Destination PWND: Safes, ATMs, phones all fall to Vegas hax0rs

Hardware hacking

A lot of hackers first got into the business by becoming fascinated by noodling around with hardware, typically picking locks. There's an entire DEF CON village devoted to that now, but innovative hardware hacks elsewhere were also very much in evidence.

A personal favorite with this hack was the safe-cracking computer, an ingenious device that used an Arduino microprocessor, an Erector set framework, magnets to hold it in place and a 3D-printed unit that meshed onto the rotary combination dial.

The device's father, SparkFun Electronics boss Nathan Seidle, explained at DEF CON that he got into safe-cracking when his wife (another hardware hacker) bought him one on eBay for $20 as a present. The safe was so cheap because it was locked and had no known combination, so the two of them were determined to crack it.

And they got it open. It only took 30 min. pic.twitter.com/LNxmlvOArO

— Jack (atDEFCON) (@jmorse_) July 28, 2017

Seidle set the robot working, aiming to have the safe cracked in the time it took him to give his presentation. The robot managed it in a few seconds over 30 minutes.

Another interesting DEF CON talk by Dennis Maldonado showed how easily RFID chips can be harvested and cloned. Using some cheap parts he bought on eBay, Maldonado was able to copy chips from two feet away and then fire the data to a card cloner.

Reading RFID chips that don't belong to you is nothing new but it was the speed and ease of this attack that made it really impressive. And with more and more RFID chips in circulation, Maldonado's research could come in handy.

Meanwhile, at Black Hat, researchers at IOActive performed a perennial favorite – making an ATM spew money everywhere.

They found that an ATM built by Diebold Nixdorf had a USB port that was trivially easy to find and exploit to commandeer the machine. They informed the company, only to be told that it couldn't possibly be used to carry out a hack.

The team found a way to reverse-engineer the ATM's software and cause it to dump its entire load of cash. The team reported that Diebold still hasn't fixed the flaw as it not longer makes that model of ATM and that the hacked model hadn't been patched.

A mountain of malware

Software cracking is what most people associate with hacking and there was more than enough to go around.

Earlier this year, a new Mac malware was found called Fruitfly, and Patrick Wardle, chief security researcher at Synack, spoke about how he'd managed to hack a variant of the software's command-and-control servers. What he found is going to be giving Apple some serious concern.

Fruitfly is an obfuscated perl script using antiquated code that can give an attacker pretty much complete control of macOS, including key logging, webcam control, alerts when the user is online, and a tunnelling system to get this back to the command and control servers.

With a reverse-engineered piece of the code, Wardle was able to log into the command and control systems and view infected systems. They appeared to be mostly US based, although not too numerous, but all had been taken over by malware and antivirus engines were missing.

Using malware for physical targets was also covered, with Robert Lee, CEO of industrial security specialist Dragos, giving a detailed rundown of how hackers brought down sections of the Ukrainian power grid last year. This was a complex attack with initial reconnaissance by hackers in 2014 followed by more than year of development before the biggest outage.

The attackers had designed malware to hit specific sections of the power grid and cause them to fail. This initially complex task had been simplified so that someone without detailed knowledge of the grid could use it. But Lee was hopeful that US grids were more resilient.

"The US government simply doesn't know what is going on in infrastructure, because they own so little of it, but operators are getting on the case," he said. "The North American power grid is one of the most complex organisations in existence, with systems piled onto system. That leaves a lot of redundancy."

Finally Marcus Hutchins, the British researcher who discovered the kill switch for the WannaCry malware, was also wandering the halls and parties of Las Vegas. He just missed out on a Pwnie Award but Charlie Miller, car hacker extraordinaire, said that Hutchins was due his plaudits. Hutchins also enjoyed some traditional Las Vegas pursuits.

pic.twitter.com/wEr1Q1Fh8Z

— MalwareTech@Vegas (@MalwareTechBlog) July 29, 2017

It was a fun, if exhausting, week. The first presentations for DEF CON and Black Hat are now online so you can catch up with the whole thing. ®