Euro Security Watch with Mathew J. Schwartz

Black Hat Europe: 5 Takeaways Hacking Via Drone, Raspberry Pi Attacks Dominate Event

Information security is hot in Europe. To wit: The Black Hat Europe conference in Amsterdam broke attendance records. While 800 people were projected to attend, total attendance topped 1,000, which is double the audience seen last year.

See Also: Unlocking Software Innovation with Secure Data as a Service

Furthermore, half of the conference attendees - who came from 68 countries - attended Black Hat for the first time, conference founder Jeff Moss said in this year's conference-kickoff speech.

Black Hat Europe has one overriding rule: Never, ever use the Wi-Fi 

Once again, this year's event featured an assortment of updates on the very latest hacking threats, including:

Here are more highlights and takeaways from this year's well-attended gathering:

Less scruff: While the increased attendance figures resulted in a notable buzz across briefing halls and public spaces, it also meant the conference outgrew the Grand Hotel Krasnapolsky, where it's been held in recent years. The centrally located Krasnapolsky, which also bordered the city's notorious red-light district, provided Old World charm - read: well-worn décor - befitting a conclave of European hackers. But this year, the conference was forced to decamp to south of the city center, taking up residence in the massive, modern Amsterdam RAI complex. For good or bad, that gave the proceedings a more grown-up feel: less scruff, but with great airport public-transport links.

Watch the Wi-Fi: Like "Fight Club," Black Hat Europe has one overriding rule, although you can talk about it: Never, ever use the Wi-Fi. Because no matter how great your hacker mojo, odds are you're going to get owned by a hotspot vulnerability you never saw coming, unless you've attended the related 3 p.m. briefing.

Beware Bluetooth: While Black Hat lacks Defcon's renowned Wall of Sheep - which lists the passwords of anyone who's been silly enough to use the Wi-Fi - events took a decidedly more modern turn this year, with Symantec security researcher Candid Wüeest surreptitiously cataloging all devices that were using Bluetooth low energy, or BTLE. Luckily for attendees, however, Wüeest's goals centered on researching wearable-computing devices and privacy.

Get Fit: Out of a conference of 1,000 people, on the first day of Black Hat, Wüeest tells me he saw 203 active BTLE devices, many of which he believes were beacons. Perhaps surprisingly for a crowd that often prides itself on its consumption of Club-Mate - a caffeinated, carbonated, mate-extract beverage - Wüeest even found 21 fitness wearables, including 7 Fitbit Flex, 4 Jawbone UP24, 3 Fitbit One, and 2 Nike devices. But he does admit that at least one of the wearables was being worn not by an attendee, but rather by an Amsterdam RAI staff member he had to trail for several minutes, to record usable data.

Wüeest also saw 10 Nokia phones, as well as 11 BlackBerry devices. "So they are still popular," he tells me - or at least as popular as wearable fitness devices at a hacking convention.

Make Mine "Raspberry Pi": Forget MiFi routers, SOHO devices or Shodan-enabled hacks. While those have been hot topics at previous Black Hat Europe conferences, the autumn 2014 de rigueur hacker accessory is, without a doubt, Raspberry Pi. For those not in the know, that's a credit-card-sized computer that packs as much punch as a desktop CPU from just four or five years ago, while only costing about $60 for a well-equipped model with case.

Examples of innovative Raspberry Pi use abounded:

  • Alexey Osipov and fellow penetration-testing expert Olga Kochetova using theirs to hack ATMs without using malware;
  • Symantec's Wüeest employing several, plus Bluetooth dongles, for sniffing data from fitness wearables;
  • Endrun creators Brendan O'Connor and Grant Dobbe, perhaps achieving maximum hacker cred, not only using theirs as nodes in a disruption-tolerant network they created, but packaging them in a bright-orange case, custom-made by O'Connor using a 3D printer.

Top that, Black Hat Europe 2015.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network