It's been ten years since the first warnings about the security defects in pacemakers, which made them vulnerable to lethal attacks over their wireless links, and since then the news has only gotten worse: one researcher found a way to make wireless pacemaker viruses that spread from patient to patient in cardiac care centers, and the medical device makers responded to all this risk by doubling down on secrecy and the use of proprietary code.
Read the rest
University of Tulsa security researchers Jason Staggs and his colleagues will present Adventures in Attacking Wind Farm Control Networks at this year's Black Hat conference, detailing the work they did penetration-testing windfarms. Read the rest
At the Black Hat hacker convention in 2013, Former NSA director Keith Alexander asked hackers to help the NSA come up with ways to protect Americans' privacy and civil liberties.
"How do we start this discussion on defending our nation and protecting our civil liberties and privacy?" Alexander asked the Las Vegas crowd. "The reason I'm here is because you may have some ideas of how we can do it better. We need to hear those ideas." Read the rest
It's like Bad USB, with extra Thunderbolt badness: Web-based attacks can insert undetectable malicious software into a Mac's UEFI/BIOS, which spreads to other machines by infecting Thunderbolt and USB devices. Read the rest
It's Las Vegas hacker convention season: Black Hat kicks off Aug. 2-7, and Def Con runs Aug. 7-10. This time around, National Security Agency leadership will be absent from the speaking rosters, in contrast with previous years.
Read the rest
Billy Lau and Yeongjin Jang from Georgia Institute of Technology have presented a demo at Black Hat of a way of stealthily compromising Iphones and other Ios devices with gimmicked chargers. The devices need to be unlocked -- either having no unlock code to begin with, or unlocked by the user after connection -- but apart from that, the device can compromise any Ios device. Read the rest
Cody Brocious -- a Mozilla dev and security researcher -- presented a paper on a vulnerability in hotel-door locks last month at Black Hat. Many electronic hotel door-locks made by Onity have a small DC power-port that also supplies data beneath them. Brocious showed that if he plugs an Arduino into these locks, reads out the 24-bit number sitting there, and re-transmits it to them, some appreciable fraction of them (but not all of them) spring open.
Read the rest
Testing a standard Onity lock he ordered online, he’s able to easily bypass the card reader and trigger the opening mechanism every time. But on three Onity locks installed on real hotel doors he and I tested at well-known independent and franchise hotels in New York, results were much more mixed: Only one of the three opened, and even that one only worked on the second try, with Brocious taking a break to tweak his software between tests.
Even with an unreliable method, however, Brocious’s work–and his ability to open one out of the three doors we tested without a key–suggests real flaws in Onity’s security architecture. And Brocious says he plans to release all his research in a paper as well as source code through his website following his talk, potentially enabling others to perfect his methods.
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.