9. Federal Aviation Administration hacking
If you're a nervous flier, the Federal Aviation Administration (FAA) hacking talk by Righter Kunkel would have given you nightmares.
The FAA controls all air traffic over the continental US and the consequences could be catastrophic if it was shut down in some way. Large-scale cancellation of flights would be inevitable, and any planes in the air would conceivably be left flying blind.
Kunkel, himself a pilot, found that getting into the system was easy, and required little more than a fake ID. The attacker could register for a flying-fitness medical certificate and use this to get a student pilot's certificate number.
This would allow access to the FAA's flight plan submission system, since a full plan must be given before every flight.
By using denial-of-service methods an attacker could flood the FAA's computers with false flight plans using a simple script and shut down the network.
There's more to it than that, and Kunkel rightly kept those details to himself, but it makes you think.
8. The Feds
Back in the early days of the conferences, the federal criminal authorities would try to infiltrate the events to gain information on attackers and their tactics. They were so persistent that a 'Spot the Fed' competition was set up for attendees.
But everyone's matured since then, and current and ex-members of the law enforcement community are not only welcome but have their own conference sessions in which they discuss frankly the positive side of working within the law and some of the mistakes they have made over the years.
The result is a much more sensible arrangement. Hackers can see that not everyone with a badge is a brainwashed tool of 'The Man' who is looking to crack down on them as part of a fascist campaign, and in return the feds get to see that hackers are intelligent, highly-motivated people who could be of great benefit to their country, rather than dismissing them as nothing more than common criminals and weirdos.
As a result, the government has even started using Black Hat to recruit allies in the fight against organised crime and terrorism. This is a wise move and makes us all safer.
7. SMS hacking
SMS hacking has been around for a while, but researchers Charlie Miller and Collin Mulliner caused a storm by showing how easy it was to hack Apple's iPhone with a simple set of text messages.
By sending the right code to the phone the researchers found they could take complete control of the device, and use it to hijack other devices. The only way to stop it is to shut the phone down completely.
It was a masterful piece of work but raised some very worrying concerns. Since the attacks can be spread to other smartphones, it raises the possibility of a phone worm, which would spread over the network and possibly take down large parts of the phone system. A worrying thought indeed.
More worrying was the ease with which the bug was found. It took them a week to find the flaw, and two and a half weeks to write an exploit. Apple took six weeks to fix it.
6. Software updates
Software updates are a part of life and, by and large, make computing a lot safer. However, that may no longer be the case.
Two Israeli researchers, Itzik Kotler and Tomer Bitton from Radware, found a way to use the software update process to inject malware into a target. They found the flaw in over 100 applications, including Skype.
The attack uses Wi-Fi to detect computers looking for software updates using HTTP, and jumps onto the signal before the application servers issuing the updates can send the code. It then tells the user that there is code ready for upload (even if no updates are needed) and injects malware onto the target computer.
It's an especially scary attack because patch management is vital for secure computing. To have it subverted is going to have people second-guessing their own systems.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
