Locks of hotels, iris scanning, Google and other technologies play “safe” are being broken into statements made in the security conference.
Inhabitants of the digital world are feeling a little less safe this week with another edition of Black Hat hacker conference in Las Vegas.
Among the technologies raped by security researchers during the event were locks for hotels, iris scanners, Google Bouncer, point of sales terminals and Near Field Communication (NFC).
Conference participants who were staying in hotels were somewhat restless during the presentation of the Mozilla software developer, Cody Brocious. He demonstrated a homemade device – which cost $ 50 to be developed – that burlava security of the premises and opened doors of rooms .
The gadget is similar to what hotels to use programs to accept locks, master keys. However, the device operates only in locks produced by Onity, and in only 33% of cases. Moreover, there are between 4 and 5 million hotel room door in the world that are opened to be experienced.
The biometric security, a highly secure identity authentication, also was cracked at Black Hat . Spanish researchers have shown how they reproduced a realistic picture of the human iris. In tests applied to a system of top-line recognition, the iris scanner was cheated in 80% of cases, according to the team at the University of Autonoma in Madrid.
Fake iris images were created in the past, but this is the first time that the iris of a real person was doubled from data collected on the organ.
Play Google tightrope
When Google introduced the Google Play Bouncer, it was believed that this technology would take a while to clean infected by malware apps and distributed throughout the online store.
This doubt was launched at the conference by Trustwave. The company demonstrated how to circumvent the radar Bouncer, through sophisticated techniques of concealment, and maintain an arbitrary code hidden within Google’s Play for two weeks before the researchers discovered.
Malicious applications, however, are not the only ones to pry data stored on smartphones, according to a study released by Appthority at Black Hat was discovered that 96% of the apps for iOS and 84% of Android have the ability to access information confidential, such as contacts, calendar, location and timing.
Online buyers beware!
Electronic commerce is also targeted by two experts in the Black Hat researchers show a card that is designed to infect the terminal points of sale when the device was used.
The card terminal deploys a Trojan horse that collects information and credit card security numbers. The information can be extracted from the terminal later by another card malicious.
The researchers also showed how vulnerabilities found in the terminals can be used to confuse store clerks, leading them to believe that a purchase was authorized by a bank – when in fact she was not.
Near Field Communication (NFC) technology, recently used for financial transactions on mobile devices, has also attracted the attention of conference participants. Charlie Miller, researcher Accuvan, showed how an NFC chip was used to commit information in an Android phone, simply by being placed near the target.
One of the traditions of Black Hat is the Pwnie Award, which recognizes achievements and failures that occurred during the 12 months preceding the event. One of the winners of this edition were the creators of the Flame, who developed a scheme using Windows Updates to send malware to your PC. Not surprisingly, the authors did not accept the prize as advertised.
And for the first time at the event this year, Apple’s appearance as host of the show: the news was good, presentation, or both. After a disappointing requentando information on soft paper safety iOS – which had already been disclosed by the company in May – the engineer security platform, Atlas of Dallas, left the event without even answering questions.