Back to Insights
Poulin: What I Hacked this Summer in Vegas
August 8, 2017 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty
Another July has come and gone, leaving the security community with a collective information hangover from Black Hat, DEF CON and BSidesLV. For the next few months, the 15,000 or so attendees will be busy trying to metabolize the broad range of exploits that were revealed, the defensive tactics and tools presented by peers and vendors, and the shared experiences in capture-the-flag (CTF) competitions and the hacking villages. Will it help make systems safer and protect data? Maybe in small measure, but that’s not really the point of our perennial practitioner parlays.
You’ll find plenty of blogs out there that list the author’s favorite sessions or the exploits that made them say, “Wow!” so I’m not going to detail my Top 10 talks here. In fact, when I’m in the middle of thousands of security professionals (mostly white hats, but many with a shade of gray and some indistinguishable from black), I tend to prefer the social interaction and opportunities to see technology willingly abused by some of the most talented hackers on the planet rather than the sessions themselves. You can always watch those later.
Still, it’s helpful to pay attention to what’s being presented to get a good sense of some of the general trends out there and what we should be concerned about. This year, I learned that hardware exploitation and IoT are continuing to rise in popularity. Some of the related talks from the various conferences included:
Another emerging concept is that researchers are beginning to think about abusing machine-learning applications:
A third trend is that the security community is really starting to take notice of blockchain and cryptocurrency:
Again, I’ll end up watching most of these over the next couple of months from the comfort of my own office chair because I prefer a more interactive and hands-on experience at the conferences. At DEF CON, that’s why I spend most of my time at the villages.
One of the new features this year was the Voting Village, where attendees had the opportunity to try to hack a variety of voting machines. As it turned out, it took a mere hour-and-a-half for attendees to compromise one of the machines, based on an unpatched install of Windows XP.
Other villages included the IoT Village, the ICS Village and the Car Hacking Village. And while most of the villages deal with hacking silicon, the Biohacking Village explores carbon-based machines: humans. The topics ranged from elective implants, such as RFID capsules and neodymium magnets, to drug therapies and brain training, to the legal aspects of biohacking.
The bottom line? Black Hat, DEF CON and BSidesLV offer plenty of opportunities to immerse yourself in hands-on activities and network with some of the most well-respected security professionals in the world. It’s also a great way to stay on top of the latest trends, which once again include IoT and machine learning, but also blockchain and cryptocurrency as well.
And one final pro tip (from experience this time around, unfortunately): Wash your hands constantly at these conferences so you don’t end up with pneumonia just before you board the plane! Trust me, it’s no fun.
Chris Poulin is Director of IoT Security and Threat Intel for Booz-Allen Hamilton's Strategic Initiatives Group, where he is responsible for building countermeasures for threats to the Internet of Things. He has a particular focus on connected vehicles, as well as researching and analyzing security trends in cybercrime, cyber warfare, corporate espionage, hacktivism, and emerging threats.
| Tools & Templates
IoT Security Checklists
RSA 2018: Where Does Infosec Go From Here?
| Faculty Reports
Balancing Risk and Reward in IoT Security
Set Optimal Policies for Securing NLP Devices