The annual Black Hat USA conference attracts thousands in the cybersecurity community every year and thanks to the milling hackers, new and innovative cyber-exploits have emerged, which can be both fascinating and scary.
This year’s conference has produced an impressive array of attacks, highlighting how hackers can manipulate every gadget and even the Internet of Things (IoT) to launch attacks. In efforts to detail the most notable of hacks that came forth from the Black Hat conference this year, IBTimes UK has compiled the top five security exploits for your perusal.
Social media hack
Security researchers John Seymour and Philip Tully of security firm ZeroFox have developed a new cyberweapon that drops a highly effective phishing tool on Twitter users. The AI Twitter bot, dubbed the SNAP_R, is capable of compiling massive amounts of information gathered from user tweets.
“The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow,” the security researchers explained in their paper. “Taken together, these techniques enable the world’s first automated end-to-end spear phishing campaign generator for Twitter.”
In other words, the Twitter phishing bot identifies users, gets familiar with them, infiltrates their feed with a specifically designed message and proceeds to bait users into clicking malicious links. The researchers have noted a click rate as high as 60%.
Flying hacker laptop
The impressively scary sounding Danger Drone also made its debut at the Black Hat conference. Danger Drone is a custom-made laptop, designed specifically to take flight, in efforts to physically infiltrate areas that are otherwise locked up with security. The device was designed to aid hackers to conduct attacks remotely, without the threat of having to be physically close to a target.
Hacking your way into airport lounges
Przemek Jaroszewski, Poland’s computer emergency response team head, developed an app to hack his way into airport lounges, after an automated boarding pass reader mistakenly rejected his gold status, denying him entry to an airport lounge in Warsaw.
“Literally, it takes 10 seconds to create a boarding pass” on a smartphone, says Jaroszewski. “And it doesn’t even have to look legit because you’re not in contact with any humans,” the Wired reported. Unfortunately, however, Jaroszewski prefers to err on the side of caution and thus has no plans to make his fake boarding pass app available to the public.
This year’s conference has produced an impressive array of attacks, highlighting how hackers can manipulate every gadget and even the Internet of Things (IoT) to launch attacksiStock
Security researchers of NewAE Technology detailed how hackers can infiltrate the Internet of Things (IoT) with a worm to infect smart devices. Smart home devices, smart cars and more can all be affected by this exploit, leaving numerous users vulnerable to various kinds of cyberattacks.
The researchers specifically tested out on Philip’s Hue smart bulbs. NewAE Technology CTO Colin O’Flynn said, “It’s entirely possible technically to cause these bulbs to send out a signal to take over bulbs, and that’s what you would need to create a worm,” said O’Flynn,” the PC Magazine reported.
Jeep hackers back at it again
Charlie Miller and Chris Valasek, aka the Jeep hackers, who made headlines at the Black Hat 2015 by showcasing how they could hack into a Cherokee Jeep while driving it on a highway were back at it again. This year, the duo came up with some new scarier tricks that allowed them to hack into a jeep and manipulate it such that it takes sharp turns while speeding down a road.
They were also able to control the vehicle remotely to suddenly slam the brakes or speed ahead without warning. “There’s no reason to think that this car company, or just American cars, is the only one that could be hacked,” Miller said.