• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Cyberhacks: Concentrating on the good

January 9, 2017 by Secure360 and UMSA

robot shaking hands with human

Copyright:123rf

Cyberhacks and attacks are typically talked about with negative connotations, but not all cyberhacks are bad news.

Security researchers are constantly on the lookout for “good hacks” that will help them better understand the bad guys and beef up security on current technology and devices. Lightbulb and ‘do-gooder’ worms, machines replacing humans to hack other machines and high-speed car hacking were among the most innovative white-hat hacks that happened in 2016

MouseJack attack finds vulnerabilities with non-Bluetooth wireless mice

With a $15 dongle, researchers at Bastille were able to sniff traffic from PCs, Macs, and Linux machines that use non-Bluetooth wireless mice and keyboards, thanks to the unencrypted communications employed by seven different wireless dongle vendors. This “MouseJack” attack exploited nine vulnerabilities across devices from Logitech, Dell, HP, Lenovo, Microsoft, Gigabyte, and AmazonBasics. The researchers could take control of the input devices and ultimately infiltrate the machines and their networks from over 300 feet away from the victim’s machine.

MouseJack exploits wireless proprietary protocols that operate in the 2.4GHz ISM band and don’t encrypt communications between a wireless mouse and its dongle. An attacker then could spoof a mouse and insert his own clicks and inputs to the dongle, and generate keystrokes instead of mouse clicks on the victim’s computer.

The lights-out worm

While there was talk of hackers attacking power companies, researchers realized all it takes is one “smart” lightbulb rigged with a worm to spread to nearby lights within minutes. At Black Hat USA this summer, researcher Colin O’Flynn outlined work he and fellow researchers Eyal Ronen, Adi Shamir, and Achi-Or Weingarten conducted with the Philips Hue smart lighting system to demonstrate how a worm could be unleashed to turn out (or on) the lights in a city or local area or even to wage a distributed denial-of-service attack.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity,” the researchers wrote in a research paper. They were able to show how plugging in just one infected bulb anywhere in a city using the smart lights could then spread to adjacent lights throughout the city.

Who needs humans? We’ve got machines hacking machines

DARPA hosted a contest at DEF CON this year: the first-ever all-machine “capture the flag” contest. Researchers brought their hacking machines to go into a live forum against the contest’s testbed of challenges as well as their opponents’ machines.

The Cyber Grand Challenge featured high-performance autonomous systems that were tasked with finding and fixing security flaws in the contest’s air-gapped network. Seven teams associated mainly with various universities for 12 hours watched their machines reverse-engineer binary software, write new intrusion detection system signatures to protect themselves from opposing teams, and patch and defend their own machines. Six of the seven machines patched the contest’s SQL Slammer flaw/flag, and six of the seven did the same with Heartbleed all within a matter of minutes.

These “good hacks” are beneficial to the security industry, allowing researchers and infosec professionals to better understand flaws within current systems and technologies and how to prevent future cyber attacks. Here is the look at the biggest bad hacks and attacks of 2016.

Filed Under: Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 11 hours ago

  2. Scott Sutherland
    Scott Sutherland: For those who missed it, here's a video of the "Building Ransomware Detections" presentation I gave @Secure360 last… https://t.co/DkjNZnCfRw
    about 17 hours ago

  3. 🟣Tyler Cohen Wood
    🟣Tyler Cohen Wood: @HaroldSinnott @Secure360 Thank you, @HaroldSinnott!
    about 1 day ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.