Decrypted: Hackers show off their exploits as Black Hat goes virtual
Every year hackers descend on Las Vegas in the sweltering August heat to break ground on security research and the most innovative hacks. This year was no different, even if it was virtual.
To name a few: Hackers tricked an ATM to spit out cash. A duo of security researchers figured out a way to detect the latest cell site simulators. Car researchers successfully hacked into a Mercedes-Benz. A Windows bug some two decades old can be used to plant malware. Cryptocurrency exchanges were extremely vulnerable to hackers for a time. Internet satellites are more insecure than we thought and their data streams can contain sensitive, unencrypted data. Two security researchers lived to tell the tale after they were arrested for an entirely legal physical penetration test. And, a former NSA hacker revealed how to plant malware on a Mac using a booby-trapped Word document.
But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year.
Here’s more from the week.
THE BIG PICTURE
A major voting machine maker is finally opening up to hackers
The relationship between hackers and election machine manufacturers has been nothing short of fraught. No company wants to see their products torn apart for weaknesses that could be exploited by foreign spies. But one company, once resistant to the security community, has started to show signs of compromise.
Election equipment maker ES&S is opening up its voting machines to hackers — willingly — under a new vulnerability disclosure program. That will see the company embrace hackers for the first time, recognizing that hackers have knowledge, insight and experience — rather than pushing them away and ignoring the problems altogether. Or, as the company’s security chief told Wired: “Hackers gonna hack, researchers gonna research.”