Pages

Monday, August 18, 2014

THE MOST TERRIFYING SECURITY NIGHTMARES - Revealed at the BLACK HAT and DEF CON hacker conferences

PC WORLD REPORTS from hacking conferences:

Hacker heaven

It's that time of year again: The wonderful, terrifying week when hackers and security gurus descend upon Las Vegas to show off their skills and unleash presentation after presentation full of scary-sounding exploits.
 
This year is no different. Over the previous week, we've heard tales of planes brought down by rogue code, snoops spying on your security cameras, and secretive, undetectable code that can turn any USB drive into an unstoppable malware vessel.
 
If the past is any indication, most of these exploits are scarier in theory than in fact—but they still offer a startling glimpse into the dangers inherent in an increasingly connected world. Here are the creepiest security stories coming out of Black Hat and Def Con in 2014.
 
BadUSB: Silent but deadly
 
Let's start with one of the more startling revelations. Researchers from Security Research Labs say they've developed a proof-of-concept attack that targets a thumb drive's firmware, rather than the files on the drive itself. The infected drive, when inserted into any PC, pretends to be a keyboard to download malware.
 
Since the vast majority of thumb drive makers don't protect their firmware in any way, and antimalware solutions don't scan firmware for heinous activity, the attack could theoretically be used to spread hard-to-find, hard-to-stop malware to PCs and any thumb drive you connect to those PCs. You can read the full details here. Fortunately, this type of attack has never been found in the wild.

Falling from grace

Another proof-of-concept attack could have far more physical repercussions. Ruben Santamarta, a researcher at IO interactive, claims he's discovered flaws that allow him to hack into the satellite communications of airplanes via their Wi-Fi and in-flight entertainment systems—opening the door for attackers to interfere with the plane's navigation and safety systems.
 
Makers of the communications equipment downplayed the threat when contacted by Reuters, calling both the odds of an attack as well as the potential damage "minimal." The vendors said they're already working to plug the holes revealed by Santamarta, however. 
 
Read more
 
BLACK HAT website - https://www.blackhat.com/
 
DEF CON website - https://www.defcon.org/

******************************************************************************

No comments:

Post a Comment

Thank you for visiting my blog. Your comments are always appreciated, but please do not include links.