Black Hat Briefings, which have taken place since the late 90s, are the most important events of the year for security professionals. Sponsored by the likes of Microsoft and Cisco, they regularly feature prescient and grounded security concerns to IT professionals in ways that enable them to improve security within their domain. This year’s Black Hat Asia Conference will be no exception, with several radically important security concerns being brought to the surface.
It’s Only Impossible if You Know It’s Impossible
black hatterThe first and most buzzworthy talk to be given at the 2015 Black Hat Asia Conference (March 24 – 27) has to be the advent of cryptocurrency block chain malware. INTERPOL researcher Christian Karam believes that the transparency of the block chain – one of its most advertised and applauded features – may, in fact, be its Achilles’ heel.
Karam has been investigating the possibility that the block chains of Bitcoin and other cryptocurrencies could be used to embed malware on thousands of computers in a perpetual manner. He will be presenting a proof-of-concept to this effect.
Transactions and data are encrypted throughout the blockchain networks using different versions of public/private key encryption. Could malware survive eternally inside crypto-transactions? A proof of concept will be explained highlighting the concerns revolving around the “abuse and bloating” of the blockchain while comparing it to previous malware hosting and deployment models.
How to Keep the Cloud from Leaking without Shutting Off the Sun
Recently, everything’s gone “cloud” in the name of convenience. Organization-level networks are becoming a thing of the past as cloud-based alternatives become cheaper and easier to maintain. They also create centralized points of failure. Never fear, because presenters Nir Valtman and Moshe Ferber say they now have an app for that. Called “Cloudefigo,” they promise to demonstrate on the fly with Amazon Web Services how they can patch and audit cloud instances without losing data or, apparently, much (if any) downtime at all.
Live security updates could revolutionize server administration and eventually make outages due to upgrading a thing of the past. It goes in line with recent news that the Linux kernel can now be patched without a system reboot – something unimaginable for the longest unless one was using something special like Ksplice.
You CAN Hack a Car (but You’d Heard That Already)
Former Tesla software engineer Eric Evenchick will be unveiling an open source tool that makes communication with the Controller Area Network (CAN) – the protocol used mainly in automobiles – relatively easy. He will demonstrate exploits of CAN systems and the advertisement makes the following promise:
By the end of the talk, attendees will not only gain an understanding of automotive systems, but will also have the tools to attack them.
CAN has long been a vulnerable system, but it is only in recent years that increased wireless capabilities have come to cars.
This presentation will hopefully serve as a good reminder to the automotive industry that networking is not like auxiliary audio or air conditioning. That is, if they’re going to be implementing all these new features, they’d better put the same care they put into the variable speed windshield wiper into it or they’re bound to have serious breach after serious breach.
Hacked will keep our readers abreast of exciting developments at this and other Black Hat events as they become available.