The scariest hacks, bugs, and cheats we saw at Black Hat 2024

The PCMag security team headed to Las Vegas this week to brave the heat and experience the scarier side of the internet at the Black Hat cybersecurity conference. Below are some of the most memorable demos, sights and sounds from the show.


Election concerns and publicity-hungry hackers

The show opened with a keynote panel discussion about cybersecurity issues affecting election security around the world. Considering there are around 50 major elections scheduled for 2024 alone, including the US presidential election in November, it’s no surprise that concerns about cyber-attacks and AI-assisted generating disinformation were the main talking points.

The panelists, all high-ranking representatives from global cybersecurity groups, urged the cybersecurity community to come together to protect democracies from interference through cyberattacks. After calling for more members of the community to become poll workers, Cyber ​​Security and Infrastructure Security Agency (CISA) Director Jen Easterly urged voters not to be swayed by misinformation collected by social media influencers or unofficial sources. news.

Speaking of questionable news sources, a Black Hat panel discussion among high-profile tech reporters revealed that hackers are now using classic media relations strategies to publicize their crimes and pressure victims. This hacker-turned-PR-flack trend means corporate response teams must move faster and be more responsive when crafting public statements about cybersecurity incidents.

In other alarming news, the researchers followed up on earlier news about cybercrimes committed via sports betting platforms. At Black Hat, representatives from Infoblox said the DNS entries led them to link several popular gambling websites to the labor of human-trafficked slaves.


Hacks of all kinds

As expected, this year’s Black Hat presentations offered plenty of ways to hack various platforms, including software from the biggest names in the business.

You would think that modern versions of Windows are hardened against every kind of hacking imaginable. A super sensitive process like Windows Update is surely the safest of all, right? Well, such thinking is nothing but a challenge for an ethical security hacker. yes, MOST of the update process is armored against all changes, but a small hole in that armor proved enough to allow a Black Hat speaker to completely take over the update process, forcing it to lower the security level in ways unlimited. This attack proved invisible to security and impossible to undo. The next time you see the Windows Update prompt, just hope you don’t get a Windows downgrade instead.

Attendees of the Black Hat walk through the halls

(Credit: Kim Key)

The hacks demonstrated at Black Hat were not limited to software. A Dutch team showed off their skills on some EV chargers at home. Their hacks allow anyone within Bluetooth range to take control of a charger. What does that control allow them to do? The attacker could overheat your charger, limit its current, or interfere with its charging schedule. More importantly, they could anything at all to your bill, from the ringing of it to the raising of it to the sky. It is true that this hack is not very important, but the same persistence and ingenuity they used could serve to compromise almost any Internet of Things device.


Data Privacy, Routers and AI, Oh My!

Any smartphone that comes within range of your home router can and does identify it in one or more large positioning databases owned by powerhouses such as Apple, Google and Microsoft. Apple’s database is open to anyone, making it easy to gather information about millions of routers worldwide.

A conversation with Black Hat went into how this knowledge could be used or abused, from tracking down a cheating spouse who skipped town to finding staging areas in Russia’s war against Ukraine. Fortunately, Apple released an opt-out solution. Unfortunately, Apple should have done a lot more. (Starlink fixed the problem for its equipment, which is often used in conflict zones. Whoa!)

Also, we know that being emotionally vulnerable on a dating app can be scary, but the risks to your privacy are even scarier. At Black Hat this year, a team of researchers put 15 popular apps to the test and found that they leak personal information like crazy, from sexual orientation to exact location. You swipe left, they swipe right, next thing you know they’ve swiped your bag. As is often the case, many of the apps cleaned up their act after being contacted by the research team.

Recommended by our Editors

In an age of deep forgery and online content used for AI training, it’s no surprise that industry leaders are finding ways to help identify and verify images and videos. At Black Hat, an Adobe representative spoke about the role of content credential tags within the digital media landscape. Labels, which are a bit like nutrition labels for food, document how an image was created and what kind of software or AI tools were used to modify it later.

When we give large language models (LLMs) simple tasks like answering questions, they sometimes go terribly wrong. What if the assignment involves cyber security? Are LLMs dangerous? Can they help protect us? At Black Hat, MITER researchers demonstrated tests to help answer such questions. Right now, LLMs won’t work as cyber warriors, but in the future, who knows?


A softer side of the black hat

In less scary news, Signal developer Moxie Marlinspike urged other developers to enjoy the complexity of their creations, but not pass that experience on to customers. Many people simply aren’t interested in how or why their software or devices work, he argued. It’s up to developers to make sure users don’t think about it.

As always, the sights and sounds from around the exhibition were a lot to take in. Cybersecurity vendors from around the world gathered at Mandalay Bay Casino and headed to show off their latest developments and rub shoulders with customers and competitors. And the team in charge of keeping the Wi-Fi flowing had some interesting insights into the security practices of participants who should probably know better.

Check out more of our coverage from Black Hat 2024, and while you’re there, take a look at some of the scariest things we’ve seen in years past.

Like what you’re reading?

Register for Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

function facebookPixelScript() { if (!facebookPixelLoaded) { facebookPixelLoaded = true; document.removeEventListener('scroll', facebookPixelScript); document.removeEventListener('mousemove', facebookPixelScript); ! function(f, b, e, v, n, t, s) { if (f.fbq) return; n = f.fbq = function() { n.callMethod ? n.callMethod.apply(n, arguments) : n.queue.push(arguments) }; if (!f._fbq) f._fbq = n; n.push = n; n.loaded = !0; n.version = '2.0'; n.queue = []; t = b.createElement(e); t.async = !0; t.src = v; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s) }(window, document, 'script', '//connect.facebook.net/en_US/fbevents.js'); fbq('init', '454758778052139'); fbq('track', "PageView"); } }

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top