Last week, thousands of hackers, security professionals and infosec enthusiasts gathered at the Black Hat and DEF CON security conferences in Las Vegas. Each year, the top minds in security flock to these shows to share new research, vulnerability discoveries and hacking presentations that give the world insight into the types of threat trends and attacks we’ll need to be prepared to defend against in the not-too-distant future.
If you didn’t attend the conferences this year, fear not; WatchGuard CTO Corey Nachreiner has you covered! In his latest column on GeekWire, Corey breaks down the top three overall themes from Black Hat and DEF CON 2017, and what you can learn from each. Here’s a quick excerpt from the article:
“IoT insecurity was the biggest theme from this year’s DEF CON and Black Hat conferences. Researchers at both shows gave many talks about IoT security problems, or about hardware and software hacking techniques related to IoT.
For instance, at Black Hat, a pair of Chinese researchers talked about EvilSploit – A Universal Hardware Hacking Toolkit. When IoT researchers analyze hardware, one of their first tasks is dumping the hardware’s flash or firmware. Often, IoT devices might have unpopulated pads on its PCB offering UART or JTAG interfaces, which are used for debugging or the initial flashing. Hardware hackers often spend a lot of time manually figuring out unlabeled interfaces to learn their pinout and communication protocols. The EvilSploit researchers demonstrated a device and software that could automatically enumerate the pins of a device it connected to, making initial hardware reconnaissance of IoT targets much easier.”
For more on IoT vulnerabilities, and the other key topics covered at Black Hat and DEF CON 2017, read the full article on GeekWire. Fortune also highlighted Corey’s conference recap as food for thought in its daily news roundup “Data Sheet”. To learn about how DEF CON got its start, check out DEF CON Has Come a Long Way from Its Underground Roots here on Secplicity.
(Photo via Facebook / BlackHatEvents)