel rooms worldwide that have the locks to experiment on.

Biometric Security Undermined

A highly secure biometric form of identity authentication was also undermined at Black Hat. Spanish researchers showed how they could create a lifelike image of the iris of a person's eye. In tests against a top commercial recognition system, the iris scanner was fooled 80 percent of the time, according to the team from Universidad Autonoma de Madrid.

Images of fake irises have been created in the past, but this is the first time the iris of an actual person has been duplicated from data gathered about the organ.

When Google introduced Bouncer to its online app store, GooglePlay, it was believed that the technology would go a long way toward cleaning up apps infected with malware distributed through the outlet. Doubt was cast on that notion at Black Hat by Trustwave. The company demonstrated how, through the use of sophisticated masking techniques, it was able to slip a pernicious app under Bouncer's radar and remain camped in GooglePlay for two weeks before the researchers took it down.

Malicious apps, though, aren't the only ones snooping in data stored in smartphones, according to a study released at Black Hat by Appthority. It found that 96 percent of iOS apps and 84 percent of Android apps have the capability to access sensitive information on a smartphone, such as contacts, location, and calendar information.

Mobile Shoppers Beware

Electronic commerce was also a target of boffins at Black Hat. A pair of researchers demonstrated a payment card they designed that would infect a point of payment terminal when it was swiped by the device. The card planted on the terminal a Trojan that collected credit card information and PIN numbers entered into the device. That information could be later extracted from the terminal with another malicious card.

The researchers also showed how vulnerabilities found in the terminal could be used to fool store clerks into thinking a purchase had been approved by a bank when it hadn't.

Near Field Communications (NFC), an up and coming technology used for financial transactions from mobile phones, also attracted the attention of Black Hat researchers. Accuvant researcher Charlie Miller showed how a tag embedded with an NFC chip could be used to compromise the information in an Android phone simply by brushing against it.

A tradition at Black Hat is the Pwnie Awards, which recognize achievements and failures during the 12 month period leading up to the event. One of the award winners this year was the creators of the Flame software who developed a scheme that used Windows Update to deliver malware to PCs. Not surprisingly, the authors of Flame did not accept their award when it was announced.

A first at Black Hat this year was the appearance of Apple as a presenter at the show. The presentation, though, was a letdown. After rehashing the information in a white paper on iOS security released by the company in May, Security Platform Engineer Dallas de Atlas bolted from the forum without answering any questions.  

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments