They descended on Las Vegas last week for Black Hat and Def Con, collectively referred to as "hacker summer camp."
Black Hat celebrated its 25th anniversary this year and it was the first time since the beginning of the Pandemic that attendees fully returned to the carpeted hallways of the popular security conferences. There was a lot for the hacking community to catch up on after the mask confusion.
There were some great announcements from the two shows.
A $25 device can be used to hack into Starlink terminal. A Belgian security researcher took to the stage at Black Hat on Thursday to demonstrate how he was able to hack Starlink's user terminals using a homemade circuit board. Starlink had intended to keep its security system locked down, but this gadget allows a fault injection attack to circumvent it. Wouters was placed in the company's bug bounty hall of fame after revealing the vulnerability. After his talk, the company responded with a six-page paper explaining how it secures its systems along with a software update that makes the attack harder but not impossible to execute.
Thanks to the widespread shift to remote and hybrid working witnessed over the past couple of years, Zoom has become an essential communications tool for many organizations. Patrick Wardle, a security researcher, said during a talk at Def Con that attackers could gain the highest level of access to the operating system, including system files and sensitive user documents. An attacker can gain privileges by running any program through the update function in the background with elevated privileges. The issue was fixed in an update released over the weekend.
At Black Hat, Victor Zhora spoke to attendees about the state of cyberwarfare in the country. Zhora, who is the deputy chairman of the State Service of Special Communications and Information Protection, said that cyber incidents in the country have tripled since Russia invaded in February.
The U.S. Department of State made a surprise appearance and announced a $10 million reward for information that leads to the identification and location of five alleged members of the notorious Russia-backed Conti gang. This is the first time the U.S. government has publicly identified a Conti operator, and the reward is part of the State Department's rewards for justice program.
The U.S. Government reveals the face of a Conti associate for the first time! We’re trying to put a name with the face!
To the guy in the photo: Imagine how many cool hats you could buy with $10 million dollars!
Write to us via our Tor-based tip line: https://t.co/WvkI416g4W pic.twitter.com/28BgYXYRy2
— Rewards for Justice (@RFJ_USA) August 11, 2022
Concerns have been raised that period and ovulation- tracking apps could be used to prosecute people who seek an abortion or medical care for a miscarry. A prototype period- tracking app that claims to give users complete control of their private information was showcased by Virtru. The data owner will be notified if any third party attempts to access their data with the help of SecureCycle, built by a team of Virtru employees in three days during a recent company Hackathon.
New use cases for 5G networks include automated cars, more intelligent healthcare, and smart sensor networks. Altaf Shaik is a researcher at the Technical University of Berlin. Shaik and Shinjo Park looked at the APIs offered by 10 mobile carriers that make the Internet of Things data accessible to developers and found a lot of vulnerabilities. Shaik said that the flaws could be used to reveal the identity of the person who bought the card.
You can read more on the website.