The hackers came together to show off their best hacking tricks -- in the name of security, of course. The goal is to help find bugs and loopholes in security systems so they can be fixed.
Last year, Charlie Miller and Chris Valasek made headlines after their remote hack into a Jeep’s computer system. They even tested the hack on 60 Minutes. Fiat Chrysler had to recall 1.4 million vehicles because of the stunt.
This year, Miller and Valasek raised the stakes, and hackers around the world revealed their darkest secrets. Here are eight takeaways from this year’s conference that might scare you:
1. Even your light bulbs can be hacked.
The Internet of Things undoubtedly can help you with day-to-day tasks, and that’s what hackers are counting on.
A presentation by the CTO of NewAE Technology, Colin O’Flynn, and Eyal Ronen, an Israeli graduate student, provided details on a cyber-security nightmare, a bug spreading between the Internet of Things and smart devices.
The team shared drone video of hacking office building lights -- and then they hacked the lights at the conference.
2. Be careful what you click on when using social media.
ZeroFOX senior data scientist Philip Tully and data scientist John Seymour showed that the content on your social media accounts may not always be what it seems.
The team built a bot that can phish social media users, sending messages that got them to hand over their personal information and ultimately, their money.
This phishing smart bot locates a target, gets to know the target’s interests and then infiltrates his or her feed with a catered message. Its creators saw as high as a 60 percent click through rate.
3. Chip-and-PIN credit cards can be easily hacked.
Although banks are touting chip-and-PIN credit cards as being a safer alternative to the swipe versions, one of the highlights of this year’s conference was to prove the exact opposite.
Multiple researchers demonstrated that it actually takes only small modifications to equipment to bypass the protections on chip-and-PIN cards to enable unauthorized payments.
4. Your car still isn’t safe.
Last year, Charlie Miller and Chris Valasek became hacking stars when they broke into a jeep’s computer system, causing Fiat Chrysler to recall cars. This year the pair are back at it.
Instead of just controlling the speed of the car, the team demonstrated this year that they can turn the steering wheel from a laptop in the back seat, which caused the SUV to dramatically crash into a ditch. It’s safe to say Fiat Chrysler is not happy.
5. Nobody is safe, not even hackers.
You would think that the team that puts on one of the biggest hacking events in the world would be able to keep hackers at bay, but even Black Hat can get hacked.
In the network operations center of Black Hat, a team of volunteers worked to keep the Wi-Fi safe from the 11,000 hackers in attendance.
The Wi-Fi did get hacked, but it was just a practical joke. There was a spike in traffic for two and a half minutes, which was a string of text reading “I <3 Grifter” (Grifter being a comic book hero) and then “Thanks for having a sense of humor.”
6. Don’t pick up USBs and plug them into your computer.
Yes, that shiny new USB laying on the ground might seem like a blessing, but it’s not, so please don’t put it in your computer.
Google researcher Elie Bursztein ran a study where she dropped nearly 300 USB drives on a college campus. Of those dropped, 98 percent were picked up and 45 percent were plugged into a computer.
While this was just a study that had “call home” software on it, systems could be hacked with malware-infected USB drives.
7. Even Apple is asking hackers for help against hackers.
You might think you’re smart enough to avoid getting hacked, but if Apple is requesting help, you might want to rethink that.
At this year’s conference, Apple introduced its first security bounty program, which offers hackers that found loopholes an up to $200,000 prize.
8. Short-term rentals are becoming a hot hacking destination.
Jeremy Galloway from Atlassian detailed how public trust for short-term rental companies such as AirBnB might help hackers.It’s not AirBnB’s actual software that’s the problem, but rather the way guests and hosts are using the Wi-Fi at the rental locations. If a hacker gains access to the Wi-Fi access point, they could install malware and even gain access to the network’s traffic.