Some Results from the ToorCon Security Conference

Harckers, security researchers at the ToorCon security conference in San Diego showed how easy it can be to poke holes in hardware and software with the right combination of tools, know-how, and good old fashioned cat curiosity.

What hacks did the show?

One researcher demonstrated how to take control of an iPhone using an App exploit that targets a hole in Safari. That vulnerability is now fixed. The iPhone app allowed it to process credit card numbers, which could then be stolen if this were an attack in the wild.

A senior security analysts at Trustwave, “weaponized” an exploit called Jailbreakme.com. It would allow iPhone owners to use unauthorized apps. You can eavesdrop on someone if you’re on their iPhone.

Two researchers talked about how they turned a toy into a wireless tool that could be used to open garage doors and clone RFID -based passports and RFID tags used for inventory control on shipping docks. The device they used was the IM-ME.  The IM-Me device uses the same wireless chip that some smart meters use and could be turned into a diagnostic tool to test the security of those devices.

Two other presenters showed how when accessing popular sites on the Web like Twitter, Hotmail, Facebook, and Flickr where there is limited encryption puts user accounts at risk of compromise by someone snooping on session traffic between the user’s computer and the site’s server.

Finally, it is easy to compromise cookie data. Black Hat hackers can compromise cookies. Exposure is possible even when web surfers are not on one of the sites that uses their cookies. If a site just even has a Flickr image embedded or hosts a Facebook or Twitter widget it can leak a user’s cookie data if the user is logged into the relevant host site. The cookie allows you to do everything you can with a password,  In such a circumstance it is hard for users to protect themselves.

, ,

Comments are closed.