Five key takeaways from Black Hat Asia 2016Author : AZIndia News Desk
Mumbai, Apr 4(AZINS) Here is what we learned at Asia's biggest computer security conference Black Hat Asia 2016 in Singapore:
Disincentivising Hacking
At Dino Dai Zovi's talk, he explained how hacking like any other human action, it requires a motive. If the reasons why hackers are attacking a particular target are well understood, deincentivising an attack could have a very profound impact. Viewing attack and defense strategies from the lens of economics could often be benificial. While the traditional approach is to try and raise the cost for the attacker as much as possible so as to make attacks as difficult as possible, the approach also results in high costs for the defender and scaling problems. You could instead focus on a more scalable approach that reduces the reward from a successful attack.
Enterprise iOS apps open new attack vectors
One of the most important aspects of iOS's security policy is that the App store acts as a gatekeeper for all code on devices running iOS. The Apple Developer Enterprise Program is however an exception to that policy. It allows enterprises to ignore this validation process and create their own apps for iOS devices which they can directly deploy to the devices. The certificates owned by enterprises can be easily misused to create malicious apps for use by anybody from state actors to cybercriminals.
Google reCAPTCHA has been broken
Security researchers Iasonas Polakis and Suphannee Sivakorn have managed to perform a low-cost attack using deep learning technology that could solve over 70% of all image reCAPTCHA challenges taking under twenty seconds per challenge. The same attack could achieve an accuracy of over 83% when used to solve the Facebook image captcha.
Knowing what IoT devices are out there is important
The Internet of Things is the new buzzword in the tech world and the number of IoT devices and their adoption is widely increasing. This poses a unique threat in terms of security because all of these devices are unique and run on unique software. It is not like mobile where the ecosystem is mainly divided between iOS, Android, Windows and Blackberry. We are far away from knowing the threats that will emerge from this new ecosystem because we haven't even analysed what are the different types of devices out there and what kind of software and wireless technology they utilize.
Car hacking is more accessible now
Controller Area Network (CAN) is the most widely used protocol for networking in automobiles. If an attacker can gain access to CAN, it will give him or her the ability to change system operation, perform diagonstics and disable the system. Security research or criminal activity in this field was a lot more expensive before but thanks to CANtact, an open source hardware CAN bus tool.Controller Area Network (CAN) is the most widely used protocol for networking in automobiles. If an attacker can gain access to CAN, it will give him or her the ability to change system operation, perform diagonstics and disable the system. Security research or criminal activity in this field was a lot more expensive before but thanks to CANtact, an open source hardware CAN bus tool by Eric Evanchick that costs 60 US Dollars, there is a lot more research going into making safer cars.