What to Watch For From the Hackers at Black Hat
Composite image by Re/code
Could a determined computer hacker use in-flight Wi-Fi to penetrate and interfere with the communications equipment aboard the plane he’s on? Or could someone create a wireless master key that could unlock any car?
Answers to those questions are among the findings said to be coming up in a series of presentations at the Black Hat conference in Las Vegas. Starting today, security researchers from around the world will be presenting the results of their latest efforts to poke and prod the digital infrastructure around us as though they were bad guys looking to cause trouble.
And there’s new data today on how much trouble — real and potential — there is. Cisco Systems released its latest assessment of the current state of Internet security, and the results are sobering. In a sample of 16 multinational organizations (typically large companies or government agencies), Cisco researchers say they saw examples of malicious traffic on 100 percent of the corporate networks they sampled. Traffic to websites serving malware were seen in nearly 94 percent of these networks. “Based on the activity they observed, Cisco researchers also determined that this particular group of corporate networks reviewed likely had been penetrated for some time and that the core infiltration had not been detected,” the report says.
Here’s a rundown on some of the Black Hat presentations worth paying attention to in the coming days.
Hacking satellites, planes and ships
The talk that has gotten the most attention from a headline-grabbing point of view is one scheduled for Thursday from the researcher Ruben Santamarta, a consultant with IOActive. He has apparently found a vulnerable pathway from in-flight Wi-Fi and seat entertainment systems into cockpit communications and navigation systems. His main story is loaded with phrases like “in theory” and “only tested in controlled environments.” However, the less-sexy but equally troubling implication of his research is that satellite systems that commercial planes and ships use to communicate and navigate are vulnerable to attack. Like so many other systems, they have hard-coded administrative passwords and other potential back doors that an attacker could use to take control of them. Once a hacker has done that, the next logical step would be to try and mess around with where a plane or ship is going. You can probably use your imagination about the rest.
Taking control of Android phones
Researchers Tao Wei and Yulong Zhang at the security firm FireEye will disclose a technique that uses certain versions of Google’s Android operating system’s ad-serving technology to take over a phone, track its location to within eight feet, remotely hijack it to send text messages to people on the contact list, and turn on the microphone and camera without the user knowing about it. The technique is being called a “Sidewinder Targeted Attack,” but it’s also being described as a “VIP Attack,” says FireEye research director Rob Rachwald, “because you’re going to use it to go after a specific individual,” like an executive or high-profile person. At the root of the vulnerabilities are so-called adlibs, short for ad libraries, which the firm says tend to aggressively gather — and then give up — a lot of a user’s private information. “The phone becomes a walking surveillance tool.”
Kids today probably don’t even know that opening a car door used to involve inserting a key into a lock. Keyless entry systems are common, but are they really all that good at keeping people out of your car? Silvio Cesare, a researcher for the security firm Qualys, will disclose a technique for fooling those systems using cheap and readily available components, though he admits he’s only yet tested it on his own car. The trick is using software-defined radios, which can be programmed to send and receive all kinds of radio signals, to send the unlock signal on a car’s specific frequency. Once an attacker knows the frequency, a “brute force” attack that tries thousands of entry code combinations at a high rate of speed can result in opening the door. Cesare told Wired that the attack has varying levels of success because every model of car handles the code a little differently and works on different frequencies. But a determined attacker with the right equipment and time on his or her hands can, in some cases, trick a car into unlocking its doors.
Securing every connection
As the Internet evolves, the underlying technologies that make it work, including techniques used to secure it, are going to have to evolve, too — and that won’t be easy. Researchers Catherine Pearce and Patrick Thomas from Neohapsis, a mobile security firm, will detail some of these complicated problems in a talk scheduled for Wednesday.
Your typical smartphone has several ways to connect to the Internet: The cellular network, Wi-Fi and Bluetooth to name a few. While all those connections may be live at once, a typical application can only use one connection at a time. The reason lies in 1970s-era technology known as Transmission Control Protocol, which is one of the technical underpinnings of the Internet. When an application reaches out to the network, it tends to pick one of the network connections available and stick with it, Thomas says.
That’s going to change. The Internet Engineering Task Force, one of the Internet’s technical standards-setting bodies, is working on a new approach called Multipath TCP which, in time, will allow applications to use multiple network connections at once. While that’s a good thing from a user’s point of view — connections will be redundant and therefore more reliable — it raises a batch of new security concerns. The fundamental question is this: How do you secure a network connection that is constantly changing? If and when Multipath TCP is widely deployed to the Internet — Apple already uses it for Siri on the iPhone — our ability to connect to the Internet seamlessly may improve, but many basic assumptions around how to secure those connections change with it. “This is something that is beginning to roll out to the real world,” Pearce said. “As it continues, security will have to change or it will no longer work because the assumptions it relies on will no longer be true.”