44CON revisited: Secure Design in Software is still a new Concept
We have been to 44CON, and we returned with lots of ideas and scary news about the state of security in devices and applications. Given the ever spreading Internet of Things (IoT) you can see why connecting random devices via a network with no second thoughts about design, updates, or quality control is a bad idea. Don Bailey illustrated this perfectly in the keynote titled The Internet of Us. His presentation touched all of information security, but IoT featured a prominent role. We are really surrounded by the Internet of SIM cards (sadly which we cannot call IoS). This opens up a new perspective and demystifies the IoT hype.
You should watch Matt Wixey’s talk Hacking invisibly and silently with light and sound as soon as the videos are published. Matt discussed hardware hacking with sensors and sound/light sources such as lasers, computer screens, and LEDs. Transmitting data can be done by a variety of means, and you can do a lot with ultrasound or infrared. He also showed how to confuse drones by jamming their ultrasound sonar.
A shorter two hour version of The ARM Exploit Lab by Saumil Shah could be attended as an evening session. Given that the number of ARM processors tops that of x86/x86-64 five or six times, you should really think about getting to know ARM shell code and how exploits work on this platform. Right now finding a device where you can use these exploits is easy to find. In addition most are networked, so you can access them most probably, maybe even by war-dialling thanks to the Internet of SIMs. Or you just attack smartphones. The ways to use your new knowledge is without bounds. If you are interested, there will be a three-day course of The ARM Exploit Lab at DeepSec 2017.
So we enjoyed being at 44CON, meetings friends, and exchanging ideas about infosec. A big thanks to the crew! They made the event really smooth and worked a lot behind the scenes, so that everyone felt right at home. Looking forward to 44CON 2018!