GRAND RAPIDS – LED Lights marked the Speakers badges fueled by a tiny Arduino chip. Wireless hacking stations made you scared to get on any Wi-Fi service. You have no idea who to trust at GRRCon, the third annual Midwest IT Hacker Con, which began Thursday.
Day one was packed full of events, including four different speaker rooms, a sprawling vendor area, and many games throughout the day that awarded prizes. Another part of GRRCon was demos as well as hands-on lock picking challenges.
David Schwartzberg from Barracuda Networks spent some time demonstrating a ZitMo Command and Control takeover on a Samsung Mobile Device that didn’t require a special hack. Like many mobile devices, there are vulnerabilities embedded in the device. It only requires the user to install an application, which can be done through social engineering or incentives. From the infected device, the host application appeared as an Android security suite, which seemed like it was actually protecting the phone. The malware then continues to do SMS interception and redirection to any third party phone in the world. The risk here is that more service are using SMS based authentication codes for banking, email account verification, password resets and more. Once they have the content of a text message containing a valuable payload, then they can use it as they wish.
“One less talked about security awareness tip is that people shouldn’t scan QR codes or NFC tags without validating code tag data,” Schwartzberg said. ?There are tools available for this kind of validation. He also gave a great reminder for everyone that “if it feels wrong, it probably is? – another reminder of computer vulnerabilities during a security conference.
Kellman Meghu from Checkpoint demonstrated and then shared results from running a firewall at his home in a presentation called Weaponized Security. He used it to playfully poke at typical internet traffic found in most homes, while also posing the question of privacy to the audience. The way he used the firewall reports with the comical analysis of his two children and his wife?s Internet habits, which kept the attention of the crowd.
Imagine learning about ways to improve your organization’s security operational and functional capabilities by examining the laws of mother nature. That’s how veteran security consultant Rockie Brockway took a different approach of analyzing how companies are handling the changing security trends today. He referenced a book called Learning from the Octopus and he said, “Organic competition that leads to cooperation is helpful for organizations, just as organisms evolve and adapt in nature.”
The day ended with a heated game of Family Feud – Hacker Style. The teams competed to see who had the most security knowledge. The winner was The team that won was called MiChiSec and it’s a combination of the Michigan and Chicago security communities. Second place was the Hamburger Keyboard team.
Nicole Johnson is a contributing editor at MITechNews.Com. If you have a security story for her, you can email at [email protected]
