On the Lookout: New Hacker Threats

What happens in Vegas, stays in Vegas...except when it comes to Black Hat, arguably the world’s most important annual hacking conference. This renowned - and sometimes infamous - hacker con is scheduled to kick off July 31- and it’s an event that every consumer should pay attention to.

So why should you care about a hacker con? This event is where the top new threats to our smartphones and other devices are often first revealed. In many ways, Black Hat sets the course for what hackers around the world will be doing for the next 12 months.

This year’s Black Hat is especially interesting, because it marks an important shift in the hacker community as more attention is being paid to electronic devices not typically thought of as hackable. As manufacturers add Internet connectivity into more ‘things’ - from cars to appliances, TVs, pacemakers, etc. - these objects become vulnerable to cyber attacks.

Here are the top seven hacks coming out at Black Hat that consumers need to know about - some of them can be prevented, but others can’t:

1. HTTPS is in Trouble. If we were to rank the most important things that ever happened to the web, SSL/TLS would certainly be in the top three. What is it? It’s an online security feature - the ‘s’ in HTTPS - that makes it possible to safely log into a bank account, make a purchase or just travel the web without letting other people spy on you.

The problem, however, is that flaws have been discovered in SSL/TLS that could allow a hacker to circumvent this security setting - and steal your information. At this year’s Black Hat, hackers will be showing how to steal a user’s login credentials from a ‘protected‘ HTTPS site - and another talk will show how to retrieve this information from a device.

What can you do?: Don’t rely solely on HTTPS to keep you safe. Avoid logging into bank accounts or entering credit/debit card information when using a public WiFi network. Also, make sure to thoroughly wipe any device that’s ever used your login credentials (computer, laptop, phone, tablet) before you discard it.

2. Cell Tower Spoofing. Can you hear me now? Actually, the real question should be, who’s doing the listening? Hackers at Black Hat will reveal a frightening attack on cell phones - by using a modified CDMA femtocell (which anyone can buy, by the way), hackers can trick your phone into connecting to them instead of the cell phone tower, eavesdrop on everything (phone calls, text messages, web sites visited, etc.) and even clone your phone! This is similar to what hackers now do with a WiFi network, where they trick you into thinking their WiFi hotspot is a legitimate one.

This is an alarming vulnerability that should concern anyone who owns a CDMA smartphone (Verizon, Sprint, US Cellular, Alltel, etc.).

What can you do?: If you own a CDMA phone, you should really think about adding a VPN (virtual private network) that will encrypt everything you do on the phone.

3. When Your TV Watches You. Smart TVs are the latest trend in entertainment - with new models available from Samsung, Sony and LG, plus upcoming models from Apple and Google. However, connecting TVs to the Internet and giving them an operating system, plus features like webcams and mics, also comes with new risks.

Hackers at Black Hat will be showing how to break into smart TVs to spy on users through the webcam, monitor what you’re doing, even scam you through a TVshing attack (TV phishing).

What can you do?: Right now this is a low-risk threat, but as more homes add smart TVs to the living room it may be something to plan for. Unplugging the TV when not in use, or covering the camera, are some basic precautions that could help.

4. Hijacking Appliances. Another gadget that’s getting ‘smarter’ is the home appliance. WiFi-connected refrigerators, dishwashers, washers/dryers or thermostats will become more common over the years. But they’re also more vulnerable.

Researchers at Black Hat are showing off new ways to remotely eavesdrop and interfere with smart appliances and networked home electronics - which could have serious implications for home security.

What can you do?: Nothing.

5 Remote Controlling Cars. Manufacturers are increasingly adding new features to automotive computers (ECUs) to expand entertainment offerings and safety controls. But the ECU could also let a hacker gain control of certain automotive functions.

A well-known security researcher will be showing how to hack the ECU to affect a car’s breaking and steering at Black Hat’s sister conference, DefCon.

What can you do?: Nothing.

6. SpyPhone. Security pros have long worried about the danger of mobile apps - specifically, their ability to sneak viruses and malware onto your phone.

A researcher at Black Hat this year will be showing how infected apps can turn your phone into a full-blown surveillance tool - monitoring you via video and mic, as well as intercepting all of your calls, texts, emails and other activity.

What can you do?: Don’t download apps from third-party websites. Stick to well-known apps that have been around for a while. Limit the total number of apps you download. Check the permissions before approving them (i.e., why does a game need to access my contacts?).

7. Hacking the Human Body. Implantable medical devices - including pacemakers, defibrillitors, insulin pumps, etc. - now come with wireless connections but only rudimentary security.

Hackers say the devices can be remotely controlled to harm or kill the patient

What can you do?: Nothing.

Jason Glassberg, co-founder of Casaba, LLC provides cybersecurity consulting to Fortune 50s, banks, energy firms and government agencies.  The company’s areas of expertise include penetration testing, threat modeling, reverse engineering, malware analysis and software security. Casaba is part of Microsoft’s SDL Pro Network.