Evil insulin pumps and laptop batteries, war texting, and a tween hacker captured our imagination -- and our attention.
Some hacks are epic not merely for their significance in IT security, but for their sheer creativity and novelty. They're those in-your-face hacks that both entertain and educate, and crack those things we take for granted in our everyday lives.
For the fifth year in a row, Dark Reading has compiled an end-of-the-year list of the coolest hacks executed by those imaginative, inquisitive, and resourceful hackers who dare to go the distance to try some of the most unique--and sometimes bizarre--hacks.
Some of this year's coolest hacks are downright chilling in that they could mean life or death, like the ones that tampered with the dosage dispensed by popular insulin pumps, or that remotely shut down the power on industrial control systems that run power plants. Others were both charming and precocious, like the 10-year-old hacker who found a major flaw in her favorite mobile gaming app after getting bored and looking for a way to progress further with it.
So grab a cup of eggnog, kick back by the fireplace, and time-travel back--to some of the coolest hacks of the year.
1. Remotely starting a car via text message.
There's war driving, and then there's war texting. Security researcher Don Bailey discovered how simple it is to remotely disarm a car alarm system and control other GSM and cell-connected devices: He showed off his find by remotely starting a car outside Caesars Palace in Las Vegas during the Black Hat USA and DefCon shows.
It took Bailey, a security consultant with iSec Partners, only two hours to first hack into a popular car-alarm system and then start the car from afar with a text message. He and fellow researcher Mat Solnick later re-enacted the hack via video in Vegas.
Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)
Published: 2017-05-08 unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08 A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08 Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08 Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.