![]() ![]() “If you think you want to go out and take down a threat yourself but you’re like, ‘I don’t know if that would be legal,” we can make it legal for you to do that. And Grasso made a plea for further assistance. In the case of Avalanche, numerous third parties including the Shadowserver Foundation and the German application research firm Fraunhofer contributed to the investigation. In addition to the necessity of law enforcement collaboration, the private sector also contributes to the FBI’s cyber crime work, offering everything from threat intelligence to technical help. Grasso particularly emphasized the crucial role of international cooperation in the operation. The initiative involved sinkholing more than 800,000 malicious domains, Grasso said, and in January 2016 when Avalanche administrators moved one of their private domain registration servers from Moldova to the US, officials got a search warrant and ultimately accessed administrator email addresses and a list of more than 200 clients. It took four years of work to eliminate the sophisticated online criminal infrastructure known as "Avalanche." The platform could act as a botnet, and was also used to power malware distribution, launch phishing attacks, and move stolen money. On Wednesday, FBI Cyber Division Unit Chief Tom Grasso gave a Black Hat audience details of the December Avalanche takedown orchestrated by a group of international law enforcement agencies. But they argue those demos nonetheless prove their attack works, and could be made more powerful with larger, more expensive sonic equipment. But the hackers, who work for Chinese e-commerce firm Alibaba, didn't exactly carry out all those dramatic attacks They tested their drone hacking technique on a non-moving drone with its rotors removed for safety, and had to install the sonic emitter inside the hoverboard's case to make that attack work. By merely firing resonant sound waves at exactly the right frequency at those devices, the hackers say they could cause the hoverboard to tip, making the image inside the Oculus shake nauseatingly, and potentially knock a drone out of the sky. With nothing but soundwaves emitted from a small "gun" device they created, they were able to vibrate the MEMS sensors that function as accelerometers and gyroscopes that stabilize everything from quadcopter drones to hoverboards to the image inside an Oculus Rift headset. One group of hackers has modernized the old party trick of the woman singing a high pitched note at the perfect frequency to break a wine glass. ![]() Sonic Gun Attack Can Glitch Oculus Headsets or Hoverboards But others demonstrated a cheap and easy way to ferret out zero-days from IoT devices, so it evens out. Some researchers are open-sourcing a tool that might help fix the SS7 vulnerability that has plagued cell networks for years. They also stopped some highly sophisticated malware, likely from a cyberarms dearly, that impacted a handful of high-value targets. After months of trying, Google finally patched the tricky Cloak & Dagger attack that threatened Android users, and still does if you're not on Android O, which, uh, no one is yet. Netflix managed to DDoS itself, but on purpose, and to help other services defend against the same obscure (for now) attack. Yes, billion.Īt least some people are doing it right. And a bug in a Broadcom chip that lives inside every iPhone and lots of Android devices ended up exposing a billion or so smartphones to Wi-Fi attacks. Entire wind farms can be shut down or hijacked with some lock picking tools and a proof-of-concept worm. Radioactivity sensors are easy to hack and not likely to get fixed. Also not so secure? Some of the popular tools hackers use to control other people's systems, which turn out to be riddled with vulnerabilities themselves. Similarly, a popular safe turned out to be anything but against a homemade robot safecracker. Here's a collection of some of our favorite talks from this week's Black Hat conference, including some we didn't get the chance to cover in depth.īefore the week even began, we took a look at how $15 worth of magnets could overcome a "smart" gun's protections, turning it into just a regular ol' gun. ![]() As they do every year, hackers descended on Las Vegas this week to show off the many ways they can decimate the internet's security systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |