Black Hat USA
July 30 - August 4, 2016
Mandalay Bay | Las Vegas, NV
Black Hat Europe
November 1-4, 2016
London UK
Black Hat Asia
March 28-31, 2017
Singapore
6/18/2014
02:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2014: Embedded & Vulnerable

They're all around us, just waiting to be hacked. WiFi signals? Well, sure, but today we want to talk about embedded systems, the hackable internals in an ever-growing number of everyday devices.

Modern cars are hackable; this we know. Unfortunately, thus far research has only been presented on three or four particular vehicles. Since each manufacturer designs their fleets differently, analysis of remote threats must avoid generalities. A Survey of Remote Automotive Attack Surfaces takes a step back and examines the automotive network of many manufacturers from a security perspective. Now we can ask better questions: Are some cars more secure from remote compromise than others? And has automotive network security changed for the better over the last five years?

USB: The ubiquitous interface is a friend to everyone, at least when they can figure out which way to flip that darn connector. But ubiquity, of course, does not equal safety, which Karsten Nohl and Jakob Lell will prove with brutal aplomb in BadUSB - On Accessories that Turn Evil. They'll introduce a new form of malware that operates from controller chips inside USB devices. A full system compromise from USB? Sure. A self-replicating USB virus not detectable with current defenses? Why not. They'll wrap by diving into the USB stack, assessing where USB malware defense should set up shop.

Finally, in Breaking the Security of Physical Devices, Silvio Cesare will describe a series of attacks on objects ranging from a car to a baby monitor to home alarm systems. The common thread here is that all his attacks are simple but effective. He'll also show you how to mitigate them, a lot of which comes down to buying the right goods, thus avoiding their easily broken competitors.

One and a half months until the event... time to lock down your travel plans. Regular registration ends on July 26. Please visit Black Hat USA 2014's registration page to get started.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.