What to Expect at Black Hat 2020
At Black Hat, security researchers, hackers, and members of the press get together to exchange the latest discoveries in the security field. This year, there’s no getting together, though—just virtual sessions. Will it still fly?
By Neil J. Rubenking & Max Eddy
Security researchers can be a lonely crew. They sit in their labs or basements thinking deep thoughts, probing devices and networks, and coming up with new insights into ways the bad guys could compromise security. Once a year, they come out of their lairs, blink a few times, and hop a plane to the Black Hat conference in Las Vegas. Here, they may briefly become celebrities, expounding their discoveries to a room full of kindred spirits.
Hardcore hackers stay on for DEF CON, one of the world’s largest and oldest hacker conventions. DEF CON badges are typically puzzle-oriented, and require multiple attendees to get together for a solution. One year, badges consisted of several kinds of circuit boards that had to be combined and activated to reveal the next clue.
Everything is different this year. DEF CON attendees still get a puzzle-oriented badge, but there won’t be any in-person hooking up of circuit-board badges. Security luminaries will still present brilliant work, but remotely. Some of us will even miss the experience of surfing the convention center hallways to get to the next session, which is always as far away as possible. Without that in-person camaraderie, it’s hard to say what Black Hat will be like. But as always, we expect to be amazed and horrified by some of the revelations that come out this week.
Election Insecurity
While Black Hat lasts a week, most of that time is devoted to training sessions that help researchers hone their skills. The two days of Black Hat briefings, open to the press and others, are where the latest revelations come to light. Each day has a keynote, and both keynotes relate to election security.
That’s completely understandable with a momentous election coming up, and a global pandemic pushing districts toward alternatives to in-person voting. The Wednesday keynote seeks to explore and clarify what we can do to protect the technology that manages our voting.
Even if every vote cast gets recorded correctly, technology can interfere with the process by aiding and abetting providers of disinformation. If hundreds of bots repeat the same lie, some people will believe it. And those believers just amplify the propaganda. What can be done? The Thursday keynote promises to clarify the way manipulators hack public opinion, and to call on Black Hat attendees as defenders of democracy.
There are other sessions focused on the election. One specifically turns the microscope on what we’ve learned from a decade of Russian hacking. Another focuses on the use of machine learning to generate believable synthetic media (aka fake news). And a third aims to organize disclosure of bugs in voting machines, so we at least know when there’s a problem.
The Human Factor
There’s an old saying that the most dangerous component of an automobile is the nut behind the wheel. The very best security technologies in the world can’t help if a slick hacker tricks an innocent employee into opening the locks. Over the last few years, more and more Black Hat sessions have taken aim at human problems, to the point where it now has its own track.
Sessions include a cautionary tale the presenter says was inspired by an episode of Black Mirror. Nothing supernatural here, but he did create a virtual clone that could successfully impersonate him in video conversations. The session promises to teach attendees how to do the same. We can’t wait!
You’ve probably experienced workplace training designed to help everyone spot phishing frauds in email. And you’ve probably seen that it just doesn’t work. Attendees will hear from researchers who attempt to look at the problem differently, to avoid assuming that giving employees information is sufficient to change their behavior. In effect, they’re hacking social behaviors to protect us all.
From Innards to Outer Space
As always, the information presented at Black Hat can cover just about any topic from a security viewpoint. One session explores the possibility of compromising a secure facility using an implanted device such as a pacemaker. Another reveals ways hackers could eavesdrop on sensitive communications sent to satellites. There’s even a session that suggests ethical hacking can get you arrested. The abstract suggests that the authors were hired to do a “red team” test (meaning they should attempt to break security) and wound up arrested for a felony.
It’s tough to guess how Black Hat will go down this year. We’ve never experienced it except as an exciting place to meet and interact with all elements of the security industry. The after-hours receptions and parties have been great places to pick up information that a source might not mention in an official meeting. And all that in-person excitement is gone, leaving just the sessions. We’ll see if they’re enough to carry the Black Hat torch this year.
How to Watch Black Hat 2020 Sessions
Black Hat sessions won’t be live-streamed. Full-week attendees spend a goodly sum for their trainings, and get to relax a bit when the briefings come around. Press and others who come just for the briefings still have to register. Just because there isn’t a security guard checking your badge doesn’t mean you can virtually walk right in.
However, once the conference concludes, the Black Hat team make the presentations available for viewing on the Black Hat YouTube Channel.
Originally published at https://www.pcmag.com.
