Viva Las Hackathon
When you think of Vegas, what comes to mind? For the tech wizards at DEF CON 26, it’s technological vulnerabilities. And in their world, every type of tech is fair game to exploit. With crazy outfits and crazy smart people, this year’s conference was a hacker’s haven. Here were some of the most creative (and flat-out impressive) hacks from the event.
Blue Screen Of (Slot Machine) Death
Hackers hit the jackpot at the LINQ casino. But they didn’t win money. They won the pleasure of seeing slot machines display error and reboot messages, then go completely dark. Instead of tempting gamblers with their dopamine-blasting interfaces, dozens of slots remained dark for hours after their simultaneous crash. Although the LINQ claims that the slot machine meltdown had nothing to do with the DEF CON folks across the street, we know the truth.
Votes For Days
Looks like you’re never too young to get into politics. An 11-year-old boy hacked into a replica of the Florida state election website and changed voting results in under 10 minutes, shining much-needed light on the vulnerabilities associated with some of these websites. Though the National Association of Secretaries of State said the hack wouldn’t have any effect on actual vote counts, the boy “had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.”
New Phone – Who Dis?
Security researchers from Kryptowire, a security firm, didn’t find just one or two vulnerabilities in the default apps of 25 Android smartphone models. Nope. They found 47. With these pre-installed vulnerabilities, hackers can take total control of a victim’s phone, allowing them to send texts, take screenshots, steal contacts, record videos, download apps, factory reset the phone, or brick it. And, hackers can “potentially get logs of what a person was typing, reading, and who they’re in touch with.”
The Truth … Or Something Like It
Not even the boys in blue were immune. A consultant at the security firm Nuix detected troubling vulnerabilities in police body cameras that would allow a hacker to “download footage off a camera, edit things out or potentially make more intricate modifications, and then re-upload it, leaving no indication of the change.” Or, a hacker could simply delete the footage entirely. Additionally, some of the more sophisticated Bluetooth models can be exploited to remotely stream live footage off of the cameras.
An “All-In-One” Hack
Two researchers from Check Point, a software technology company, discovered vulnerabilities in tens of millions of HP Officejet “all-in-one” printers. So you’ll just get annoying spam faxes, right? Wishful thinking – it’s a bit more sinister than twenty rapid-fire “You Won A Trip To The Bahamas!” faxes. Imagine “a malicious attacker wants to infiltrate a covert network, let’s say a bank. And the fax number for this bank is public, so he can get that number. On the bank side, if the printer that receives the fax is also connected to the internal network, then all the attacker needs to do is send a malicious fax to this phone number and automatically he will be inside the internal network of this bank. It’s crazily dangerous.”
Thankfully, HP was quick to offer patches that have since been released.
Until DEF CON 27
From a silly slot machine hack to a much more serious bodycam vulnerability, this year’s DEF CON exposed security flaws in millions of devices that are used every day and the conference attendees once again left their mark on the city. Because, apparently, bugs come in through more than just open windows.