Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.

Some of the most interesting presentations focused on vulnerabilities affecting industrial, IoT, hardware and web products, but a few of the talks covered endpoint software security.

Here are some of the most interesting presentations from Black Hat:

Legacy programming languages can pose serious risks to industrial robots

Researchers from Trend Micro and the Polytechnic University of Milan have analyzed industrial programming languages and the risks they pose to robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings.

Variants of the Kr00k attack impact Wi-Fi chips from Qualcomm and MediaTek

The Kr00k vulnerability, which allows attackers to decrypt wireless communications, only affects Wi-Fi chips from Broadcom and Cypress, but ESET researchers discovered recently that similar vulnerabilities also exist in chips made by MedaTek and Qualcomm.

Mercedes-Benz E-Class hacked remotely by Chinese researchers

Researchers from Sky-Go, the vehicle cybersecurity unit of Chinese security firm Qihoo 360, have described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car.

Lamphone attack allows spying via light bulb vibrations

A researcher from the Ben-Gurion University of the Negev has detailed a technique for remotely eavesdropping on the conversations in a room by analyzing a light bulb’s frequency response to sound.

Attacking industrial systems via protocol gateway vulnerabilities

Researchers from Trend Micro have analyzed several protocol gateways used in industrial environments and found that they are affected by vulnerabilities that can allow threat actors to obtain valuable information and disrupt critical processes.

Manipulating the energy market with high-wattage IoT botnets

A botnet powered by high-wattage IoT devices could be used, in theory, to manipulate the energy market the same way financial markets can be manipulated, according to researchers from the Georgia Institute of Technology.

Sophisticated macOS attack using Office document macros

Patrick Wardle, principal security researcher at Jamf, described an exploit chain that resulted in the delivery of malware to a macOS system using a Microsoft Office document containing macro code. For the exploit to be successful, the victim would simply have to open a document. No alerts are displayed to the victim.

Plundervolt: using CPU voltage modifications to steal data

Researchers from various universities have described Plundervolt, an attack method disclosed last year that leverages CPU voltage modifications to expose data stored using Intel Software Guard Extensions (SGX).

Google’s analysis of zero-day vulnerabilities finds “detection bias”

Google Project Zero has released a report on the vulnerabilities exploited in attacks in 2019, and its researchers have drawn some interesting conclusions regarding the detection of zero-days.

Over 30 vulnerabilities discovered across 20 CMS products

Researchers from GitHub and Micro Focus Fortify have discovered more than 30 vulnerabilities across 20 popular content management systems (CMS). The attacks targeted templates and focused on escaping template sandboxes and achieving remote code execution.

New HTTP request smuggling attacks

A SafeBreach researcher has detailed several new variants of HTTP request smuggling attacks, which apparently still haven’t been fully mitigated, despite the fact that the method has been known for more than a decade.

Bypassing firewalls and NATs with attack on Ethernet cables

Researchers from Armis have shown how malicious actors could leverage packet-in-packet attacks on Ethernet cables to bypass firewalls and NATs. This type of attack has been known for years, but until now it was considered impractical.

BlueRepli attack bypasses Bluetooth authentication on Android phones

Researchers from DBAPPSecurity have disclosed a new Bluetooth attack, named Bluethooth Replicant (BlueRepli), that can be used for stealthy access to Android phones.

More devices affected by Ripple20 vulnerabilities

Researchers from JSOF and Tenable discovered more devices affected by the vulnerabilities dubbed Ripple20. Ripple20 is the name given to 19 security holes affecting the Treck TCP/IP stack, which is used by millions of IoT devices.

Vulnerabilities in Kata Containers

Kata Containers are affected by vulnerabilities that can be exploited to escape a container, break out of the VM and compromise the host, a researcher from Palo Alto Networks has demonstrated.