Contactless cards, mobile comms, and car hacking catch the eye during London hacker fest
If there was still any semblance of doubt, security researchers proved once again that anything based on a computer can and will be hacked during the Black Hat Europe conference this week.
First contact
Leigh-Anne Galloway and her research colleague Tim Yunusov, both of Positive Technologies, opened the show with a bang by demonstrating for the first time how to bypass the £30 ($39) limit for contactless payments in the UK.
The hack was one of three vulnerabilities demonstrated by the pair that collectively offered evidence that contactless is less secure than Chip and PIN as a payment authorization technology.
Visa, which sees no need to develop a fix, maintains that the threat vector demonstrated by the two researchers is not something that could be harnessed to conduct fraud.
“Research tests may be reasonable to simulate, but these types of schemes have proved to be impractical for fraudsters to employ in the real world," Visa told The Daily Swig.
Contactless card payment security was thrown into doubt at Black Hat Europe
Get rich quick
Mobile networks are often an area of interesting exploits and hacks. Karsten Nohl and Luca Melette, both of Security Research Labs, discussed how the integration of technologies (ranging from SIP to WiFi, IPSec, and web technologies) is opening up new security shortcomings.
The duo’s presentation focused on how the rollout of the Rich Communication Services (RCS) standard as a next-generation replacement for SMS is creating the opportunity to run all sorts of attacks, from SMS intercept and caller ID spoofing to the possibility of creating cut-rate IMSI catchers.
The problems arise as a result of flawed implementations of the technology, which has already been rolled out by at least 100 carriers.
This technology is already deployed, and it’s already broken, Luca Melette warned Black Hat Europe attendees, adding that problems from the 1990s have effectively being reintroduced.
Rich Communication Services (RCS) may be introducing a fresh set of security risks
Are you being served?
Tal Melamed’s presentation on serverless technology offered a warning of how poorly written cloud-hosted apps opened the door to injection attacks.
During his talk, Melamed demonstrated injection attacks through multiple vectors, including Amazon’s Alexa.
Easy as U.S.B.
The security risks posed by USB devices were illustrated by security researcher Luca Bongiorni's development of a 2G, SIM-enabled hacking tool capable of turning gadgets like USB-powered fans against their owners.
The tool – WHID Elite – effectively “weaponizes” gadgets, Bongiorni told The Daily Swig.
DroneSploit lands in London
WHID Elite was presented during a Black Hat Arsenal session, a venue that also acted as a showcase for a new tool that offers a Metasploit-like framework for hacking into drones.
DroneSploit – a work in progress from developers Alexandre D’Hondt and Yannick Pasquazzo – works only on WiFi-controlled drones and bundles a set of modules (based on Aircrack-NG) that allows users to hack into poorly configured ones.
DroneSploit currently supports modules for the C-me and Flitt drones (Hobbico). Support from drones made by Parrot and DJI are in development.
Alexandre D’Hondt and Yannick Pasquazzo presented the DroneSploit framework at Black Hat Europe
The need for speed
Back on the ground, Stanislas Lejay showed how he was able to circumvent the speed limiters on his 22-year-old car through a combination of reverse engineering and faking the VSS signal.
Regulations in Japan require manufacturers to add a speed limiter to their cars, but the hack allowed Lejay to remove this restriction on a sports car he bought when he moved to Japan around 18 months ago.
The hack was carried out for educational purposes. Testing has been done legally on racetracks and closed roads only, Lejay emphasized during his talk.
Auto-pirates
Straight after this presentation came a talk offering a ‘Car-in-a-Box’ hacking rig demonstration by Daniel Cuthbert and Ian Tabor, a security researcher who runs car hacking villages at many security conferences.
This talk offered a hands-on, safe environment for attendees to tinker with the demo model and not worry about turning their own car into a brick.
Modern cars have become, in effect, a computer network on wheels
Cuthbert warned that car hacking is difficult, both because of the lack of documentation and because it’s easy to break things, something that (at best) is likely to get you into trouble with your local car dealer.
Top advice offered by the knowledgeable duo – who jokingly referred to themselves as the ‘Dirty Blonde’ and the ‘Mad Scientist’ – included don’t fuzz airbags: They are explosive devices and you can break your teeth, or worse.
Be careful in general when you hack any element of a car, Cuthbert warned.
