Lessons From Black Hat


The digital age is in full force, and is only integrating itself further and further into our lives. At this years ‘Black Hat’ conference in Las Vegas, this integration was on everyone’s lips. From a hackable smart sniper rifle, to spyware on Android phones, to discussions on the hacked Jeep Cherokee, the enmeshment of technology in our lives is hard to deny. In fact, enmeshment is a good term to define our increasingly complex relationship with technology. As defined by the Oxford Dictionary, enmeshment is to be involved, “in a difficult situation from which it is hard to escape.” Which sums up our relationship with the web of technology that has come to become so vital, as well as so frustrating, to our modern day society. We rely heavily on technology from everything from transportation, communication, education, and even healthcare. With this reliance also comes complications and concerns over who can access these technologies ranging from the personal to the critical.

Lessons-From-Black-HatWe live in a world where internet accessible, or wi-fi capable, devices are not just desired by consumers; they are expected by them. To the point where objects that one would not normally think would be wi-fi capable are. The most recent Jeep Cherokee hack being a well-known example of how everyday objects are now being brought into this web of interconnected technological devices: the Internet of Things. However, earlier examples have raised the same questions. In 2008 researchers from the Medical Device Security Center were able to gain remote control of a pacemaker due to its wi-fi capabilities. Thereby granting them the ability to do anything from shut down the device to causing cardiac arrest. Another instance of everyday devices being hacked happened in 2011, where a researcher was able to hijack a Medtronic insulin pump via radio transmitters. Initially these two medical devices were created to help bring ease to patients’ lives. The wireless pacemaker was designed to be safer and more reliable than past battery powered pacemakers. Meanwhile the Medtronic insulin pump allowed patients and doctors to adjust functions. However the wireless functions of these devices also had vulnerabilities that had the potential to be exploited by individuals and groups that possessed the technical expertise. According to Gartner some 25 billion devices are predicted to be in use by 2020, and this interconnection has raised concerns about how vulnerable these devices are as well as what steps can be taken to safeguard against malicious users.

What businesses and security researchers can take from this year’s Black Hat is that the distribution of security is not uniform across the Internet of Things. Some devices are simply not designed with security in mind. Either due to a lack of understanding, budget constraints, or a combination of issues. Looking back at the wireless pacemaker, medical staff set out to design a device that would lead to invasive surgeries and prove to be more reliable than previous devices. These are benefits that many people can find positive. When this device was manufactured no one was thinking about what vulnerabilities could exist in this pacemaker that could allow a remote user to physically hurt someone. However, just because the device wasn’t intended to be used maliciously did not mean that it could be used that way. Which is what security researchers demonstrated in their 2008 scenario. The same goes for the many other of devices that were displayed at this year’s Black Hat conference, the on-board computers on cars were put in place to make them more efficient and the smart gun was designed to improve accuracy. Still the vulnerabilities existed and now that they have been exposed it is a matter of choice on how business leaders and security researchers will address them.

Some of this lack of foresight can be attributed to a sever knowledge gap that exists between the technology industry and the rest of the business world. That meaning that within the technology world there is a considerable level of knowledge on the dangers of vulnerabilities and how they can impact users and businesses. Such as the dangers of unsecured wi-fi, unencrypted communications, and failures to update software. The problem comes from the other side, where those with little-to-no background in information technology designing and distributing devices that have the potential to be hacked or otherwise compromised. For those who are not in the information technology industry they may possess only a cursory level of understanding or be technologically illiterate and have no level of awareness when it comes to information security. In fact, the knowledge gap theory expresses that such deficiencies tend to only worsen as time goes on. As those within the knowledge circle continue to amass information they become more skilled at attaining knowledge at a quicker rate. Meanwhile those outside of the knowledge circle fall behind. Which leaves security researchers in a difficult position on how to explain complex and technical problems to an audience that may not have the knowledge base to properly understand what is being explained to them.

By | 2017-03-24T13:47:45-04:00 September 16th, 2015|Security|

About the Author: