E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


HACKERS CONVENE TO FIND MOBILE SECURITY FLAWS

Source: NPR

Posted on August 30, 2012

Last month thousands of hackers - computer security researchers, government recruiters, spooks and cyberpunks - descended on Las Vegas for the annual summer hacker convention.

Hosted by organizations called Black Hat and Defcon, these events are known for their elaborate, though often crude, computer pranks. The convention's actual purpose, however, is pretty serious.

Stephen Ridley, an independent security consultant, says almost every aspect of our lives today is touched by computers and machines that speak in ones and zeroes, and most of us don't understand how they work.

"I am of the mind that people who do have this knowledge are actively exploiting these things now," he says.

Ridley says the hackers in Las Vegas who are taking this stuff apart and poking holes in products we depend on are kind of like the investigative reporters of the digital age. He says their goal is to expose problems before criminals can find them and take advantage.

"The more that this is out in the open, the more you can have skilled people chose what side of the fence they want to be on," he says. "I believe in kind of the goodness of human nature."

If you don't know where the problems are, no one can fix them. This year's conference includes talks on how to hack the air traffic control system and how to break open your mobile phone.

"When I'm sleeping [my mobile phone] is on my nightstand; when I am traveling around it's in my pocket," says Nicholas Percoco, an ethical hacker and security researcher. "So the ability to do things to a mobile phone becomes even more enticing to a criminal."

In a couple of ways, mobile phones are inherently vulnerable. They connect with other networks in all kinds of ways and some have payment systems that use near-field communication, or NFC, chips. These chips let you wave you phone near an NFC reader, your phone connects and you can pay.

Charlie Miller, a researcher at Accuvant, realized he could use those chips to break a phone wide open. For this hack to work, Miller just has to be standing next to you. "So now I can do things like read all the files," Miller says.

That is one of just half a dozen mobile hacks unveiled at the convention this week. Percoco figured out how to slip past Google's bouncer, the system that polices Android's app store. Ridley and his partner figured out how to attack the computer chips that run pretty much every mobile phone.

"By clicking on a link we took over their phone, basically," Ridley says.

Ridley's been giving a how-to course on this attack all over the country and his customers include some of the biggest cellphone makers in the world. After Percoco figured out how to beat up on Google's bouncer, his first call was to Google.

"Google is a great organization to work with, they want to learn," he says. Google says it's already made a fix.

Still, the relationship between hackers and big companies has not always been so cozy. Miller got so tired of firms fixing the problems he pointed out without so much as a thank you note, last year he publicly went on strike and vowed not to reveal his attacks until firms agreed to pay.

Now, companies sponsor contests where they pay hackers up to $100,000 to break into their products. Miller, who has two kids and college funds to think about, is already hard at work.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.