Defcon security conference is held yearly in Las Vegas and is deemed one of the most successful. The reason for this success is due to the quantity and quality of the presentations as well as the worldwide attendance from the major security companies and researchers across the community.
ProCheckUp recognises the importance of attending such conferences. It allows the team to learn about new cutting edge techniques and ensure the team are at the forefront of those, alongside our competitors. Also, because the conference is attended by many commercial organisations, it gives ProCheckUp the chance to improve our understanding of the core issues facing our customers and those they could face in the future, ultimately helping ProCheckUp provide and promote an improved service.
ProCheckUp has been attending the Defcon security conference for many years. Defcon 21 was held in August 2013 at the Rio hotel and was attended by two members of the team. As in previous years, Defcon appears to be getting bigger and this was demonstrated with the large attendance. The enthusiasm and excitement of this conference was evident in the long registration queues.
Talks ranged from 'How to Hack your Mini Cooper' to 'The Government and UFOs' and 'This Presentation will Self-Destruct in 45 Minutes: A Forensic Deep Dive into Self-Destruction Message Apps'. As intriguing as these sounded, ProCheckUp decided to attend ones slightly more relevant to our customers' needs. The talks which stood out, due to their quality and relevance, included (but was definitely not limited to): 'How to use CSP to Stop XSS', 'Getting the Goods with smbexec', 'Abusing NoSQL Databases', 'PowerPreter: Post Exploitation like a Boss', 'Hacking Wireless Networks of the Future', 'Android Login: Google's Skeleton key', 'DNS has found to be hazardous to your health'.
One of the more impressive talks was 'Adventures in Automative Networks and Control Units' . This talk looked at challenges of hacking cars compared to your typical software. It demonstrated how it was possible to get remote code to execute on the Electronic Control Unit (ECU) via various interfaces such as the Bluetooth interface and the telematics unit. The cars that were used for the research were the Ford Escape and Toyota Prius, both of which were models which were a few years old. In addition to being interesting, this talk was also fun as the guys demonstrated through video how they could control the cars with their laptops to cause the cars to accelerate, brake, control the steering, turn the lights on and off, change the speed to 199 km/h (although the car was stationary), tighten the seat belts and even disable the brakes. Needless to say, that by the time the majority of research had been carried out, the cars were in a state that would definitely not pass an MOT. The guys then went on to discuss implementing a system that can detect these kinds of attacks. This was to detect an increase in the number of CAN (Controller Area Network) packets which indicates that something malicious may be going on as generally, there should only be a significant increase in CAN packets when diagnostics are being performed against the car.
In summary, Defcon 21 was another great experience. It is always good to meet like-minded, interesting people who share a similar passion for security. ProCheckUp would like to say a big thank you to the people who delivered these talks, and we hope to see you again next year!