Black Hat USA 2014 is one of the most widely attended security conferences of the year and this year there were a number of interesting briefings on a variety of topics such as automotive attack surfaces, POS malware, cloudbots and more. Qualys presented two pieces of research surrounding TSA vulnerabilities as well as hacking physical devices such as keyless cars and home alarm systems.
Here’s a recap:
One of the most talked about briefings of the event came from Qualys’ Director of Threat Intelligence Billy Rios who presented his findings on TSA vulnerabilities in, Pulling Back the Curtain on Airport Security: Can a Weapon get Past TSA? Speaking to a standing-room only crowd, Rios outlined how modern TSA airport security devices and networks operate and revealed some of the potential vulnerabilities and risks he discovered in scanning devices. His research and subsequent talk generated lots of interest from attendees and media alike including: BBC, Bloomberg BusinessWeek and Forbes.
Keyless Car Vulnerabilities
Silvio Cesare Director of Anti-Malware Engineering for Qualys showcased his research on how he was able to break into a number of household and common devices such as a popular model car and home alarm systems in his talk, Breaking the Security of Physical Devices. He also discussed ways of mitigating these attacks and avoiding the bad and buying the good. You can check out a preview video of his talk or read about it in USA Today, WIRED and The Telegraph.
Jonathan Trull, CISO for Qualys, talked about the importance of continuously monitoring the global perimeter in his talk, Building a Continuous Security Program for your Global Perimeter. Trull discussed why organizations should adopt a continuous security practice and how to create a blueprint that spans the entire lifecycle, from discovering assets to prioritizing issues and mitigating exploits.
These talks, along with the other briefings at Black Hat highlight the growing security risks associated with the evolving world of “Internet of Things.” As more and more everyday devices (think home appliances, wearables, baby monitors, etc.) are connected to the Internet, the technological challenge of securing the devices and data becomes critical. If the Black Hat conference agenda was any indicator, this is only the tip of the spear with a long road ahead.