Transportation

Amateur Drone Lands On British Air Carrier, Wired Reviews Anti-Drone Technology (bbc.com) 152

Long-time Slashdot reader mi quotes the BBC: The Ministry of Defence is reviewing security after a tiny drone landed on the deck of Britain's biggest warship. The Queen Elizabeth aircraft carrier was docked at Invergordon in the Highlands when an amateur photographer flew the drone close to the giant ship. When the aircraft sensed a high wind risk, it landed itself on the £3bn warship. The pilot told BBC Scotland: "I could have carried two kilos of Semtex and left it on the deck... I would say my mistake should open their eyes to a glaring gap in security."
Meanwhile, tastic007 shares Wired's footage of anti-drone products being tested (like net guns, air-to-air combat counter-drones, and drone net shotgun shells) -- part of the research presented at this year's DEFCON.
Security

Salesforce Fires Red Team Staffers Who Gave Defcon Talk (zdnet.com) 154

Josh Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer, have been fired by the company after they gave talk at the Defcon security conference talk in Las Vegas last month, reports ZDNet. Schwartz and Cramb were presenting the details of their tool, called Meatpistol, a "modular malware implant framework (PDF)" similar in intent to the Metasploit toolkit used by many penetration testers. The tool, "pitched as taking 'the boring work' out of pen-testing to make red teams, including at Salesforce, more efficient and effective", was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code. From the report: [...] The two were fired "as soon as they got off stage" by a senior Salesforce executive, according to one of several people who witnessed the firing and offered their accounts. The unnamed Salesforce executive is said to have sent a text message to the duo half an hour before they were expected on stage to not to give the talk, but the message wasn't seen until after the talk had ended. The talk had been months in the making. Salesforce executives were first made aware of the project in a February meeting, and they had signed off on the project, according to one person with knowledge of the meeting. The tool was expected to be released later as an open-source project, allowing other red teams to use the project in their own companies. But in another text message seen by Schwartz and Cramb an hour before their talk, the same Salesforce executive told the speakers that they should not announce the public release of the code, despite a publicized and widely anticipated release. Later, on stage, Schwartz told attendees that he would fight to get the tool published.
Robotics

A Robot At DEFCON Cracked A Safe Within 30 Minutes (bbc.com) 128

schwit1 shared an article from the BBC: Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas. The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes... After the robot discovered the combination was 51.36.93, the safe popped open -- to rapturous applause from the audience of several hundred... The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe. It cannot crack a digital lock -- although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Though the safe had a million possible combinations using three two-digit numbers, the last number had slightly larger indents on the dial -- reducing the possible combinations to just 10,000. And in addition, "the team also discovered that the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong" -- which meant that the robot only had to check every third number. "Using this method, they could cut down the number of possible combinations to around 1,000."

"Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen."
The Media

CNET Pranked By Web Site's Fake 'All Out War' Hack During DEFCON (cnet.com) 22

In a piece describing the paranoid vibe in Las Vegas during the DEFCON convention, CNET reported Friday that the Wet Republic web site "had two images vandalized" with digital graffiti. But their reporter now writes that "my paranoia finally got the best of me, and it turned out to be an ad campaign."

The images included a scribbled beard and eye patch on a photo of bikini model, along with the handwritten message "It's all out war." CNET's updated story now reports that "It looked like a prank you'd see from a mischievous hacker..." When I spotted the vandalism on the Wet Republic site Friday morning, it looked like other attacks I'd seen throughout the week, such as a Blue Screen of Death on a bus ticket machine... Hakkasan, which hosts the event at MGM Grand, said the "vandalism" was part of the cheeky advertisements for a seasonal bikini contest it's been running since 2015. The "all-out war" is between the models in the competition, not between hackers and clubs. Hakkasan's spokeswoman said nothing on its network has been compromised.

So maybe not everything online in Las Vegas is getting hacked this week, and this n00b learned to calm down the hard way.

For that matter, maybe that blue screen of death was also just another random Windows machine crashing.

CNET's reporter made one other change to his article. He removed the phrase "when hackers are in town for Defcon, everything seems to be fair game."
Security

US Voting Machines Cracked In 90 Minutes At DEFCON (thehill.com) 171

An anonymous reader quotes The Hill: Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure. Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software. According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
Though some of the machines were out of date, they were all from "major U.S. voting machine companies" like Diebold Nixorf, Sequoia Voting Systems, and WinVote -- and were purchased on eBay or at government auctions. One of the machines apparently still had voter registration data stored in plain text in an SQLite database from a 2008 election, according to event's official Twitter feed.

By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."
Privacy

CNET Warns 'Everything Looks Like A Hack' At DEFCON (cnet.com) 45

From a CNET report:The hacker convention, which is in its 25th year in Las Vegas, typically has hotels on alert for its three days of Sin City talk, demos and mischief. Guests are encouraged not to pick up any flash drives lying around, and employees are trained to be wary of social engineering -- that is, bad guys pretending to be someone innocent and in need of just a little help. Small acts of vandalism pop up around town. At Caesars Palace, where Defcon is happening, the casino's UPS store told guests it was not accepting any print requests from USB drives or links, and only printing from email attachments. Hackers who saw this laughed, considering that emails are hardly immune from malware. But the message is clear: During these next few days, hackers are going to have their fun, whether it's through a compromised Wi-Fi network or an open-to-tinkering website.
NOTE: CNET also originally reported that the Wet Republic web site "had two images vandalized" with digital graffiti. But their reporter now writes that "my paranoia finally got the best of me, and it turned out to be an ad campaign."
Security

DEFCON Conference To Target Voting Machines (politico.com) 105

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.
Australia

A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text (theregister.co.uk) 80

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."

Security

Disable WPAD Now or Have Your Accounts Compromised, Researchers Warn (csoonline.com) 75

It's enabled by default on Windows (and supported by other operating systems) -- but now security researchers are warning that "Man-in-the-middle attackers can abuse the WPAD protocol to hijack people's online accounts and steal their sensitive information even when they access websites over encrypted HTTPS or VPN connections," according to CSO. Slashdot reader itwbennett writes: Their advice: disable WPAD now. "No seriously, turn off WPAD!" one of their presentation slides said. "If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file"... A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.
Security

Samsung Pay Hack Lets Attackers Make Fraudulent Payments (theverge.com) 16

jmcbain writes: The Verge reports that a security researcher at DefCon outlined a number of attacks targeting Samsung Pay, Samsung's digital payment system that runs on their smartphones. According to the article, the attack "[focuses] on intercepting or fabricating payment tokens -- codes generated by the user's smartphone that stand in for their credit card information. These tokens are sent from the mobile device to the payment terminal during wireless purchases. [They expire 24 hours after being generated and are single-use only.]" In a response, Samsung said that "in certain scenarios an attacker could skim a user's payment token and make a fraudulent purchase with their card," but that "the attacker must be physically close to the target while they are making a legitimate purchase."
Privacy

Popular Sex Toy Caught Sending Intimate Data To Manufacturer (fusion.net) 195

In a world where thermostats, and smart locks can be hacked, and companies covertly record information, why should sex toys remain unaffected. Fusion is reporting that the We-Vibe 4 Plus, a popular vibrator sends a range of intimate data to its manufacturer. The sex toy uses a smartphone app, which lets a use control the vibration among other things. From the report: When the device is in use, the We-Vibe 4 Plus uses its internet connectivity to regularly send information back to its manufacturer, Standard Innovations Corporation. It sends the device's temperature every minute, and lets the manufacturer know each time a user changes the device's vibration level. The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes. This was revealed on Friday at hacker conference Defcon in Las Vegas by two security researchers, who wish to be called only by their handles @gOldfisk and @rancidbacon. The two examined the app's code and the information being sent by the device over Bluetooth. In a statement sent by email, Standard Innovation Corporation's president Frank Ferrari confirmed that the company collects this information. [...]
Security

75 Percent of Bluetooth Smart Locks Can Be Hacked (tomsguide.com) 87

It turns out, the majority of Bluetooth smart locks you see on the market can easily be hacked and opened by unauthorized users. The news comes from DEF CON hacker conference in Las Vegas, where security researchers revealed the vulnerability, adding that concerned OEMs are doing little to nothing to patch the hole. Tom's Guide reports: Researcher Anthony Rose, an electrical engineer, said that of 16 Bluetooth smart locks he and fellow researcher Ben Ramsey had tested, 12 locks opened when wirelessly attacked. The locks -- including models made by Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Okidokey and Mesh Motion -- had security vulnerabilities that ranged from ridiculously easy to moderately difficult to exploit. "We figured we'd find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors. It turned out that the vendors actually don't care," Rose said. "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'" The problems didn't lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock's companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.
Security

Hackers Make the First-Ever Ransomware For Smart Thermostats (vice.com) 213

Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a "smart" device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. "We don't have any control over our devices, and don't really know what they're doing and how they're doing it," Tierney told Motherboard. "And if they start doing something you don't understand, you don't really have a way of dealing with it." Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world.
Displays

One Billion Monitors Vulnerable to Hijacking and Spying (vice.com) 157

"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article: if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...

[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...

"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
Electronic Frontier Foundation

'Mayhem' Wins $2M In DARPA's AI Hacking Contest, Draws EFF Scrutiny (eff.org) 11

Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes: Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol?
Security

DARPA Will Stage an AI Fight in Las Vegas For DEF CON (yahoo.com) 89

An anonymous Slashdot reader writes: "A bunch of computers will try to hack each other in Vegas for a $2 million prize," reports Tech Insider calling it a "historic battle" that will coincide with "two of the biggest hacking conferences, Blackhat USA and DEFCON". DARPA will supply seven teams with a supercomputer. Their challenge? Create an autonomous A.I. system that can "hunt for security vulnerabilities that hackers can exploit to attack a computer, create a fix that patches that vulnerability and distribute that patch -- all without any human interference."

"The idea here is to start a technology revolution," said Mike Walker, DARPA's manager for the Cyber Grand Challenge contest. Yahoo Tech notes that it takes an average of 312 days before security vulnerabilities are discovered -- and 24 days to patch it. "if all goes well, the CGC could mean a future where you don't have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices. At a national level, this technology could help prevent large-scale attacks against things like power plants, water supplies and air-traffic infrastructure.

It's being billed as "the world's first all-machine hacking tournament," with a prize of $2 million for the winner, while the second and third place tem will win $1 million and $750,000.
Communications

Snowden Finally Identified As Target of Investigation That Ended Lavabit (washingtontimes.com) 77

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."
Android

Hotel Experience With Android Lightswitches (dreamwidth.org) 111

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.
Encryption

John McAfee Offers To Decrypt San Bernardino iPhone For the FBI and Save America (hothardware.com) 364

MojoKid writes: Wondering what John McAfee is up to these days? It's not sniffing bath salts nor is he fleeing foreign countries as a person of interest in a murder investigation and faking heart attacks (been there, done all that) ; instead, he's on a mission to save America. How so? By cracking the code on the San Bernardino iPhone that's causing such a ruckus. McAfee didn't just criticize the FBI; instead he offered a potential solution. Let him and his team of hackers break into the iPhone without any help from Apple. "With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension," McAfee said. Eccentric rant aside, McAfee's offer is simple - give him three weeks and he will, "free of charge, decrypt the information on the San Bernardino phone" with his team of hackers. He'll do it using mostly social engineering.

Slashdot Top Deals