So What? New From Black Hat 2019 Hackers, security professionals, academics, and government agents flock to Las Vegas each year to attend two of the worlds largest and most well-known security conferencesBlack Hat and Def Con. Black Hat caters to more of a professional and academic crowd of security professionals, corporations, and government entities, whereas Def Con attracts more general members of the hacking community. Despite the different target audiences of these events, travelers to Las Vegas typically attend both conferences as they occur back-to-back. Each year speakers make briefings on how things can be hacked. Presenters show exactly how to exploit weaknesses in hardware, software, protocols, or systems. One session may show you how to hack your smartphone, whereas another may show you how to empty the cash out of an ATM. Presentations encourage companies to fix product vulnerabilities and serve as an educational forum for hackers, developers, manufacturers, and government agencies. The following are topic areas that were some of the highlights from the 2019 Black Hat and Def Con conferences.

Deepfakes A number of talks this year centered on deepfakesthe creation of computer-generated imagery (they can be either photos or videos) in which the likeness of one individual is replaced by the likeness of another. It is possible to create high-fidelity deepfakes using powerful artificial intelligence and machine learning technologies. As processing power has continued to increase over time and specialized software that can be used to create these videos has become more widely available, the number of deepfakes being created and shared on the Web has risen drastically. Early applications of deepfake videos were focused on p*rnography. Deepfake creators would generate videos with the faces of celebrities merged with the bodies of p*rn stars. Even more nefarious was the practice of deepfake creators generating videos of p*rnography actors with the faces of coworkers, classmates, or exes. The quality of the computer-generated deepfakes is so high that even victims/targets who claim the videos are fake may not be believed. It has become a priority to be able to identify indicators of these fake videos to protect the integrity of information. New methods to do so were presented at Black Hat 2019.

Internet of Things (IoT) Households are gradually adopting more and more IoT devices. It is not uncommon to walk into a friends, family members, or neighbors house today and see a smart thermostat, Wi-Fi or Bluetooth lighting, Internet-connected security cameras or baby monitors, smart TVs, smart speakers, digital assistants, and so on. An underlying principle of IoT devices is that they must be easily configurable and integrated with other IoT devicesfor example, smart lighting that is linked with a smart security system and the lighting flashes red when the alarm goes off. Another important feature of IoT devices is that they must be easily controlled by intuitive apps and digital assistantsfor example, a homeowner walks into their dark house and tells Alexa to turn the lights on. All of these integrations between IoT devices and apps mean that there are many potential vulnerabilities in the software that is used to communicate with and manage these devices. If IoT software was developed with a priority on security, easy integration between hundreds and thousands of different products would be much more difficult. Def Con and Black Hat are often riddled with presentations about how smart devices can be hacked (often very easily!)this year, presentations focused on how to compromise a variety of different motors and even the internal network of a Boeing aircraft.

Election Technology The 2016 U.S. presidential election was clouded with a variety of rumors and allegations about misinformation campaigns. Even the integrity of the voting equipment was questioned. Accordingly, interest by information security professionals and hackers in technology used in any way for the election process has skyrocketed. In an effort to identify potential hacking techniques that could be used against voting machines, Def Con created a Voting Village, where attendees can get direct access to tinker around with the same models of various technologies that are still used today to conduct elections. A highlight this year in the Voting Village was the addition of a new microprocessor developed by the Defense Advanced Research Projects Agency (DARPA), which they submitted to allow people to have a chance to compromise it. Companies are relying more and more on external security experts to identify vulnerabilities in their products and digital servicesthis is just one more example of that collaboration.

Questions:

1. What is your position on the adoption of IoT devices considering their tendency to have poor security controls? Are they worth the risk?
2. If you could go to either Black Hat or Def Con, what topic area would be of most interest to you (technical security, behavioral security, hacking IoT devices, etc.)? Explain.