News

12:11 PM
Connect Directly
RSS
E-Mail
50%
50%

11 Security Sights Seen Only At Black Hat

Who says fun, sun, malware, and penetration testing don't mix? This year's Black Hat conference in Las Vegas offered information security training, hardware hacking, pool time, and more.
Previous
3 of 11
Next


When it comes to hardware hacking, Black Hat is on a roll. Last year, it was insulin pumps. This year, software engineer Cody Brocious demonstrated how he could hack certain types of hotel locks made by Onity, which claims about 50% of the hotel lock market share, with between 4 million and 10 million such locks in circulation.

As with most security hardware, such locks are expensive, designed to be infrequently replaced, and (in the case of the model hacked by Brocious) packaged with firmware that can't be updated. Brocious noted that it took him six to nine months to reverse-engineer the system. His initial goal was to build a better system, but when he quickly found a way to defeat the locks he scuttled his commercial initiative. "The vulnerability itself is very, very simple," he said. Using his exploit to unlock the locks isn't always reliable and still requires further refinement to overcome tricky data-communication timing issues, but it only requires $40 in parts.

Cody Brocious photograph by Mathew J. Schwartz.

RECOMMENDED READING:

Black Hat: 6 Lessons To Tighten Enterprise Security

Tired Of Security Problems? Change Rules Of Writing Code

HTML Access Control Busted By Security Researchers

Strike Back At Hackers? Get A Lawyer

5 Black Hat Security Lessons For CIOs

Internet Crime Focus Of Black Hat Europe

3 Big Security Themes At Black Hat Europe

Previous
3 of 11
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
8/2/2012 | 12:14:46 PM
re: 11 Security Sights Seen Only At Black Hat
The whole conference looked like it was a blast to attend and learn some state of the art defensive techniques. I have to make it to one of these I would love to sit through most of these speakers that attend. I have heard many different opinions in what the key theme was at the Black Hat conference, did anyone attend? What was in your opinion the theme of the conference that you viewed?

Paul Sprague
InformationWeek Contributor
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed