BH Mobile Security Summit
June 16-18, 2015
ExCeL London | London, UK
Black Hat USA
August 1-6, 2015
Mandalay Bay | Las Vegas, NV
Black Hat Europe
November 10-13, 2015
Amsterdam RAI | The Netherlands
6/18/2014
02:00 PM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Black Hat USA 2014: Embedded & Vulnerable

They're all around us, just waiting to be hacked. WiFi signals? Well, sure, but today we want to talk about embedded systems, the hackable internals in an ever-growing number of everyday devices.

Modern cars are hackable; this we know. Unfortunately, thus far research has only been presented on three or four particular vehicles. Since each manufacturer designs their fleets differently, analysis of remote threats must avoid generalities. A Survey of Remote Automotive Attack Surfaces takes a step back and examines the automotive network of many manufacturers from a security perspective. Now we can ask better questions: Are some cars more secure from remote compromise than others? And has automotive network security changed for the better over the last five years?

USB: The ubiquitous interface is a friend to everyone, at least when they can figure out which way to flip that darn connector. But ubiquity, of course, does not equal safety, which Karsten Nohl and Jakob Lell will prove with brutal aplomb in BadUSB - On Accessories that Turn Evil. They'll introduce a new form of malware that operates from controller chips inside USB devices. A full system compromise from USB? Sure. A self-replicating USB virus not detectable with current defenses? Why not. They'll wrap by diving into the USB stack, assessing where USB malware defense should set up shop.

Finally, in Breaking the Security of Physical Devices, Silvio Cesare will describe a series of attacks on objects ranging from a car to a baby monitor to home alarm systems. The common thread here is that all his attacks are simple but effective. He'll also show you how to mitigate them, a lot of which comes down to buying the right goods, thus avoiding their easily broken competitors.

One and a half months until the event... time to lock down your travel plans. Regular registration ends on July 26. Please visit Black Hat USA 2014's registration page to get started.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.