The world’s leading information security events, Black Hat USA and DEF CON, are happening next week in Las Vegas. In its 20th year, Black Hat will bring over 15,000 IT and security pros together to discuss the latest information security research, development and trends. Among these attendees, you will find academics, researchers, as well as leaders in the public and private sectors addressing the security community needs.
While Black Hat’s corporate appeal means it is generally safer than DEF CON, it’s always smart to practice good habits while in the company of hackers, many of whom are looking to demonstrate their skills. Here are my top tips for the average attendee to consider in order to stay safe and secure at this year’s Black Hat and DEF CON events:
Don’t take the bait
Over the past two years, businesses have cited phishing attacks as the most common threat they faced. Beware of falling victim to tried-and-true tactics such as phishing. Watch out for standard phishing attempts, especially those that may resemble Outlook Web Access (OWA) or other login pages you typically use for work.
Goodbye, Wi-Fi
You’re going to a hacker conference … think twice before using public Wi-Fi. While the official network at the Mandalay Bay is presumed secure, public networks in the venue or surrounding area are a definite no-go. Potentially millions of Android and iOS devices are particularly vulnerable this year due to a recently revealed bug called Broadpwn in the ubiquitous Broadcom Wi-Fi chipsets. Google has released a patch as part of its July 2017 Android Security Bulletin, so verify that your Android device is indeed running the most-recent Android security patch level dated July 5, 2017.
The same goes for other data connections on your mobile devices such as Bluetooth and NFC. Consider putting your device in airplane mode or powering down while attending sessions at either event. Stick to your cell provider’s 4G network if you must be online while you’re on the show floors. It’s also a good idea to keep these connections off on the flight to Las Vegas, also.
Protect your plastic
RFID scanners were once a common threat at Black Hat, able to pull data off credit cards at range, even those left inside a wallet. Thankfully, most credit cards are now equipped with a chip that must be inserted for the card to function, eliminating the vulnerability posed by RFIDs. Double check your credit cards to insure they are indeed using an EMV chip, and if they aren’t, call your bank for a replacement (and definitely don’t bring them to Black Hat).
Remember, some items such as passports and employee badges are still using RFID chips. These should be left secured in your hotel room or kept in special RFID-proof sleeves. Also, don’t forget to thoroughly inspect ATMs in and around the event venue. Card skimmers will likely abound on the Vegas Strip throughout Black Hat and DEF CON.
Ahoy, Bus Pirates
When piloting the show floors, you may see people showing off hacking devices known as ‘bus pirates.’ These flexible multi-tools allow hackers to interface with a large range of electronic devices using common protocols such as I²C, SPI, and MIDI. For obvious reasons, don’t allow one of these tools to be demonstrated on your device(s). The same goes for the seemingly innocuous hardware, too. You may be compelled to use the charging stations or those free USB drives being given out as takeaway gifts, but just say no. Malware can be downloaded through these connections.
All Devices Left Behind
A safe rule of thumb: avoid bringing any unnecessary devices to Black Hat. This goes for smart watches, fitness trackers, and, yes, even your car. Hackers at nearby DEF CON are known to sell signal repeaters that can replicate the frequency from wireless key fobs to unlock and even start up vehicles.
Join us in winning the fight against advanced cyber attacks and modern malware. To learn more about Webroot and beyond, visit www.webroot.com/blackhat and follow us on Twitter. We look forward to seeing you at Black Hat 2017.
Thanks for saving me the time of answering this question 100 times this year! Already shared it on LinkedIn.
Awesome post thank you for sharing