Black Hat and Def Con, the two annual security conferences you shouldn’t miss, are drawing to a close.
Each year, security researchers and hackers bring their exploits and discoveries to share with the common aim of making the world more secure. But if you weren’t in Vegas for the heat and hacking, we’ve got you covered.
ZDNet: A flaw in modern 3G and 4G LTE cell networks could be used to pave the way for a next-generation of stingray devices, otherwise known as cell site (or IMSI) simulators. These highly controversial surveillance devices are shrouded in secrecy, but are almost exclusively used by police and law enforcement, often without warrants, in order to carry out indiscriminate cellular surveillance.
ZDNet: A security researcher found a bug, later patched by Apple, which could’ve let an attacker or insider gain access to an entire account’s iCloud Keychain. The vulnerability was found by targeting a weak point in the end-to-end encryption, which let the researcher steal passwords and other secret data, like the Wi-Fi network names and visited websites and their passwords.
Motherboard: Hackers have shown how to remotely hijack an internet-connected car wash, which they say could be used to hurt someone — the first cyberattack turned physical attack of its kind. “An attacker can send an instantaneous command to close one or both doors to trap the vehicle inside, or open and close one door repeatedly to strike the vehicle a number of times as a driver tries to flee,” wrote Motherboard.
CBS News: Fruitfly is the name of a stealthy but highly-invasive malware for Macs that went undetected for years. An attacker can remotely take complete control of an infected computer, including accessing user files, and the computer’s webcam, screen, keyboard and mouse.
Wired: A series of vulnerabilities in the software and hardware of radiation detection systems can be exploited to, in its worst case scenario, “confuse nuclear engineers, or prevent them from responding to an ongoing radioactive leak.” A hacker could disable radiation monitors to allow dangerous nuclear materials to bypass checkpoints.
CNET: A security flaw in the embedded system of a Diebold Nixdorf cash dispenser let hackers raid the cash stored inside. A vulnerability near the ATM’s speakers in the upper section provided an opening for potential hackers to loosen and expose a USB port. “We’re pretty sure we can just ask it to give us the money,” said one of the hackers.
CNET: A flaw in how phones switch from modern LTE cell networks to the older, fallback 2G network can let an attacker send text messages and make phone calls from a victim’s phone number. The hack works because of the way your phone rushes to keep a connection running when it switches between network technologies, according to the security researchers who found the flaw.
Dark Reading: A senior FBI agent described how the agency took down one of the largest, most damaging international botnets in living memory. Avalanche, the command and control network behind several ransomware and trojans, was a “network of servers used to spread malware campaigns” that facilitated so-called money mule laundering schemes. More than 800,000 domains associated with the complex network.
USA Today, Reuters: US officials say that no votes were affected in the recent US presidential election. Hackers in Las Vegas have been challenged to “prove it.” The hackers have been given rare access to try to break into dozens of pieces of election equipment, including voting machines that are currently in use. The security researchers will spend the weekend trying to hack the machines and trying to alter the voting machines’ results.