One of the largest gatherings of hackers is rolling into Las Vegas this week, with Black Hat and Defcon taking place back to back. The cybersecurity conferences are often referred to as “Hacker Summer Camp,” which raises questions about keeping yourself safe when you’re surrounded by hackers.
Each year, on the Defcon subreddit and on Twitter, there are questions safety and security. I remember having the same concerns my first year about bringing my personal devices to the conference, worried about getting hacked if I connected to the wrong Wi-Fi network. I had three phones that year — though one of them I was purposely using to try to get onto malicious networks.
The truth is, there isn’t that much to sweat.
“I honestly have never ran into anyone at any conference that has a burner phone,” said Stephanie Carruthers, a white hat hacker at IBM. “If you’re losing sleep over it and think you’re being targeted, then you can get a burner phone.”
Carruthers, also known as Snow, has been going to Defcon since 2011. Her first year, she didn’t take any precautions except to keep her Wi-Fi turned off. Beyond being mindful of your wireless settings, Carruthers recommends packing a comfortable pair of walking shoes.
This’ll be my third year attending hacker summer camp, and I decided to ask some Defcon veterans what I should pack, starting with its founder, Jeff Moss, also known as Dark Tangent. He’s never brought a burner phone to the conference.
“I use my mobile, I’m on the Defcon secure network, I have my Bluetooth turned off, if they get me, they’re going to get me over a zero-day,” Moss said.
A zero-day is a vulnerability that is unknown to the companies that can fix the flaw. They can be worth up to $500,000 for malicious exploits and aren’t likely going to be wasted on average conference attendees.
Moss’s best recommendations aren’t even security-related.
“The more important things are stay hydrated and have a snack bar,” the Defcon founder said.
This is by no means a definitive list of recommendations of what you should bring, it’s just what I’ve learned and plan on bringing to keep myself secure. A dedicated attacker could easily hack me if I’m targeted, just like how no matter how many self-defense classes I take, a dedicated fighter would flatten me in seconds.
With that being said, here are my suggestions. Side bonus: These are also generally good tips for situations when you aren’t surrounded by hackers.
Before I head out, I’m making sure my iPhone is on the latest iOS. While vulnerabilities for iOS aren’t impossible, they’re pretty rare. It’s why Apple is willing to pay $200,000 for security researchers who can find vulnerabilities on iOS.
If someone is willing to waste $200,000 to hack me, I’m extremely flattered.
No Bluetooth or Wi-Fi
The more important thing is to adjust settings on your phone to keep it safe from avoidable attacks. That means keeping your Wi-Fi and Bluetooth turned off (sorry, AirPods).
You should also use a VPN, said Mike Spicer, a security researcher speaking at Defcon. He’s spent three years analyzing network traffic at Defcon and will present his findings on Friday.
“The biggest threat is going to be somebody tricking you to connect to their Wi-Fi network,” he said………Read More>>