Black Hat e DEF CON Black Hat e DEF CON

Black Hat e DEF CON

The Best defense is the attack

- + Text size
Print

The Black Hat and DEF CON: annual meetings to confront new types hacker attacks.

All devices are vulnerable to hacker attacks, however, with small adjustments, this risk can be reset or deleted.

he variety of devices that can be the subject of a hacker attack is incredible.

In addition to usual contest, these attacks involve violations of cars, televisions, home automation and biomedical implant devices. Today, examples include a smart TV that records what passes in front of the screen; a femtocell (small radio station that carries a cellular connectivity via a wired connection) which becomes an interception station;  a validator that is no longer able to recognize tickets with limited validity and enables unlimited travel. The hacker attacks can target any type of device!

Cybersecurity is an increasingly topical area. As a result, there are international events dedicated to those who struggle daily with the phenomenon of attacks and are constantly looking for new ways to anticipate criminal behavior. Famous events include Black Hat and DEF CON.

 

Prevention is better than cure: what are Black Hat and DEF CON?

This year Las Vegas hosted two of the most important conferences in the world on the topic of information security.
These meetings involved international experts and were both founded by Jeff Moss. However, the context of both are very different from each other.

  • Black Hat is a traditional convention, intended for an audience of experts. In the last edition (2012) 60% of the participants boasted a decade of professional experience in information security, 50% were employed in large companies and 41% were managers in the sector. This year's edition was the sixteenth and involved about 7500 people from 59 different countries.
  • DEF CON instead is a hacking convention in which, in addition to "specialists", other enthusiasts can also participate, thanks to the low cost of registration. DEF CON, this year has reached its twenty-first edition. It welcomed about 15,000 people who participated in password cracking, hardware hacking and social engineering contests ... short events for almost everyone!

An archive constantly growing

These annual meetings are essential to update news of attacks, but also help to simulate the post-attack situation which is the most critical phase and it is essential to think clearly to significantly lower the risks.

All material issued during the two conferences is archived in two files, which are updated anually.

The focal theme this year was the world of mobile, confirming the fact that the continuous evolution of technology in this area,dramatically increases the level of risk.
In particular Karsten Nohl demonstrated the simplicity involved toclone a SIM card and to have access to all the information contained within. Nohl presented a video on how to clone vulnerable SIMs, however, they were both secured immediately thanks to the telephone operators who discovered the attack.

The full video of the intervention is available on the website of Black Hat.

Another noteworthy intervention is  that of Jeff Forristal who discovered and proved a dangerous vulnerability in the mechanism of verifying the signature of Android applications, so you can access all the data by modifying a single application. Obviously, the problem has been resolved so it is no longer possible to encounter such an attack.

These interventions place PC devices at risk and our our smartphone is, nowadays, the object more easily accessible and it is also, paradoxically, the one containing the most sensitive data.