Report from Defcon's Voting Village reveals ongoing dismal state of US electronic voting machines

For three years now, cryptographer Matt Blaze (previously) and his colleagues have hosted a Voting Village at Defcon, the annual hacker con in Vegas, in which all comers are welcomed to try to compromise a variety of voting machines that are in actual use in American elections. Read the rest

Penetration tester releases proof-of-concept code for hijacking smart buttplugs

Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities. Read the rest

Security researcher cracks high-security lock used for ATMs, Air Force One, military bases

At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases. Read the rest

Defcon Voting Village report shows that hacking voting machines takes less time than voting

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

Join me and the Electronic Frontier Foundation today for a Reddit AMA about how copyright law can censor security research

Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Today, you'll get your chance. Read the rest

Insecure medical equipment protocols let attackers spoof diagnostic information

Douglas McKee of McAffee presented his research into the security of medical diagnostic equipment at last week's Defcon conference in Las Vegas. Read the rest

Hackers find exploitable vulnerabilities in Amazon Echo, turn one into a listening device

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion. Read the rest

The eminently hackable police bodycam

Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible, though the Digital Ally models are the least bad of the batch, as Wired's Lily Hay Newman reports. Read the rest

Stylistic analysis can de-anonymize code, even compiled code

A presentation today at Defcon from Drexel computer science prof Rachel Greenstadt and GWU computer sicence prof Aylin Caliskan builds on the pair's earlier work in identifying the authors of software and shows that they can, with a high degree of accuracy, identify the anonymous author of software, whether in source-code or binary form. Read the rest

How do you dump the firmware from a "secure" voting machine? With a $15 open source hardware board

One of the highlights of this year's Defcon conference in Vegas was the Voting Machine Hacking Village, where security researchers tore apart the "secure" voting machines America trusts its democracy to. Read the rest

After Defcon, the FBI arrested the UK national who stopped Wannacry

Update: Here is the indictment. Hutchins is accused of making and selling a keylogger called the "Kronos banking trojan."

Marcus Hutchins is the 23 year old security researcher behind the @MalwareTechBlog Twitter account; he's the guy who figured out that the Wannacry worm had an accidental killswitch built in and then triggered it, stopping the ransomware epidemic in its tracks. Read the rest

Reidentification attack reveals German judge's porn-browsing habits

In their Defcon 25 presentation, "Dark Data", journalist Svea Eckert and data scientist Andreas Dewes described how easy it was to get a massive trove of "anonymized" browsing habits (collected by browser plugins) and then re-identify the people in the data-set, discovering (among other things), the porn-browsing habits of a German judge and the medication regime of a German MP. Read the rest

Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

Since the 2000 Bush-Gore election crisis and the hanging-chad controversy, voting machine vendors have been offering touchscreen voting machines as a solution to America's voting woes -- and security researchers have been pointing out that the products on offer were seriously, gravely defective. Read the rest

See you at Defcon this weekend!

I'm making the final(ish*) stop of my Walkaway tour at Defcon this weekend in Las Vegas, giving a speech on Saturday in Track 2 at 10AM called $BIGNUM steps forward, $TRUMPNUM steps back: how can we tell if we're winning?, followed by a book-signing at the No Starch Press table in the exhibitors' hall. Read the rest

Defcon's hotel business-center won't print from links or USBs

Defcon, the hacker and security conference, is coming to Caesar's Palace this weekend (I'm speaking!), and that means that the hotel needs to start thinking hard about the security of its systems, likely to be targeted both in earnest (by people who want to spy on attendees) and in jest (by attendees who want to prank their fellows by announcing that they've compromised everyone's systems). Read the rest

Security researchers: EFF's got your back at this summer's technical conferences

Are you a security researcher planning to present at Black Hat, Defcon, B-Sides or any of this summer's security events? Are you worried a big corporation or the government might attack you for revealing true facts about the defects in the security systems we entrust with our safety, privacy and health? Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon

Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

More posts