The annual hacking and security conference is upon is again. Experts and researchers from all over the world will present their alarming and encouraging takes on vulnerabilities, exposures, and privacy risks. Here’s what we’re hoping to see.
By Neil J. Rubenking and Max Eddy
The annual DEF CON hacking conference started as an accident in 1993 and has been going and growing ever since. Black Hat, launched in 1997 by DEF CON founder Jeff Moss (aka Dark Tangent), is its more formal cousin.
To paraphrase a welcome speech by Moss a few years ago, friends said to him, “Hey, why don’t you invite more people, charge them a lot of money, and make them wear suits?” The suits are gone, for the most part, but Black Hat gets bigger every year, with 19,000 attendees last year.
Black Hat consists of two very different parts. From Saturday to Tuesday, security experts and aspiring experts pay thousands of dollars to participate in training sessions intended to hone their skills in a wide range of security tasks. The press is not invited. On Wednesday and Thursday, the conference switches to briefings, where security experts and academics from all over the world share their latest discoveries, new vulnerabilities, and cutting-edge research.
Some presentations are too arcane even for PCMag’s security experts, but there are plenty that touch on everyone’s life and privacy. Here are some of the events we’re looking forward to.
In June, the Black Hat team announced that (now outgoing) Rep. William Hurd, a Texas Republican and former CIA officer, would keynote the event. A few days later, the lawmaker was “disinvited” based on his conservative voting record, he said; the conference team said they “misjudged the separation of technology and politics.” Longtime security entrepreneur, researcher, and speaker Dino Dai Zovi will take the podium instead.
Revealing the Cult of the Dead Cow
Back in the 80s, a group of hackers and BBS sysops in Texas formed a group they called the Cult of the Dead Cow, named for a local slaughterhouse. Their Back Orifice remote administration Trojan made news in the late 90s, but you may have heard the name more recently thanks to presidential hopeful Beto O’Rourke, who was once part of the group. We’re very much looking forward to a session on the group’s history and goals featuring three influential members of the group, including Mudge and Deth Vegetable.
The Human Side of Security
The toughest safe in the world won’t protect your valuables if someone gives away the combination. Likewise, computer security depends on human factors, enough so that there are a whole Human Factors track for briefings. Several talks look at the threat of deepfake videos, including one that aims to detect fakery using mice (rodents, not the computer kind). Other topics include phishing, social media manipulation, and, ironically, using privacy law to steal private information.
Internet of Insecure Things
No Black Hat conference would be complete without a dollop of device hacking. In the past, we’ve seen techniques for completely taking over security cameras and gimmicked chargers that can pwn your phone in a minute. We’re looking forward to a talk on hacking electric motors at all levels, from actuators in self-driving cars to the tiny device that makes your smartphone buzz. Another talk reports on vulnerabilities in the Boeing 787’s internal network. Maybe we should drive to Las Vegas.
Attack the iPhone
Common wisdom holds that Windows and Android are highly vulnerable to attack, macOS is much less so, and iOS the safest of all. Indeed, malwarecoders focus on Windows and Android. But the master hackers who present at Black Hat instead go for the toughest target.
A Google researcher will present her findings on techniques for attacking the iPhone remotely. Another team promises a technique for jailbreaking the iPhone XS Max. Lest we lose faith, Apple’s Ivan Krstić will take attendees behind the scenes to help understand what makes iOS and macOS so secure. His talk on iOS security a few years ago managed to take some extremely arcane details and make them understandable………Read More>>