Black Hat USA 2012

Share:

Black_Hat(1)This last week I was able to attend the Black Hat USA conference in Las Vegas.  As a matter of information, Black Hat is a premier security conference that occurs, not just in the USA, but globally as well, with annual events in Abu Dhabi, Barcelona, Las Vegas and Washington DC.  The term black hat or a black hat hacker refers to someone who violates computer security for maliciousness or personal gain.  The Black Hat conferences, correspondingly target the hacker community and focus heavily on computer security as it relates to hacking and exploits.   These conferences are attended by thousands of computer and security professionals, individuals, businesses and government agencies. (I spoke to people from the DOJ and Defense Department while I was there.)  All are there to learn what’s new in the world of hacking and cyber threats.

I was able to be there because the Cloud Security Alliance had invited me to represent them at their booth at the conference as the SME Council co-chair for the CSA.   This was a great opportunity to meet other CSA corporate members and to talk to people who are interested and concerned about cloud security.  When I was not at the booth, I was attending the conference.  I would like to relate my impressions relative to a one of those sessions.  The session was presented by Charlie Miller, a man with a PhD in Mathematics and well known in the hacker community.  In his presentation he documented his efforts to hack the Android powered Nexus S and Nokia 9 smart phones using Near Field Communications technology or NFC (RFID).  This is a technology that allows information to be exchanged and transactions to be performed simply by having an NFC enabled device come in close proximity (less than 4 cm) to one of these NFC chips.   Over the course of nine months he was able to build a test environment, conducting literally tens of thousands of tests and ultimately hacking into these phones.  In his presentation, he demonstrated his ability to take over a phone, enable its Bluetooth and then upload or download  files to and/or from the phone and even to place calls, simply by placing the phone near one of his ‘virus enhanced’ NFC chips.

This presentation impressed me in a couple of ways.  First, the tremendous resources and ingenuity that are being applied daily in a non-stop assault against the security of our technology and second, how our paradigms can impair our judgment when it comes to security.  In this case, the assumption that if the device is in our possession and no one touches it, it’s going to be safe.  While it’s true that you do have to be close to activate an NFC device, Charlie Miller clearly demonstrated that this is not a guaranteed security counter measure.  (There are other threats than can target your phone from a distance, even while it’s in your pocket- read about the Bluetooth Sniper Rifle.)   This demonstration served to highlight the importance of constantly assessing operational security and of thinking out of the box when it comes to identifying where threats can come from.     

inContact’s goal is to service its customers by being the leader in the SaaS contact center services industry.   An important part of that effort includes being a leader in the cloud security space, understanding where those threats are and addressing them.  If you have questions about inContact and its operational and security controls, please contact your account manager and ask to speak to our Trust Department.  We are always happy to work with our customers to create the best solution possible for their services.