At the 27th annual edition of DEF CON, the oldest running hacker convention in the world, thousands of cybersecurity enthusiasts, security professionals and hackers gathered in Las Vegas, Nevada, to get updated with the latest hacking trends and gain meaningful insights from their peers.
Introduced in 1993 by the famous hacker Jeff Moss aka ‘Dark Tangent,’ DEF CON has developed to become the epicenter of knowledge sharing in the hacking community.
DEF CON 27 began just after the conclusion of the Black Hat 2019 event and with four non-stop days of exciting contests, visionary talks, training workshops, and knowledgeable gatherings at signature spaces like the Cloud Village, Wireless village and others, left the hacking community with numerous reasons to be enthralled.
Major Highlights of DEF CON 27
DEF CON Electronic Badges
According to the tradition of DEF CON, this year also had something surprising in the closet for the badges. Created by Joe Grand, this year’s electronic badges featured a high-end microcontroller with a quartz face and an advanced magnetic induction chipset. Another interesting thing about the DEF CON badges this year was that all 30,000 of them were carved out of a unique gemstone. The participants had to complete a challenge in order to unlock the badges by either hacking the badge’s internal circuitry or getting close enough to a required number of other badges.
How Subscription Services Can Hack your Banking Details
In a presentation titled ‘Black Mirror: You Are Your Own Privacy Nightmare - The Hidden Threat of Paying for Subscription Services,’ cybersecurity expert Cat Murdock explained how she manipulated information gained from online subscription services like Netflix, Spotify and Apple Music to gain access to the bank accounts of customers and hack sensitive financial information.
According to Murdock, after massive data breaches like the Equifax and the Capital One data breach, hackers now have a detailed financial profile of a major chunk of the US population and they might exploit data from online subscription services and misuse it to gain access to bank accounts.
Hacking a Butt Plug
Apart from other major presentations on hacking, the one which surprised the most was hacking a “teledildonic buttplug”.
Over the past years, IoT has diversified a broad range of devices and eventually, it also found its way to the world of sexual pleasure. A hacker named ‘smea’ managed to exploit the Lovesense Hush buttplug, world’s first IoT device of its kind, and its associated software to illustrate how hackers could remotely play with other people’s sexual interactions.
The whole idea may seem funny at first, but the hacker somehow highlighted the serious implications the sex toy industry could face if attackers are able to compromise such devices and manipulate the social software attached to them.
How a Charging Cable Could Hack your iPhone?
In another DEF CON demonstration, a hacker who goes by the name ‘MG’ demonstrated how he could utilize an iPhone charging cable to gain remote access to the PC it is connected to. By infecting a third-party iPhone cable with a Wi-Fi implant, the hacker was able to perform cross-platform attacks without relying on conventional methods. According to MG, we now have modified hardware which might go unnoticed for a long time and may still put our devices at risk.
DEF CON Villages: New Villages Added
One might wonder why DEF CON, being a mega hacking event, uses a concept like DEF CON Villages. The idea behind these villages is that each one of them has its own schedule of talks, contests, and workshops that are specifically associated with the theme of the village.
DEF CON 27 had 30 such villages and several new ones like the Cloud Village, AppSec Village, and Ham Radio Village were introduced for the first time. With elections nearby, the Voting Hacking Village was also bustling with hackers, but a few technical issues with the voting machines made matters a bit hazy for the hacking community. These customized villages not only allow hackers to interact with their peers but also dig deeper into their areas of interest.
DEF CON Workshops
Over three days, around 37 workshops were organized at the DEF CON with a sign-up fee of $25 for each workshop in order to manage the number of attendees. The workshops covered topics ranging from beginner level discussions on hacking to advanced topics like wireless exploitation. Some of the notable workshops were ‘Breaking and Pwning Docker Containers and Kubernetes Clusters’ by Madhu Akula, and ‘Rapid IoT Hacking 101’ by Arun Magesh.
Talks on Demos, Tools, and Exploits
Apart from the talks hosted in DEF CON villages, there were several other talks specific to hacking tools, demos, and exploits. A talk titled ‘Are Your Child’s Records at Risk? The Current State of School Infosec’ highlighted SQL injection vulnerabilities in educational content management systems. Another talk named ‘Sound Effects: Exploring Acoustic Cyber-weapons’ disclosed how attackers could physically or psychologically harm people through acoustic malware.
After concerns regarding foreign interference in the 2016 elections, DEF CON 27 was certainly a major event for many to witness how the voting process could possibly be hacked. The Voting Village at this year’s DEF CON had a huge assortment of voting equipment provided by the U.S. Defense Advanced Research Projects Agency (DARPA) to be tested by the hackers.
DEF CON Transparency Report
A summary of incidents like harassments, sexual assaults, and other complaints that happened during the convention was shared with the security community so as to encourage other similar conventions to share their own findings and use the information to organize safe and inclusive events.
At massive hacker cons like the DEF CON and the Black Hat, there is always something suitable for everyone interested in the information security and application security industry. It’s also a possibility that the ones attending it will expand their areas of interest and get to dive deeper into the world of cybersecurity.
And as these events wrapped up after an action-packed week in Las Vegas, it’s now time to share and execute the knowledge and insights gained with the security community and consequently move ahead on our journey to fortify our defense systems.