Attacks/Breaches
12/28/2011
01:23 PM
50%
50%

7 Coolest Hacks Of 2011

Evil insulin pumps and laptop batteries, war texting, and a tween hacker captured our imagination -- and our attention.

Some hacks are epic not merely for their significance in IT security, but for their sheer creativity and novelty. They're those in-your-face hacks that both entertain and educate, and crack those things we take for granted in our everyday lives.

For the fifth year in a row, Dark Reading has compiled an end-of-the-year list of the coolest hacks executed by those imaginative, inquisitive, and resourceful hackers who dare to go the distance to try some of the most unique--and sometimes bizarre--hacks.

Some of this year's coolest hacks are downright chilling in that they could mean life or death, like the ones that tampered with the dosage dispensed by popular insulin pumps, or that remotely shut down the power on industrial control systems that run power plants. Others were both charming and precocious, like the 10-year-old hacker who found a major flaw in her favorite mobile gaming app after getting bored and looking for a way to progress further with it.

So grab a cup of eggnog, kick back by the fireplace, and time-travel back--to some of the coolest hacks of the year.

1. Remotely starting a car via text message.
There's war driving, and then there's war texting. Security researcher Don Bailey discovered how simple it is to remotely disarm a car alarm system and control other GSM and cell-connected devices: He showed off his find by remotely starting a car outside Caesars Palace in Las Vegas during the Black Hat USA and DefCon shows.

It took Bailey, a security consultant with iSec Partners, only two hours to first hack into a popular car-alarm system and then start the car from afar with a text message. He and fellow researcher Mat Solnick later re-enacted the hack via video in Vegas.

Read the rest of this article on Dark Reading.

Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
1/9/2012 | 12:42:55 AM
re: 7 Coolest Hacks Of 2011
Good list. I would also add the Hacker Halted talk about hacking into prison systems.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.