At the annual #Black Hat USA 2016 #cyber security conference in Las Vegas earlier this month, over 12,000 #hackers, security researchers, and media from around the globe received a first-hand look at the latest vulnerabilities that are part of life in the technology world.

1. EMV Chip Cards are not that secure after all

Security researchers detailed findings which showed they could hack an ATM and a point-of-sale terminal using embedded “EMV” chip cards, by inserting a “shimmer” (which sits between the card and machine reader) into the card slot. During a live demonstration at Black Hat, an ATM machine spit out money on command and private codes were obtained from a POS (point of sale) terminal.

Advertisements
Advertisements

2. Mobile threats are rising

While Android smartphones in the U.S. still remain relatively secure, there has been a massive exploitation of the mobile platform in other countries around the world by compromising the phone’s computer chip. Because the Android platform is vastly fragmented, security tools on the phone’s processor are less likely to handle hardware bugs which can infect the device through downloaded malicious apps. Researchers also presented cyber threat evidence that smartphone bugs can migrate between platforms, so Apple is not completely immune either.

3. Cars and light bulbs are equally hackable

Security experts showed last year that they could remotely hack into a car’s computer system and this year they took wireless control of a Jeep Cherokee at highway speeds. They succeeded in remotely engaging the brakes and affecting car steering, although the two researchers readily admitted it took a lot of time and effort.

Advertisements

Internet-connected light bulbs didn’t fare any better. Researchers from Canada and Israel presented the results of their work which showed how to take full remote control of the Philips Hue smart bulb. A full disclosure of their research was provided to Philips and the company is currently conducting an internal investigation. Black Hat attendees were treated to a video of lights blinking on and off in a building which (ironically) housed several prominent security companies, while a hacker was just driving around with his bulb-controlling device.

4. Beware of the Killer Drone

As drone technology becomes more advanced and unmanned aerial vehicles can carry bigger payloads, the threat level has gone up as well. One security expert delivered a presentation which showed a DJI Phantom 4 hobby drone carrying a running chainsaw that hacked icicles off a house and loomed menacingly over the heads of snowmen in a front yard. It was an effective demonstration because drones today can be controlled up to three miles away and it’s not far-fetched to envision the aerial vehicles carrying lasers or jamming devices either.

Advertisements

Hobby drones are also now equipped with sensors that can track cars and even humans.

5. Messaging and Airbnb can be a criminal’s playground

Two of the Black Hat sessions dealt with threats generated though online services. One presentation described how the popularity of Airbnb has also created an attack opportunity where malicious guests can deliberately gain control of a consumer-grade home router by installing malware. This creates a problem not just for the homeowner, but future guests as well. Airbnb homeowners were advised to place their router in a locked cabinet to minimize the risk of tampering.

A German researcher discussed the results of a study which sent spear phishing messages from non-existent people using both Facebook and standard email. The results showed that subtle manipulation of the social nature of the message (“here’s some pics from last night’s New Year’s Eve party!”) led more people to click an enclosed unsafe link when the communication was delivered through Facebook rather than standard email.