As it happens every summer, hackers, security experts, and industry leaders will descend upon Las Vegas this week to show off their research and make all of us a little more nervous about digital security for the year. Hopefully, we'll be a little bit safer, too.
Each Black Hat begins with a major keynote speech that sets the tone for conference and is an opportunity for a noted individual to bring important issues to the security community's attention. This year, the keynote will be given by security researcher Dan Kaminsky. In 2008, he helped uncover a critical flaw in the DNS systems and identified how widespread the Sony Rootkit had become. His keynote is expected to touch on what was successful in the creation of the Internet, and how the security community can work to ensure that we still have an Internet in the future.
Based off what's available on the Black Hat website, it's likely that Kaminsky's speech will echo previous keynotes. We can expect calls for more widespread use of encryption to preserve the privacy of individuals, as well as an emphasis on the free and open architecture of the Internet.
Previous years have seen dramatic, headline-grabbing presentations. The now infamous Jeep hack, in which security researchers were able to exploit vulnerabilities in new vehicles in order to drive them off the road, was one of the biggest stories of 2015. Research from Runa Sandvik on a Linux-powered rifle gave the world pause over the dangers of so-called smart guns.
Mobile has also been a major part of Black Hat for the last few years, and has spurred security improvements that have likely affected you, dear reader. In 2015, Google's head of security discussed huge changes to how the company would handle Android security in response to the widespread StageFright vulnerability. Years ago, researchers showed the Mactans attack, which demonstrated how iPhones could be taken over completely when plugged into microcomputers disguised as public charging stations. In both of these cases, Google and Apple changed how security was addressed on their devices.
This year is a little different. There have been fewer stories breaking before the show, suggesting that presentations are either real doozies or quite the opposite. It may also be that Black Hat is moving away from dramatic research and focusing more on professional development. That might be the case, as more companies move on to the expo floor to peddle their wares, and several of the sessions are offering more specific training information. Perhaps we'll have to look more to Black Hat's sister conference, DefCon, for the hacking madness we've seen in the past.
But there are some exciting themes to look forward to at this year's Black Hat. Social engineering, the art of tricking people into giving away their information without resorting to exotic attacks, is a perennial theme. In 2016, we see sessions on how dangerous it can be to plug in random USB drives you find on the ground and identifying phone scammers based on their speech. These might seem like simple sessions, but social engineering is proving to be an increasingly lucrative attack for scammers.
Several sessions will focus on other practical concerns, like payment systems and ATMs. As EMV chips and ATM skimmers become more common, new ATM machines are starting to appear at banks and on the streets. New research will examine how safe these machines really are. Another session looks at Samsung Pay, which is unique because it offers the security advantages of Android Pay or Apple Pay, but with a special mechanism for making purchases on point-of-sale machines that only support magswipe cards.
Another area of research sure to be interesting is the Internet of Things. Researchers have warned for years that everything from VoIP phones and smart fridges to Bluetooth lightbulbs can become a beachhead for hackers.
And though Charlie Miller and Chris Valasek said their Jeep-hacking days are behind them, they return this year with more vehicle mayhem. It's unlikely they'll be driving any cars off the road, but it does sound like attendees will walk away with a far better understanding of the weaknesses inherent in connected car technology.
The Crucible of Security
PCMag will be on the floor at Black Hat, bringing you the facts about all the most important stories and taking the wind out of the ones that are all fluff. But one of the most interesting parts of Black Hat is seeing what happens when a bunch of hackers all get together. Wi-Fi networks become untrustworthy, video poker machines become mysteriously inoperative, party hosts mention how many listening devices are found in the building. Black Hat isn't just about sessions and research. It's where security experts put into practice all that they preach.