Defcon 17: Day Two

July 31, 2009

Welcome to a series of four posts about the Defcon Conference in Las Vegas.  TrustCC sends staff to the conference every year to ensure we are up to speed with the latest development of exploits in the hacking community.  Today I witnessed the complete hack of a mobile phone, I witnessed people having their userids and passwords captured over insecure wireless networks, and I listened to a number of very interesting talks about new exploits and recent hacks.

First a photo of the room at Defcon set aside for contests.  This room had about 20 teams of hackers all competing to compromise a simulated corporate network while at the same time defending themselves in this hostile environment.  This team had a guest “hacker” that needed a little inflation.  😉

20090731 defcon-3

This particular contest started on Friday and goes non-stop until Sunday afternoon at 2pm.  It is as much about skilz as it is about endurance.

The talks often look quite corporate, as shown in the picture below.

20090731 defcon-11

This room seats well over 1000 attendees.  One of the sessions I attended today demonstrated the ability to install and execute any application on to a mobile phone without any knowledge or interaction from the owner of the phone.  The “hack” took advantage of a weak security configuration by the carrier.  Indeed, in this example, both the OS creator and the OEM hardware manufacturer enable a security measure to prevent this particular “hack” but the carrier disabled the control to ease their ability to push updates to the phone.  It is shameful to fully recognize what companies do to spare themselves costs.  This hack put all information at complete risk and if the phone had access to a corporate network, that network would be at risk as well.  One of the speakers commented that “mobile devices today are insecure just like PCs from the late 1990s.”

The last picture of the day is a photo from the vendor area of the conference.  This particular vendor is selling recordings of the talks and is offering a discount…

20090731 defcon-6

Creativity is definitely an overwhelming theme of a Defcon event!

– TrustCC


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: