By Andrew Brandt
The Black Hat briefings, held Wednesday and Thursday this week, once again brought together some of the best and brightest in the security industry to share knowledge about novel attacks and better defenses against old and new attacks. And, once again, there were some eye opening moments at the conference.
Right from the beginning, it was clear the scope of the conference had shifted from the previous year. Conference founder Jeff Moss described a new, more rigorous committee-driven process that Black Hat had begun to employ to scrutinize and vet talk proposals. Talks this year would be more technical, go deeper into security threats, and would encompass a broader range of topics than had been done in years past.
But soon after Moss introduced former ambassador and CIA counterterrorism expert Cofer Black, the opening keynote speaker to the conference, someone pulled a fire alarm in the hall where the speech was taking place. While lights flashed and warning sirens sounded, Black joked about the prerecorded messages playing over loudspeakers.
One of the first sessions of the conference was also one of the most interesting. Don Bailey, a security consultant, spoke about the security vulnerabilities of devices with embedded ties to the telephone network, such as traffic control systems, SCADA sensors used in large industrial plants, and home control and automation systems. Bailey’s discovery that some of these devices receive signaling information in the form of SMS text messages led to experimentation with a car equipped with an OnStar receiver.
In brief, Bailey managed to reverse-engineer the messages that the OnStar system transmits to vehicles when operators at OnStar’s control center get a call to, for instance, unlock the car. The end result being that Bailey was able to send specially crafted messages directly to the telephone number of the OnStar receiver in his car, and perform the same functions — remotely lock or unlock the doors, remotely open the car windows, and remotely start the car’s engine — that OnStar tells its subscribers only the company can perform for them, on the owner’s behalf.
Many of the talks focused on new ways to manipulate mobile networks and wirelessly-connected devices. One talk covered vulnerabilities in electronic water meters that transmit usage data wirelessly. Another talk touched on the mobile phone network and how deliberately-installed malicious cellphone “towers” — which the researchers called femtocells — can be used to track and monitor specific users of mobile phones.
In a similar talk, researchers described how they constructed their own remote controlled UAV aircraft (called “The Wasp”), equipped it with various types of network sniffing tools, and set it flying around the skies of Los Angeles to demonstrate the power — and potential danger — of such airborne monitoring devices.
For the second day, the most intriguing scheduled talk — titled “Hacking Android for Profit” — never happened. The two speakers never showed up, and nobody could reach them by phone. But the rest of the mobile hacking track carried on, with talks explaining the technical details behind various types of known vulnerabilities in Apple’s iOS, and others focusing on Android patches, vulnerabilities, and a discussion about detection of Android malware using behavioral, proactive techniques.
Of course, many more talks were given about ‘plain old’ Windows malware. I’ll discuss those in upcoming posts.