Black Hat USA
August 2-7, 2014
Mandalay Bay, Las Vegas, NV
Black Hat Europe
October 14-17, 2014
Amsterdam Rai, The Netherlands
6/18/2014
02:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
Connect Directly
RSS
E-Mail
50%
50%

Black Hat USA 2014: Embedded & Vulnerable

They're all around us, just waiting to be hacked. WiFi signals? Well, sure, but today we want to talk about embedded systems, the hackable internals in an ever-growing number of everyday devices.

Modern cars are hackable; this we know. Unfortunately, thus far research has only been presented on three or four particular vehicles. Since each manufacturer designs their fleets differently, analysis of remote threats must avoid generalities. A Survey of Remote Automotive Attack Surfaces takes a step back and examines the automotive network of many manufacturers from a security perspective. Now we can ask better questions: Are some cars more secure from remote compromise than others? And has automotive network security changed for the better over the last five years?

USB: The ubiquitous interface is a friend to everyone, at least when they can figure out which way to flip that darn connector. But ubiquity, of course, does not equal safety, which Karsten Nohl and Jakob Lell will prove with brutal aplomb in BadUSB - On Accessories that Turn Evil. They'll introduce a new form of malware that operates from controller chips inside USB devices. A full system compromise from USB? Sure. A self-replicating USB virus not detectable with current defenses? Why not. They'll wrap by diving into the USB stack, assessing where USB malware defense should set up shop.

Finally, in Breaking the Security of Physical Devices, Silvio Cesare will describe a series of attacks on objects ranging from a car to a baby monitor to home alarm systems. The common thread here is that all his attacks are simple but effective. He'll also show you how to mitigate them, a lot of which comes down to buying the right goods, thus avoiding their easily broken competitors.

One and a half months until the event... time to lock down your travel plans. Regular registration ends on July 26. Please visit Black Hat USA 2014's registration page to get started.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-4350
Published: 2014-09-19
Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.

CVE-2014-4376
Published: 2014-09-19
IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.

CVE-2014-4390
Published: 2014-09-19
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

Best of the Web
Dark Reading Radio