30 December 2011

2011's 'Coolest Hacks' Uncovered

The Black Hat USA and the Def Con 19 that were both held this year in Las Vegas  saw a number of hackers demonstrating their skills in ways that captured people’s attention.

Dark Reading (an information portal that focuses on IT security) has compiled an annual list of the “coolest hacks” for the consecutive fifth year now, and top seven hacks that made the list range from being educational, to terrifying.

 Starting a car remotely via SMS: Don Bailey, a security researcher, showed off his simple discovery that took him 2 hours to disarm a car alarm system remotely. He then controlled it by means of GSM and other mobile-connected devices. All he had to do was to disable the car alarm system which docks on cellular networks and receives directions from control servers, and reverse-engineer the physical security system that is a part of the GSM and cellular network.

Shutting down a whole power plant: NSS labs security researcher Dillon Beresford demonstrated at Black Hat USA, the fragility of power systems run by computers. SCADA (Supervisory Control and Data Acquisition) systems are usually used in industrial control systems, which comprise of a computer with a keyboard, PLC, communication infrastructure and processors. Although not an expert in SCADA systems, he was able to penetrate and reprogram Siemens PLCs so that they gave him access to their passwords. He was further able to shut down the systems, or cause them to crash. The demonstration was considered alarming mainly because these systems run vital infrastructure such as power plants.

Minor hacker sets back time:  “CyFi”, a 10 year old hacker, got bored with her favorite mobile game, and so tried to figure a way around the level settings that would let her advance in the game, i.e. to turn time forward on the device. The result almost stole the show at the DefCon Kids conference held this year in August. Cyfi discovered a way to restart the clock on the free trial of the mobile game, which worked on a number of other games (including some online games) and other OS’s as well.

Hack-able insulin pumps:  Jerome Radcliffe, SCADA security expert Jerome Radcliffe who is also diabetic, found out that his CGM (Continuous Glucose Monitor) device could be hacked, when he tried to do so out of curiosity. His device (and four others from Medtronic) just chirped feebly, and gave in to his attack, and the attempt worked on insulin pumps as well. Not only could he switch off the devices remotely, but he could also alter the dosage of insulin administered via GSM.

Barnaby Jack, a security researcher with McAfee, showed at the Hacker Halted conference (later this year), how to administer a similar attack that he said could administer a deadly dose of insulin using Medtronic’s insulin pumps. All he needed was an antenna, and some software.

DIY Google Hack: Diggity is a collective of tools that Fran Brown and Rob Ragan, researchers for Stach & Liu, built, to speed up the detection of bugs in security by means of Google or Bing searches. The aim of these tools is to let enterprises find those vulnerabilities in their servers (such as SQL injection, cross-site scripting, etc.) before hackers do. However, search engine hacking could be made a lot more easier if the tool worked the other way around which is why the tools now alert Google or MSN in case a vulnerability is found. This gives them time to halt index the attack while a fix for the bug is found offline.

 What if laptop batteries turned against you?  Veteran security researcher Charlie Miller demonstrated at the Black Hat USA, that most laptop manufacturing companies(including Apple),didn’t change passwords that permitted them to update the laptop component's firmware of the smart battery system. Apple batteries, in particular, make the system hackable via the two fixed passwords (one default and another identifiable) in the battery system. According to Miller’s theory, a malware could survive a clean install of a system by hiding in the battery.

 Flying hackers: Mike Tassey and Richard Perkins who are both researchers, bought a radio-controlled a model airplane, fixed a mini computer to it with 4G connectivity, and the final product contained  GPS (Global positioning system),wireless antennae, remote network detection tools, and a Backtrack penetration testing toolkit. This hacking “drone”, or Wireless Aerial Surveillance Platform (WASP) as they called it, could detect wireless networks, intercept cell phone calls, and conduct video surveillance. A station from the ground controlled the navigation of the plane using Google Earth and some autopilot software. What is not clear, though is how to protect oneself from such an attack.