Every year, Black Hat, one of the most popular security conferences in the world, attracts hundreds and thousands of security professionals and researchers. This year was no different. The only difference was that this year Black Hat 2021 was a hybrid affair, with attendees having options to either attend the conference in person or digitally. Most attendees chose to stay at home.
The conference took place at Las Vegas from 31 July to 5 August 2021. Another major difference which made Black Hat 2021 stand out from past years was three keynote addresses. Previously, there were only one keynote address but this year there were three.
In this article, you will learn about seven shocking revelations that make our jaw drop at Black Hat 2021.
Here are seven eye popping things we saw at Black Hat 2021 Conference.
Mobile apps and websites are two different things but experts are trying to integrate both. To achieve this goal, they have developed a technology that can make the web more like an app by granting them access to your device files. They used a file system access API for this purpose. Just like every other technology, it also has its advantages and disadvantages. The problem is that the web browser has started messing up with your device files. This can have serious security repercussions for both individuals and businesses.
Researcher Natalie Silvanovich was mesmerized by a FaceTime bug that enabled hackers to listen to a targeted user’s phone. This got her thinking and he started exploring other similar vulnerabilities in other instant messaging platforms. She looked at how different instant messaging platforms implement WebRTC and realized that bugs like these are very common. In fact, she managed to identify similar bugs in popular messaging platforms such as Facebook Messenger and Signal. This came as a shock to many as most people think that their conversations are private when they communicate via an instant messaging platform.
Most internet service providers (ISP) provide a router or modem which you sign up for their service. Shockingly, those routers and modems are leaking your location data. Yes, you read that right. Rob Beverly and Erik Rye conducted comprehensive data fusion research and came to the conclusion that some low end routers used an insecure IPv6 address which allowed cybercriminals to trace their location within a 50 meters radius. If you are still using an outdated or low end router then, this is the best time to upgrade your router.
Passwords usually get a bad rep in cybersecurity circles because it is easier for hackers to steal them or guess them through different techniques. That is why most cybersecurity professionals will advise you to ditch passwords altogether and switch to a more secure user authentication method such as biometrics or passwordless authentication.
Unfortunately, that is no longer true either. At Black Hat 2021, Omar Tsarfati demonstrated how Windows passwordless login feature called Windows Hello can easily be tricked. He created a fake camera and fed pre-recorded video footage and managed to fool the passwordless authentication easily and send shockwaves across passwordless authentication advocates.
If you follow cybersecurity, you might have heard of spyware, ransomware or adware but have you heard of stalkerware? I can bet most of you might have never heard of it. The worst part, stalkerware is more common than you think. They are everywhere from parental control apps to find my device apps and even in IoT devices.
If you are currently using such apps or have implemented internet of things in your organizations then, you better be careful. According to Lodrina Cherne and Martjin Grooten, “It is a symptom of a much larger problem of intimate partner violence.”
Mac OS enjoys a clear advantage over Windows operating system when it comes to security. Hackers can easily bypass Windows based systems and exploit vulnerabilities in the platform to fulfill their malicious objectives but the same can not be said for Mac operating systems. That is why most people consider Mac OS as a safer alternative to Windows operating system.
This perception was tarnished at Black Hat USA 2021 when security researchers Wojciech Reguła and Csaba Fitzl shared the findings from their research. They revealed 20 different ways to bypass privacy protection of MacOS. In addition to this, they also managed to gain permission by using different tactics and proved that vulnerabilities could exist even in the most secure platforms.
5G was all the rage these days. Carriers are busy deploying its infrastructure while smartphone manufacturers are releasing 5G phones at a rapid pace. There is no denying that 5G offers tons of advantages over its predecessor and one of them was security. Unfortunately, that is not the case.
Security researchers Marco Grassi and Xingyu Chen demonstrated how attackers can gain remote code execution access to a 5G baseband at Black Hat USA 2021.What’s more, 5G connectivity is also vulnerable to international mobile subscriber identity catcher attacks. IMSI catchers are fake cellular base stations that could trick nearby devices to connect to them. This can allow cyberattackers to target more people and even intercept their data.
Which revelation shocked you at Black Hat USA 2021? Let us know in the comments section below.