Black Hat Hackers Highlights: Awards, Attacks, and Apple

Black Hat Hackers Highlights: Awards, Attacks, and Apple

Hotel locks, iris scans, GooglePlay and other "secure" technologies are cracked in demonstrations at the security conference.

Denizens of the digital world are feeling a little less secure this week as another edition of the Black Hat hacker conference wrapped up in Las Vegas.

Among the technologies cracked by security researchers at the show were hotel room locks, iris scanners, Google Bouncer, point of sale terminals, and near-field communication technology.

Those attending the conference and staying in hotel rooms must have found unsettling a presentation by Mozilla software developer Cody Brocious. He demonstrated a homebrewed device made for $50 that unlocks hotel rooms.

The gadget is similar to what hotels use to program locks to accept master key cards. However, the device works only on locks made by Onity, and it works about 33 percent of the time. On the other hand, there are from 4 to 5 million hotel rooms worldwide that have the locks to experiment on.

Biometric Security Undermined

A highly secure biometric form of identity authentication was also undermined at Black Hat. Spanish researchers showed how they could create a lifelike image of the iris of a person's eye. In tests against a top commercial recognition system, the iris scanner was fooled 80 percent of the time, according to the team from Universidad Autonoma de Madrid.

Images of fake irises have been created in the past, but this is the first time the iris of an actual person has been duplicated from data gathered about the organ.

When Google introduced Bouncer to its online app store, GooglePlay, it was believed that the technology would go a long way toward cleaning up apps infected with malware distributed through the outlet. Doubt was cast on that notion at Black Hat by Trustwave. The company demonstrated how, through the use of sophisticated masking techniques, it was able to slip a pernicious app under Bouncer's radar and remain camped in GooglePlay for two weeks before the researchers took it down.

Malicious apps, though, aren't the only ones snooping in data stored in smartphones, according to a study released at Black Hat by Appthority. It found that 96 percent of iOS apps and 84 percent of Android apps have the capability to access sensitive information on a smartphone, such as contacts, location, and calendar information.

Mobile Shoppers Beware

Electronic commerce was also a target of boffins at Black Hat. A pair of researchers demonstrated a payment card they designed that would infect a point of payment terminal when it was swiped by the device. The card planted on the terminal a Trojan that collected credit card information and PIN numbers entered into the device. That information could be later extracted from the terminal with another malicious card.

The researchers also showed how vulnerabilities found in the terminal could be used to fool store clerks into thinking a purchase had been approved by a bank when it hadn't.

Near Field Communications (NFC), an up and coming technology used for financial transactions from mobile phones, also attracted the attention of Black Hat researchers. Accuvant researcher Charlie Miller showed how a tag embedded with an NFC chip could be used to compromise the information in an Android phone simply by brushing against it.

A tradition at Black Hat is the Pwnie Awards, which recognize achievements and failures during the 12 month period leading up to the event. One of the award winners this year was the creators of the Flame software who developed a scheme that used Windows Update to deliver malware to PCs. Not surprisingly, the authors of Flame did not accept their award when it was announced.

A first at Black Hat this year was the appearance of Apple as a presenter at the show. The presentation, though, was a letdown. After rehashing the information in a white paper on iOS security released by the company in May, Security Platform Engineer Dallas de Atlas bolted from the forum without answering any questions.  

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments