At the recent Black Hat security conference in Las Vegas, security professionals unveiled a host of new security threats facing corporate and personal technology. These were the scariest new attacks demonstrated:
1. Hotel room locks can be hacked
Security researcher Cody Brocious gave a talk in which he demonstrated a vulnerability in a common type of hotel door lock. The flaw could allow a determined hacker to open those doors with a device that cost Brocious $50 to build.
The vulnerable locks are made by Onity, and are used in more than four million hotel rooms around the world, Brocious said in his Black Hat presentation. On his website, Brocious posted a paper detailing the hotel lock hack.
2. Black Hat researcher hacks NFC chips in smartphones
One lesson commonly learned at Black Hat: New technology often creates new security vulnerabilities. This year, Near Field Communication (NFC) was in the security spotlight.
NFC, often used to support mobile payments, is becoming common in smartphones. Charlie Miller, from security firm Accuvant, demonstrated how to exploit those chips to steal data from a smartphone or take control of a handset.
Miller created a customized chip that can force nearby Android phones to visit a malicious website and download malware. He also showed how to use NFC to take complete control of a Nokia handset and force it to send text messages or make calls.
3. 75% of major banks infected with malware
Black Hat 2012 also featured some scary news related to older security attacks. For example, 18 of the 24 largest banks in the world suffer from an infection of Conficker, DNS Changer, BlackHole Exploit Kit, or other varieties of infamous and well-publicized malware, according to research presented at Black Hat by Lookingglass Cyber Solutions.
Many of the infections are blamed on the banks’ supply-chain partners, the company said. The banks themselves deal with malware infections relatively quickly, but those third parties are less diligent, according to the researchers.
4. Biometric iris scanners are vulnerable
As it becomes more clear that passwords don’t provide enough security in a lot of situations, may security professionals believe biometrics will be more common in systems with especially sensitive data. However, one Black Hat presentation showed that security is no guarantee even with biometric controls.
A research team from Universidad Autonoma de Madrid and West Virginia University presented a hack in which they stole data stored in an iris scanner’s database, and used it to create an image to trick the device into thinking it was scanning a real eye.
5. Researcher demonstrates attacks on new air traffic control system
In another Black Hat presentation, Andrei Costin, a graduate student at French security institute Eurecom, demonstrated attacks that are so new, the system they target isn’t even being used yet.
Costin highlighted several vulnerabilities in the Automatic Dependent Surveillance-Broadcast (ADS-B) system, which will be installed to replace the current air traffic control system by 2020. Those attacks could be used to access information about planes in flight — including Air Force One — or to flood the system with data about fake airplanes.