Stories about lost wages aren't the only scary things being talked about in Sin City this week. The best security researchers and hackers from around the world have gathered in Las Vegas, and news about their work has been creeping out like a toxic flood.
The Black Hat security conference wrapped up Thursday and the Def Con hacker conference is going on now and is scheduled to end Sunday.
Here's a roundup of some of the stories that have technophiles buzzing.
Murder by Hacking
Diabetic and security researcher Jay Radcliffe demonstrated how an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim.
Having the pump's serial number is one key to performing the hack, which is concerning since many products ship with product codes displayed on outside packaging, according to reports. Read more at ZDNet and PCWorld.
Your House Can be Hacked
Researchers Dave Kennedy and Rob Simon showed how they could disrupt and spy on home automation networks in residences and offices using devices connected to Ethernet networks that communicate via public power lines. Once plugged into a power outlet outside or near the target building, the X10 Black Out device they created can be programmed to jam the signals that turn lights on and off and open doors, as well as disable security systems, change climate controls, and interfere with other functions of a home automation network. They also showed off their X10 Sniffer device, which can see whether the doors are open and lights are on and can track people with motion sensors and see what part of the house they might be in. Read more.
Plane Spies on Wireless Chat
Security researchers Mike Tassey and Richard Perkins unveiled a remote controlled, unmanned aerial vehicle capable of cracking Wi-Fi passwords, exploiting weak wireless access points and mimicking a GSM tower to intercept cell phone conversations. They built the Wi-Fi Aerial Surveillance Platform to show how an ordinary remote controlled hobby airplane can be easily converted into something more sinister. Read more.
Long-Term Global Cyberspying Exposed
McAfee issued a report that said it had identified a single perpetrator of cyberattacks that lasted up to five years on a wide range of governments, American corporations and even United Nations groups, and that the pattern of targets suggested the attacker was a "state actor."
After blogging about "Operation Shady RAT," McAfee VP of Threat Research Dmitri Alperovitch was thronged by reporters. Alperovitch said the cyber-spying campaign was the "biggest transfer of wealth in terms of intellectual property in human history." Read more at The New York Times and VentureBeat.
New Threat: Hacking Batteries
Security researcher Charlie Miller demonstrated how he was able to completely control the microprocessor embedded in batteries used in Apple Macintosh laptops and then remove or bypass the built-in safeguards. He suggested it would be possible to overheat a battery and start a fire by convincing a controller that the battery was discharged, even though it was completely full, but said he has not tried it and an analog fuse may prevent disaster. Read more at CNET and PCWorld.
Facebook's Creepy Facial Recognition
Alessandro Acquisti, Ralph Gross, and Fred Stutzman showed how they took publicly available photos of students from Facebook and then used facial recognition technology to identify the students as they looked into a webcam.
In another test, the researchers took photos from 277,978 Facebook profiles and compared them to profiles from an online dating Website where people don't use their real names. They were able to correctly identify 10 percent of the dating site's members using facial recognition technology. Read more.
Other Security Tidbits
In other Black Hat news, Microsoft announced a contest that offers more than $250,000 in prizes to security researchers who can develop better solutions to counter security threats. Conference organizers also handed out Pwnie Awards, including one to Sony for "Most Epic Fail."