Monday, 8 August 2011
Over the course of five days, the two security conference unleash a firehose of flashy research that's unlike any other, a boatload of tools and techniques that grab the attention of malicious hackers and those defending again them in equal measure.
Several critical vulnerabilities were revealed in Siemens' Simatic Step7 software, which manages the devices that control everything from power plants to mass transit systems, by Dillon Beresford, a researcher with security firm NSS Labs. Beresford had previously delayed his talk to give Siemens more time to fix the flaws, and even at Black Hat didn't share all the details of his attack. But he's also criticized Siemens for downplaying the problem, and claims that the attack could be repeated by even low-resource hackers.
Several critical vulnerabilities were revealed in Siemens' Simatic Step7 software, which manages the devices that control everything from power plants to mass transit systems, by Dillon Beresford, a researcher with security firm NSS Labs. Beresford had previously delayed his talk to give Siemens more time to fix the flaws, and even at Black Hat didn't share all the details of his attack. But he's also criticized Siemens for downplaying the problem, and claims that the attack could be repeated by even low-resource hackers.
Prison door systems could be hacked with vulnerabilities similar to those used by the Stuxnet worm, according to a group of researchers. Security consultant John Strauchs, working with a hacker who goes by the name Dora the Scada Explorer, created an exploit that targets prison systems and could potentially open doors on command or suppress alarms.
Medical devices have been hacked by security researchers before. But this time was personal: Jerome Radcliffe, a diabetic and security analyst, showed that an attacker would be able to take control of his insulin pump to turn it off wirelessly, potentially causing illness or even death.
Mac-hacker Charlie Miller, who has risen to prominence by exposing and exploiting numerous security flaws in practically every new Apple product, debuted a technique to hack an unlikely weakness in the company's laptops: their batteries. As I previewed last month, the attack can reprogram the firmware on the chip that regulates power to those lithium ion chunks, killing the battery instantly or potentially hiding undetectable malware on it.
