8 hacks to watch at Design West's Black Hat Summit - Embedded.com

8 hacks to watch at Design West’s Black Hat Summit


SAN JOSE, Calif. – Hacking has two hats—black and white—and you can try on both for size at Design West 2013 .

[Click here to register for DESIGN West 2013, April 22-25 at the San Jose McEnery Convention Center. Options range from an All-Access Pass — which includes Black Hat (security) Conference Session to Free Expo Admission].

The black hats have their own appeal, like an in-yer-face Quentin Tarantino flick, so let's get right to them. Info for white hats about hacks they need to know about will surface at the Black Hat Embedded Security Summit. This is a key element of the reinvigorated DESIGN conference program.

The Black Hat Embedded Security Summit provides electronics professionals with essential information and tools, as well as a forum for the discussion and evaluation of the latest solutions for securing their embedded systems from threats in today's global environment. This year's event program will showcase training courses focused on topics such as Network Security, Incident Response, Web Application Security, and Exploit Development.Five black hacks captured my attention when I wandered through the program. My favorite is a session on hacking your car that might have caught my eye because I have a jammed door lock on my 2004 Honda CRV.

The session Vehicle Network on Tuesday, April 23 at 3:15pm has a decidedly more high tech focus than my mundane mechanical problems. It takes it for granted that today's car is a network on wheels and goes about showing you how to perform—and prevent–a Denial of Service attack on it.

Presenter Robert Leale of CanBusHack Inc. will report on which cars he found easiest and hardest to hack. Might be worth the price of admission just to find out how your vehicle fared. As for my old buggy—even I can't get into it!

My next favorite black hack is using near field communications (NFC) to get into a smartphone. I guess something perverse in me enjoys the thought of messing with the carefully quaffed world of the credit card companies who are promoting mobile payments these days.

The session description says it all:  “Using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction. In some cases, it is even possible to completely take over control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls.”

It’s an added bonus that the presenter is Charlie Miller, a member of the product security team at Twitter. It will be refreshing to hear from an engineer who not only uses Twitter but works for it. You do tweet, don’t you, Charlie?

Now this is really getting personal—security for medical devices.

The good news as far as I can tell is presenter Jay Radcliffe, a senior security analyst for InGuardians, will not be giving away free tips on how to conduct a Denial of Service attack on your defibrillator. He’s on the good side, so let that blood pressure ease on down.

Radcliffe says he will “provide realistic recommendations on what can be done by regulatory agencies to bolster the defense of medical devices and highlight specific focus areas the community should be targeting with future research.”

Apparently there’s a high level call for some engineering analysis here. The U.S. Congress recently published a Government Accounting Office report that calls for prompt action on securing medical devices. So if you are or are thinking about becoming a medical electronics EE, Uncle Sam wants you!

You can always build a better Internet-connected mousetrap, but can you hack it? That’s the musical question another Black Hat session asks developers working in the Internet of Things.

Don A. Bailey, a founding partner of Capitol Hill Consultants, LLC, will give a preview of the M2M Risk Assessment Guide to be released for the first time at Black Hat Amsterdam 2013. So this is your chance to get one step ahead of the Dutch police.

Bailey’s team analyzed machine-to-machine systems in use at 80 organizations. The team figured out how they work and where they have holes. You may not see how the sausage was made, but you can definitely get a look at the Swiss cheese.

The last of my favorite black hacks at the summit is called “Power Analysis Attacks for Cheapskates.” I won’t tell you why I liked this one, but it does promise to show you how you can practice this art “for a few hundred dollars” and some open source code.

Does it work? Well, presenter Colin O'Flynn of Dalhousie University in Halifax, Nova Scotia, claims he will show it breaking into a microcontroller using AES, one of the most powerful encryption technologies in the market.

If you are not satisfied, the code hackers over at Cryptography Research have a separate session. They will show other power analysis hacks for AES and RSA–and how to defend against them.

The flip side of the black hat basement is the do-it-yourselfer garage, and there will be a big one at Design West—big enough to build your own submarine.

They call it an ROV, actually. I’m told that stands for remotely operated underwater vehicle. I guess they prefer not to call it a ROUV. The class shows how to build your own unmanned sub using off-the-shelf Beaglebone and Arduino hardware along with various sensors and motors and some open source code.

Wind River product manager Stephen Olsen is the skipper. Sounds like fun as long as I don’t have to cross under the polar ice cap in what gets made there.

If you’re more of the stay-at-home type, you might prefer the class that teaches you how to create your own chess game on a single FPGA. You won’t learn how to create the entire system and software but “two of the major functions–the Move Generator and the Board Evaluator–will be described in sufficient detail to allow attendees to use these as starting points for their own design,” according to the class description.

FPGAs can sell for several hundred dollars if you need a high-end part, and they require specialized programming tools, too. There are no specifics in the class description, so just be advised this is not necessarily the cheapest way to a digital checkmate.

If you’re the snoopy type, you might prefer to learn how to build your own tele-presence robot. Duane Benson, Web marketing manager for Screaming Circuits, will get you started although his description suggests he hasn’t quite finished his personal project yet. He says that after hours, he designs microcontroller and motor control boards for small robots under the moniker SteelPuppet.

Duane will talk about using all sports of building blocks from discrete logic, microcontrollers and programmable logic to off-the-shelf modules like Android tablets and smartphones. He will even explore the broader philosophical questions such as what is a system and “will projects like this just bring the robot apocalypse one step closer?”

We sure hope so. Our business plan calls for a robotically controlled Design West in 2020, so get cracking.

And as always at DesignWest there are plenty of bread-and-butter classes that don’t involve anything exotic or illegal. You can learn the basics of C programming or the latest features of C++ from veteran code coach Dan Saks.

There’s a whole suite of 101 courses on everything from old staples to new trends. Classes cover topics ranging from analog design and VHDL to LEDs, sensors, cloud computing and the Internet of Things.

Unfortunately, I found no classes on Internet dating or building a robotic romantic partner. Every year I put these in the suggestion box. I’m hopeful they will hear me in time for Design West 2014.

For Further Info:

Click here to register for DESIGN West 2013, April 22-25 at the San Jose McEnery Convention Center. Options range from an All-Access Pass — which includes Black Hat (security) Conference Session to Free Expo Admission.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.