BlackHat USA 2021: What You Missed?

The Mandalay Bay Convention Center in Las Vegas hosted over 6,000 security executives, analysts, hackers, academics, and government officials from 140 nations; another 14,600 accessed the conference’s digital platform. In its twenty-fourth year, the convention returns after a pandemic-caused hiatus with a unique hybrid experience. Even with low participation, security professionals are eager to meet each other and learn about the latest cybersecurity research, threats, trends, and technologies. 

It is one of the world’s biggest security conferences, attracting hundreds of thousands of security specialists and researchers every year. Likewise, this year was no different. One of the most significant differences between Black Hat 2020 and Black Hat 2021 was that attendees attended the event in-person or online. A majority of participants chose to stay home. A conference was held in Las Vegas from July 31 to August 5, 2021. Unlike previous years, Black Hat 2021 also featured three keynote presentations. Before this year, there had only been one keynote address, but now there were three. 

In this blog, we’ll go over seven stunning facts from Black Hat 2021 that made our jaw drop. 

We Learned 7 Amazing Things at Black Hat USA 2021 

Below are the seven highlights of the Black Hat 2021 Conference; 

1. Your Browser Is Your Most Recent Foe 

Although mobile apps and websites are two distinct entities, experts are attempting to merge the two. To accomplish this, they’ve created a system that allows them to make the web behave more like an app by giving them access to your device’s data. For this, they employed a file system access API. It has advantages and limitations, just like any other technology. The issue is that your web browser has begun to meddle with your device’s files. Individuals and corporations may face significant security risks as a result of this. 

2. The Messenger You Are Using Is Spying on You 

Natalie Silvanovich was enthralled by a FaceTime issue that allowed hackers to listen in on a targeted user’s phone. This got her thinking, and she began looking into other instant messaging networks for similar flaws. She examined how many instant messaging platforms handle WebRTC and discovered that issues like this are frequent. She found comparable flaws in major messaging apps like Facebook Messenger and Signal. Many people believe their chats are private when they speak using an instant messaging network; this was a surprise. 

3. Your Router Is Disseminating Private Data 

When you sign up for an internet subscription, most ISPs provide you a router or modem. Surprisingly, your location data is leaked by those routers and modems. That’s right, you read correctly. Rob Beverly and Erik Rye did extensive data fusion research. They discovered that some low-end routers had an unsecured IPv6 address, allowing attackers to track them within a 50-meter radius. This is the moment to change your router if you’re still using an outdated or low-end one. 

4. Passwordless Authentication Isn’t As Safe As It May Appear 

Passwords have a terrible reputation in cybersecurity circles because hackers may easily steal or guess them using various approaches. That’s why most cybersecurity experts recommend ditching passwords in favor of a more secure user authentication approach like biometrics or passwordless authentication. 

Regrettably, that is no longer the case. Omar Tsarfati demonstrated how the Windows Hello passwordless login function might be easily hacked at Black Hat 2021. He built a false camera and fed it pre-recorded video footage, easily fooling passwordless authentication and sending shockwaves throughout the passwordless authentication community. 

5. You’re Being Followed 

If you follow cybersecurity, you may have heard of spyware, ransomware, or adware, but have you heard of stalkerware? I’m guessing most of you haven’t heard of it. Worst of all, stalkerware is more common than you might believe. They can be found in various places, including parental control apps, find my device apps and even IoT gadgets. 

You should be cautious if you currently utilize such apps or have integrated the internet of things in your firm. “It is a symptom of a much wider problem of intimate relationship violence,” Lodrina Cherne and Martjin Grooten say. 

6. macOS Has Its Privacy Issues 

When it comes to security, macOS has a significant advantage over Windows. Hackers may bypass Windows-based systems and use platform weaknesses to achieve their evil goals, but this is not the case with Mac operating systems. That is why the majority of people regard MacOS to be a safer operating system than Windows. 

When security researchers Wojciech Regua and Csaba Fitzl presented the outcomes of their investigation at Black Hat USA 2021, this perception was tarnished. They revealed 20 distinct techniques to get beyond MacOS’s privacy safeguards. Furthermore, they could get permission through various methods, demonstrating that even the most secure platforms might have flaws. 

7. Code Execution from A Remote Location Using the 5G Network 

These days, 5G is all the rage. Carriers are actively installing infrastructure, while smartphone manufacturers are rapidly developing 5G devices. There’s no doubting that 5G has several benefits over its predecessor, one of which is security. Regrettably, this is not the case. 

At Black Hat USA 2021, security researchers Marco Grassi and Xingyu Chen revealed how an attacker could acquire remote code execution access to a 5G baseband. Furthermore, international mobile subscriber identity catcher assaults can compromise 5G connectivity. IMSI catchers are cellular base stations that can connect to neighboring devices. Cybercriminals may be able to target more people and possibly intercept their data as a result of this. 

Conclusion 

There are too many Black Hat highlights to list, including AWS vulnerabilities, breaking network segmentation, developing diverse security teams, and more, not to mention all of the tools and products on display. While the Business Hall had a vague sense of emptiness and the typical swag had been replaced by hand sanitizer and face masks, the atmosphere of cooperation was strong.  

Black Hat continues to provide essential insight into our community’s maturity, the difficulties we face, and how we can work together to overcome them, regardless of how it is presented—virtually, in person, or as a hybrid event. Like every year, Black Hat gave great opportunities for lead generations and honest business. Trade Shows are the most exciting approach to meet business minds. To visit our Trade Show, search here.  

Which revelation at Black Hat USA 2021 surprised you the most? Please share your thoughts in the comments box below. 

By Robin Barhydt, Senior Account Executive