FD Insights Issue 11 | Page 31

F ounded in 1997 by Jeff Moss (who also founded Def Con), Black Hat Briefings, or Black Hat as it’s more informally known, is a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. It has become immensely popular and what started as a single annual conference in Las Vegas, is now held in multiple locations around the world. Def Con was founded even earlier, in 1993, and is one of the world’s largest annual hacker conventions, held every year in Las Vegas. The attendees are a diverse and eclectic group, and include computer security professionals, journalists, lawyers, federal government employees, security researchers, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be “cracked.” lated than originally envisioned, and that in 20 years’ time it will not reflect the original dream of freedoms and global conversation enjoyed across the globe without censure. Motor Vehicles Susceptible to Hacking As cars are becoming increasingly reliant on software, they are also becoming more and more susceptible to hackers. First, Jeep’s lack of security went viral in a Wired magazine video that showed how hackers could bring a moving Jeep to a halt on a busy freeway. Then hackers announced that they found a flaw in Tesla’s Model S that would enable them to take control of the vehicle. Google Ramping Up its Android Security Efforts Adrian Ludwig, who runs Android security for Google, delivered an Android Security State of the Union speech reassuring Android users that Google is increasing its efforts to improve security for the OS. To reinforce his point, Ludwig announced that Google and its partners are pushing out the largest software update in Android history, an update designed to fix the Stagefright vulnerability. Your Fingerprints are Not Secure Scheduled talks and guest speakers are by no means the only activity which exists at these conventions either. Activities are as diverse and varied as the range of attendees and include social events and contests in everything from creating the longest Wi-Fi connection and cracking computer systems, to who can most effectively cool a beer in the Nevada heat. Other contests include lockpicking, robotics-related contests (discontinued), art, slogan, coffee wars (not currently running), scavenger hunts and Capture the Flag competitions. FireEye researchers Tao Wei and Yulong Zhang outlined new ways to attack Android devices to extract user fingerprints. The threat is for now confined mostly to Android devices that have fingerprint sensors, such as Samsung, Huawei, and HTC devices, which by volume remains low compared to iPhone shipments. But down the line by 2019, where it’s believed that at least half of all smartphone shipments will have a fingerprint sensor, the threat deepens. 2015 Round-Ups A fascinating list of topics emerged from the conferences and highlighted just how broad the computer security industry has become. Here are some of the highlights… Industrial Control Switches Need Fixing Researchers at Black Hat USA disclosed critical SCADA/ ICS vulnerabilities in switches actively used in industrial control management systems, such as substations, factories, refineries, ports, and other areas of industrial automation. This has worrying implications on logistical and operational activities and is especially concerning when extended to nuclear facilities. Internet Freedom is Slowly Dying Keynote speaker and Director of Civil Liberties at the Stanford Center for Internet and Society, Jennifer Granick, believes that today’s Internet is less open and more regu- Microsoft Raises Incentives for its Bug Bounty Programmes Microsoft has revised its Bug Bounty schemes with improved rewards, bonuses and the addition of new valid programmes. This comes as many tech and software companies run bug bounty programs to entice ethical hackers to disclose any bugs or vulnerabilities in their software to the company in exchange for a cash reward, rather than go public with the inform ][ۋ