Hackers reveal their cybersecurity secrets at Black Hat summit

Heavy metal and hackers – it’s a pair only Sin City could bring together.

At the 19th annual Black Hat conference, an expected 11,000 hackers from 108 countries are trying to solve the cybersecurity problems of the future, reports CBS News correspondent Mireya Villarreal.

“Hackers come here to show off some of their craziest hacks, but they’re doing it to really raise awareness of how vulnerable these systems could be,” said CNET reporter Laura Hautala.

In this world, hackers Charlie Miller and Chris Valasek are rock stars.

“We are the good guys,” Valasek said. “I mean the bad guys don’t tell you what they’re doing.”

The pair stole the show last year with a demonstration on how they remotely hacked a jeep’s in-car computer system through the internet. Their stunt forced Fiat Chrysler to recall 1.4 million vehicles. This year, they’re raising the stakes.

Videos show how they connected their laptop directly to the jeep’s computer system. They were able to quickly turn the steering wheel from their laptop in the back seat, causing the SUV to swerve across the road and crash into a ditch. How?

“We tricked the car into thinking that we were the computer telling it to steer,” Valasek said. “Without us doing what we do, no one knows about these issues.”

Another potential target for hackers is that chip on your new credit or debit card. It’s supposed to be more secure than swiping, but Tod Beardsley showed how small devices could steal your account information and send it over the internet to a rigged-up ATM, waiting to withdraw your money. It all happens during those endless seconds while you’re waiting for your chip card to be read.

“This whole thing takes less than a minute. It’s that window that allows attackers to kind of beam it… over the internet, to a device such as this,” Beardsley said, holding up the small device.

Conference goers say we live in a world where this so-called “hack work” has become increasingly important, as more personal information is finding its way online and possibly into the wrong hands.

“There are huge steps being taken forward, but if everything goes perfectly, I still don’t think our information will be perfectly safe,” Hautala said.

The car hackers said you should avoid installing devices that allow insurance companies to track your driving habits, since those devices could give hackers access to your car’s computer.

In a statement to CBS News, Fiat Chrysler told CBS News:

“Charlie Miller and Chris Valasek recently shared a draft copy of their 2016 automotive cybersecurity paper with FCA US LLC. Based on the material provided, while we admire their creativity, it appears that the researchers have not identified any new remote way to compromise a 2014 Jeep Cherokee or other FCA US vehicles. … Under no circumstances does FCA US condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or enable individuals to gain unauthorized and unlawful access to vehicle systems. The Company continues to caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety. Further, in the interest of public safety, FCA US launched a bug bounty program through Bugcrowd, to provide a forum for all cybersecurity researchers to responsibly disclose vulnerabilities to the Company and provide financial reward for such disclosure.”

Source:http://www.cbsnews.com/news/hackers-reveal-their-cybersecurity-secrets-at-black-hat-summit/

. . . . . . . .

Leave a Reply