Black Hat news roundup

July 29, 2012

UPDATE 7/30: NSA Boss Wants More Control Over the ‘NetTechnology Review

The U.S. Internet’s infrastructure needs to be redesigned to allow the NSA to know instantly when overseas hackers might be attacking public or private infrastructure and computer networks,  said NSA Director General Keith Alexander.

News reports from the annual Black Hat computer security conference, July 21–26 in Las Vegas:

Mass Router Infection Possible: Black Hat — Information Week

Routers, switches, printers, firewalls, and other network-attached hardware can be automatically targeted via the Internet and brought under attackers’ control, with no user interaction, because of modern browsers’ support for HTML5, which allows developers to create complex JavaScript applications that run in the browser.

From Black Hat: Hackers Demonstrate a Rising Vulnerability of Smartphones — New York Times Bits

Charlie Miller, a security researcher at Accuvant and serial smartphone hacker, demonstrated how easy it is for hackers to exploit near-field communication technology to take control of devices remotely, hacking a Samsung Nexus S, a Galaxy Nexus and a Nokia N9. In each case, he was able to access photos, send texts, browse the Internet, and even make phone calls from the phones, without laying a finger on them.

The Frightening Things You Hear at a Black Hat Conference  — New York Times Bits

FLAME, security of hotel room locks and air traffic control compromised, online censorship, and an FBI statement that the public won’t comprehend the repercussions of a cyberattack until it affects something more tangible like their gas line or water supply.

Black Hat: Researcher pinpoints promising ways to attack Windows 8 — Network World

Windows 8 offers some promising opportunities for attackers, but overall is a much more secure operating system than its predecessor.

Red Flag On Biometrics: Iris Scanners Can Be Tricked — EFF

Javier Galbally revealed that it’s possible to spoof a biometric iris scanning system using synthetic images derived from real irises.