News details

Read the full story here

DEF CON Stories and Lessons Learned

While two main stories have dominated the news about the 2017 DEF CON hacker’s convention—the voting machine hacks and the arrest of the cybersecurity expert who stopped the WannaCry malware, there were other scary things at the annual conference, too.

So, briefly and before we get to those two stories, here are some other hacks that took place at the Vegas conference.

One guy hacked into a “smart gun” with a $15 magnet that was supposedly locked from firing, and fired it.

Hacking refrigerators and cars: Any network is a two-way street, whether it is a WIFI network, a cell network, a corporate computer network, or etc. That means that if, say, your refrigerator (a part of the Internet of Things, or IoT) and your computer are both hooked up to your home WIFI, a hacker could access your computer if he could hack into your refrigerator.

At DEF CON, masses of hackers got into all kinds of parts of the IoT, which was a point of emphasis for the conference. One group of hackers dropped zero-day exploits into more than 20 IoT-connected devices. Another group found dozens of home WIFI vulnerabilities in one cable box alone, some of which could allow control of other devices. DEF CON’s sister conference, Black Hat, also had IoT exploit presentations, including an IoT hardware hacking toolkit and a way to exploit smart building protocols to take over a building (Die Hard, anyone?).

Next, cars. Following several successful car hackings starting in 2015, a Chinese group hacked a Tesla to access the brakes (while the car was driving), doors and lights. The result was actually hilarious—take the three minutes to watch:

More serious, and out of the range of this company, a large area was set up that was filled with various kinds of voting machines, and participants were invited to try to hack into them. And they did. Easily, quickly, and, for in many instances, without leaving a trace. Hackers even “rickrolled” a voting machine as the conferences first voting machine hack, making it play “Never Gonna Give You Up” by Rick Astley. The machines were not password-protected, and were easily hacked by multiple people either physically or via WIFI. If you haven’t read anything on this, you should.

As the conference was coming to a close, federal agents swooped in and arrested one Marcus Hutchins, a British citizen and employee of a British cybersecurity firm. Hutchins was the person who identified a weakness in the WannaCry virus and stopped the attack. Hutchins was arrested for, according to federal officers, creating a virus called Kronos that targeted banks. He pled not guilty and is out on bond and facing arraignment in Wisconsin.

This is a very complex case. Hutchins apparently admitted creating at least some of the code for Kronos as an experiment, but he is saying that it was misused and turned into bank hijacking software without his knowledge or participation—something he tweeted about in 2015. Definitely a case to follow.