Tuesday, September 6, 2011

BlackHat and Defcon 2011: Top 10 Scariest Hacks
- Network World's take on a handful meriting the most concern

Las Vegas hosted Black Hat USA 2011 and Defcon 2011 conferences dished up a number of interesting hacking demonstrations applicable for critical infrastructure organizations. The wide ranging top ten identified by Network World (full slide show) included SCADA issues (Siemens, of course) and even a pretty significant ERP system issue (SAP).

  1. Siemens S7 hack (top one!). Very scary considering just how dependent real world facilities are to systems with related security problems, issues go well beyond being specific to Siemens solutions!
  2. VoIP botnet control. Clever data ex-filtration, command and control methods using VoIP channel, touch tones phones.
  3. Powerline device takeover. Demonstrating a device that can tap into home power lines, monitor and control home alarm/security cameras, e.g., enable intruders to jam security gear then break in.
  4. Hacker drone. Off-the-shelf electronics used to create WASP (wireless aerial surveillance platform) executing flight plans while doing its work (crack codes, pick up cellphone calls, etc).
  5. Car hijack via phone networks. Using text messages over phone links to hack a Subaru Outback car alarm, unlock doors, starting vehicle. Similar to devices used in some critical infrastructure settings, raising concerns about knocking out power grids and water supplies.
  6. Hack faces to find Social Security numbers. Acquiring a person's Social Security number using nothing more than social networking photo, face recognition software, and a deducing algorithm.. interesting!
  7. Remotely shut down insulin pumps. Exposing a very difficult to resolve wireless security problem- could be fatal in wrong circumstances. The diabetic security researcher focused on issues with his own wireless pump.. "devices weren't designed with security in mind"
  8. Embedded Web server menace. Embedded web servers in photocopiers, printers may them easier to administer and be compromised, potentially pilfering produced documents. Easy fingerprinting and attack approaches demonstrated.
  9. Spreading false router tables. Demonstrated OSPF (open shortest path first) routing protocol having weaknesses permitting attackers to install false table entries on uncompromised routers, potentially affecting data streams (sending info to remote attacker) or just crippling networks.
  10. SAP flaw- Authentication. Showed how SAP system can be broken into, gaining administrative privileges. The researcher determined that half the systems examined were vulnerable to this issue. Easy to locate target systems with Google search. SAP is working towards releasing a related security update.
- Insulin pump attack prompts call for federal probe‎ - Register 8/19/2011- Committee urges investigation into security standards for wireless medical devices.
- Black Hat 2011 USA Archive video, audio, slides added since Aug 2011 conference
- DEF CON 19 Archive - site stood up 9/5 w/slides, etc from Aug 2011 conference

No comments: