Black Hat Conference 2009 Findings: What Can the Network Security Industry Expect in 2010?
Black Hat Conference 2009 Findings:
What Can the Network Security Industry
Expect in 2010?
Research Analyst, Network Security
September 15, 2009
• About Vulnerability Research
• Overview of the Black Hat Conference
• Major Highlights of the Conference
• Expected Trends
• Key Conclusions
About Vulnerability Research
• Vulnerability research is the foundation for numerous network
security solutions such as IPS devices and endpoint protection
• Vulnerability research is the frontline of defense from malicious
code writers and cyber attackers.
Overview of the Black Hat Conference
• The Black Hat Conference is the largest, and best known security
conference series in the world.
• This conference is designed to serve the information security
community by “delivering timely, actionable security information in a
friendly, vendor-neutral environment.”
Overview of the Black Hat Conference (cont.)
• Historic Black Hat Conference events:
- Dan Kaminsky’s DNS cache poisoning vulnerability
- Cisco IOS flaw that resulted in a lawsuit
- Using virtualization to create undetectable malware
- Weaknesses in network security technology, i.e. NAC
- Vertical-specific exploits, (GSM, ATMs, public transportation)
Black Hat NAC
Cisco Blue Pill, the Kaminsky’s
called “a series bashed
sues undetectable DNS attacks
of rock throwing
Major Highlights of the 2009 Black Hat Conference
• MMS and SMS flaws (mobile phone hijack via text message)
• iPhone code execution/denial-of-service MMS attack
• Advanced Mac OS X rootkits
• Factory-installed BIOS rootkits
• Apple keyboard rootkit
• SSL encryption protocol flaws
• SSL spoofing
• Fake ATM/card skimmer
• Conficker discussion sanitization
MMS and SMS Flaws
• MMS and SMS data use has grown at a high rate over the years,
and is forecasted to continue to grow significantly.
• 900 billion SMS messages sent/received in 2008 (an increase of
132% from 2007)
MMS and SMS Flaws (cont.)
• Luis Miras and Zane Lackey, of iSec Partners,
presented a vulnerability in the way mobile
phones handle SMS messages.
• This flaw enables an attacker to hijack
smartphones, with varying degrees of control.
• An app called There’s an Attack For That
(TAFT) is a suite of hacking tools for jailbroken
• A related presentation demonstrated an attack
that uses a corrupt MMS message to kill
• A rootkit is software designed to secretly control a computer.
• A rootkit uses advanced techniques to take full control of a
system, obscure itself, and survive most attempts to remove it.
• Rootkits are very dangerous, and are often used by hackers to
make malware more effective and nefarious.
• Researchers at CoreSecurity announced that they discovered
factory installed software that behaved as a rootkit.
• Absolute Software’s CompuTrace LoJack for Laptops is designed
to protect and help locate stolen laptops.
• While not inherently malicious, the researchers claim that it’s not
very secure - leaving the possibility for devastating attacks.
• Security researcher Dino Dai Zovi demonstrated how to load an
advanced rootkit on Mac OS X machines.
• This is a severe issue with Mac OS X, which has been struggling
for market share against Windows.
• An Apple keyboard was also discovered to be susceptible to a
rootkit attack through its firmware update system.
SSL Encryption Issues
• SSL is a trusted, secure protocol for encryption and
• Dan Kaminsky presented on problems with X.509 certificates,
which are used for SSL encryption and authentication.
• X.509 certificates use an outdated and weak cryptographic hash
• VeriSign, the leading provider of digital certificates, downplayed
this announcement, saying that they no longer use MD2.
• Regardless, businesses have invested millions of dollars in
X.509, and yet it suffers both from technical and structural issues.
SSL Encryption Issues (cont.)
• In a similar presentation, security researcher Moxie Marlinspike
showed how an attacker could spoof SSL certificates.
• Marlinspike was able to trick a Web browser into accepting code,
which can give an attacker a number of attacks to perpetrate.
Fake ATM/Card Skimmer
• A card skimmer was installed on an ATM near
the hotel that the Black Hat Conference
attendees were using.
• Chris Paget, an security expert for Google, was
attending the conference when he discovered
the device and reported it to authorities.
• This follows the recent report of a complete,
working, fake ATM that was placed at the
• Coincidentally, a presentation about this
banking technology was pulled in order to give
the affected vendors time to resolve the issue.
• Conficker is a computer worm that infected up to 10 million
• The botnet had an activation date of April 1, 2009, but nothing
happened after all.
• The security community is still trying to track down the
• Conficker uses numerous advanced malware techniques to avoid
detection and deletion.
• A presentation about the Conficker worm was censored to avoid
tipping off the malware’s authors.
• What are customer and vendor plans for SSL communications?
• What this SSL vulnerability means for browser developers.
• Attackers continue to become increasingly nefarious, while their
tools grow in sophistication and complexity.
• Is criticism of factory installed grayware warranted?
• Mobile phones are the next major platform to be targeted for
• How will cell phone manufacturers react to these security
• Who’s responsibility is it to secure third-party apps?
• The security industry is becoming more responsible and
cooperative in its efforts of defeating hackers.
• The demand for original vulnerability research will only grow as
the race to defeat hackers intensifies.
• Key Internet infrastructure still has high risk vulnerabilities that
have not been fixed yet.
• As mobile devices become more connected and powerful, these
devices will become primary targets of hackers.
• Mobile phone developers generally have less experience with QA
and security testing, which may leave this attack vector exposed.
• With mobile devices, third-party applications are unregulated,
which introduces a critical attack vector.
• Responsible reporting and cooperation indicates an immense
potential for success against cyber threats.
Request a proposal for a Growth Partnership Service to support you
and your team to accelerate the growth of your company.
Register for the next Chairman’s Series on Growth:
The Growth Excellence Model: Competitive Benchmarking & Growth
Investing (October 6th) (http://www.frost.com/growth)
Register for Frost & Sullivan’s Growth Opportunity Newsletters and
keep abreast of innovative growth opportunities.
Your Feedback is Important to Us
What would you like to see from Frost & Sullivan?
Please inform us by taking our survey.
For Additional Information
Jake Wengroff Craig Hays
Global Director Sales Manager
Corporate Communications Information & Communication
(210) 247-3806 Technologies
email@example.com (210) 247-2460