CyberWarfare / ExoWarfare

DEF CON 2020 Wrap-Up: Hacking Phones, Cars, and Satellites

see all DEFCON 2020 presentations: https://www.youtube.com/user/DEFCONConference/videos

Tens of researchers showcased their work last week at the DEF CON 28 Safe Mode (virtual) hacking conference 2020. They presented research on hacking phones, cars, satellite communications, traffic lights, smart home devices, printers, and popular software services, among many others.

Here is a summary of some of the most interesting presentations from DEF CON 2020 (there are many more!):

Hacking Samsung smartphones via Find My Mobile

A series of vulnerabilities affecting Samsung’s Find My Mobile could have been chained to track a phone, wipe it remotely and perform various other activities, according to cybersecurity company Char49. The flaws were patched by Samsung last year.

Vulnerabilities in Qualcomm chips expose over 1 billion devices to attacks

Check Point has identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks. At least one billion devices are believed to be affected and while Qualcomm has developed patches, it’s now up to OEMs to distribute them to end-users.

Vulnerabilities exposed thousands of HDL smart devices to remote attacks

Several vulnerabilities found by SentinelOne researchers in smart devices made by HDL could have been exploited to remotely hack thousands of impacted devices found in homes and buildings. The vendor released patches after being notified.

New techniques for bypassing biometric systems

Yamila Levalle from Dreamlab Technologies has demonstrated some new techniques for bypassing biometric systems, particularly fingerprint scanners, using 3D printing.

Zoom vulnerabilities allowed data theft and malware deployment

Zoom recently patched some vulnerabilities that could have been used by an attacker with access to a device to steal user data and execute malware. The researcher who discovered the flaws described his findings.

Analysis of a Boeing 747-400 from a hacker’s perspective

Researchers from Pen Test Partners presented the systems of a Boeing 747-400 airplane, focusing on systems that could be of interest to a hacker. They pointed out that some updates are still performed using floppy disks.

Hacking smart traffic light systems

Researchers at Netherlands-based applied security research company Zolder showed how they hacked a traffic light management system that is connected to a smartphone app. They talked about how a hacker could remotely control traffic lights. The affected product is used in over 10 municipalities in the Netherlands.

TLS 1.3 enables a new type of domain fronting

Domain fronting has been used to bypass internet censorship and monitoring, but it stopped being popular in 2018 when Google and AWS stopped supporting it. A researcher from SIXGEN says he has found a new form of domain fronting that leverages TLS 1.3.

Targeting satellite communications using home TV equipment

Researcher James Pavur demonstrated an attack on satellite broadband communications networks using $300-worth of home television equipment. He showed that he could intercept sensitive data transmitted on satellite links by some of the world’s largest organizations.

Hacking a Tesla’s battery management system

A researcher from Rapid7 described how he was able to hack a Tesla’s battery management system to obtain more power for the electric vehicle. While he bricked a car during his experiments, he ultimately did manage to make a car faster.

Hacking Spark clusters

A researcher from Qonto showed how an attacker could “pop a shell” on hundreds of Apache Spark nodes. Such an attack can result in a malicious actor gaining access to highly sensitive information belonging to a company.

Printer attacks

Researchers from SafeBreach found potentially serious vulnerabilities in the Windows Print Spooler service, the same service that was targeted by the notorious Stuxnet malware in attacks on Iran. A vulnerability in the Print Spooler service was also identified by researchers from Tencent Security Xuanwu Lab.

DEF CON 28 GOING VIRTUAL
The DEF CON Safe Mode badge is here! This year’s model is created by the inimitable LostboY, veteran DEF CON badge and Mystery Challenge creator. While the physical format may be unfamiliar to the youngest among you, seasoned players will recognize it as a ‘cassette tape’ – an analog recording format consisting of a ribbon of magnetic tape and a plastic housing to keep your dirty fingers away from said tape.

According to 1o57, “we had to produce something that was born out of the swirling storm all around us. As always puzzles, games, riddles and magic are a part of the process- and I hope that people work together, even as we sit in quarantines, isolation and such. The badge challenge is meant to be enjoyable focus, even if just for a moment.”
Get yourself one. In addition to the challenges hidden within, It’s full of music that will give you a warm DEF CON glow, just in time for the Main event August 6-9. Thanks to everyone for your support and love as we navigate this strange year together.

more: https://www.youtube.com/user/DEFCONConference/videos

Def Con: https://www.defcon.org/

from: https://www.securityweek.com/def-con-2020-wrap-hacking-phones-cars-and-satellites