Last year, I had the chance to attend the globally renowned Black Hat security conference for the first time, and I shared with you last month that, thanks to the NormShield company, I would be attending it again this year with great excitement. During the conference and in the time leading up to it, I jotted down a few quick notes, and on the 12-hour return journey, I decided to compile these notes and write them up for those who are curious, just as I did previously.
It seems they finally understood on the third attempt that I mean no harm to anyone, as this time, unlike my experience described in my blog post about entering the U.S. for the Intel Security Focus Conference, my entry into the U.S. went smoothly. My trip to the U.S. began on July 20 in Los Angeles, and by July 30, I was in Las Vegas for the Black Hat security event. For those who couldn’t follow, this year’s Black Hat USA 2016 event was held from July 30 to August 4.
In the four days preceding the presentations held on August 3 and 4, around 70 high-quality security training sessions were offered, similar to previous years. Thanks to the support of my esteemed managers and employer, IBTech, I was able to attend a two-day course focused on hardware security, titled “Hardware Hacking with the Hardsploit Framework.”
As a security expert who recently conducted a penetration test on an electronic ATM vault lock for work, I found this training extremely beneficial and eye-opening.
This course, offered by Opale Security, was attended by about 25 people from various countries (Taiwan, Korea, Brazil, France, and Australia) and diverse profiles (software developers, penetration testers). I couldn’t help but notice that three participants were from the U.S. Air Force, and some attendees only shared their names during the introductions—makes one wonder why, right? 🙂
On the first day, we practiced extracting (dumping) information from SPI and I2C memory and retrieving firmware through the SWD port using the Hardsploit device. On the second day, the morning session demonstrated the capabilities of GNU Radio and the RTL2832U digital TV receiver. In the afternoon, we had an engaging practical session to reinforce the knowledge acquired over the 1.5 days. We were divided into teams, and each team received a specially configured quadcopter (drone) from the instructors. Each team was tasked with connecting to the drone through its accessible ports, downloading the firmware, identifying any vulnerabilities, and patching these vulnerabilities to prevent exploitation by other teams.
Additionally, each team received a transmitter to communicate with the drone, which we analyzed with Hardsploit. The objective was to control the instructors’ drones by sending specific commands (they periodically broadcast signals to facilitate this). I thoroughly enjoyed this training and found it to be an intensive, highly rewarding experience.
The Black Hat Conference traditionally began with an opening speech by its founder, Jeff Moss. After speaking for about eight minutes, he handed the stage over to Dan Kaminsky. During his talk, Jeff Moss shared some noteworthy statistics. He first announced a record-breaking attendance at Black Hat USA 2016, with around 6,400 people present in the opening session! He also mentioned that 194 students had been awarded scholarships. (Those interested in the full opening speech can watch the video I recorded for you below.)
Just like last year, I found it challenging to choose which presentations to attend, as there were so many fascinating talks running in parallel. Using the category-based filter on the presentation page, I focused on attending talks about “Reverse Engineering” and “Malware.” I found the sessions on the second day more satisfying compared to those on the first.
Due to the high attendance, moving from one presentation to another felt a bit like navigating through a packed metro crowd. I also really appreciated the provision of sign language interpretation for hearing-impaired attendees in some sessions.
One of the presentations I attended, titled Breaking Payment Points of Interaction (POI), was particularly fascinating. The speakers demonstrated a Man-in-the-Middle (MITM) attack on a POS device keypad (Pinpad), where they could prompt the customer to enter their PIN. Due to the lack of encryption in the communication channel, they could intercept and steal this data. Additionally, they showed how attackers could inject their own messages onto the screens viewed by custom
In the Captain Hook: Pirating AVs to Bypass Exploit Mitigations presentation, one particularly important aspect was how antivirus software can actually weaken a system’s security due to improper use of hooking techniques. The speakers explained how these flawed implementations can be exploited, compromising the very systems the antivirus is supposed to protect.
One of the standout presentations of the conference was Hacking Next-Gen ATMs: From Capture to Cashout, which revealed how fraudsters use devices known as “shimmers” to drain bank accounts through ATMs. A shimmer is a device placed inside the ATM’s card reader slot that intercepts the data between the chip on a supposedly secure EMV Chip & PIN card and the ATM’s chip reader. This intercepted data is then transmitted in real-time to the fraudsters. Armed with this information, they can empty the customer’s bank account from a different ATM.
Another alarming trend highlighted was that fraudsters have also started purchasing contactless credit card data, further expanding their arsenal of tools for financial theft.
The Advanced CAN Injection Techniques for Vehicle Networks presentation by Charlie Miller and Chris Valasek, the renowned security researchers who made headlines for hacking the Cherokee Jeep, once again drew a large audience this year. In their talk, they detailed the steps they took to bypass the security controls that car manufacturers have implemented in vehicle systems. Their presentation outlined the methods used to circumvent these safeguards, showcasing just how vulnerable modern vehicles can still be to sophisticated attacks.
Outside of the presentations, the Business Hall was once again a major highlight, showcasing prominent brands in the security industry and their impressive booths. Unlike some events in Turkey, where sponsors insist on giving lengthy speeches just because they’ve sponsored the event—often disregarding the schedule and participants’ time—Black Hat USA 2016 didn’t have any sponsors hijacking the microphone and delaying the program. For those who organize security events and struggle with demanding sponsors, perhaps they can share the following photos to help persuade their own sponsors to keep things short and sweet! 🙂
As always, the Black Hat store attracted a lot of attention from Black Hat enthusiasts. While browsing through the unique selection of souvenirs, I picked up a few small items to include in a giveaway for my Twitter followers. 🙂
Once again, the Black Hat USA conference, with its training sessions, presentations, atmosphere, and memories, has left me deeply impressed. It was an incredibly productive experience for me. I hope that everyone interested in information security, whether through their own means or with the support of their employers, will have the opportunity to attend this conference one day. I’m not sure if we’ll meet again in the Black Hat 2017 USA blog post, but I hope we will. Wishing everyone safe and secure days ahead! 🙂
