Unveiling the Latest Security Research Highlights from Black Hat and Def Con Conferences
Thousands of hackers, researchers, and security professionals gathered at the Black Hat and Def Con security conferences in Las Vegas for a week of sharing cutting-edge research, hacks, and knowledge. TechCrunch was there to cover the shows and bring you the latest updates.
CrowdStrike took the spotlight, receiving an "epic fail" award after a buggy software update caused a global IT outage. Despite the mishap, hackers and researchers were willing to forgive but not forget.
Let's delve into some of the standout research from the conferences that may have flown under your radar.
### Hacking Ecovac Robots for Spying Purposes
Researchers at Def Con demonstrated how they could hijack Ecovacs home robots to spy on their owners through the onboard microphone and camera. Unfortunately, Ecovacs did not respond to the researchers' findings, leaving the vulnerabilities unaddressed.
### Infiltrating the LockBit Ransomware Network
Security researcher Jon DiMaggio embarked on a mission to expose the ringleader of the LockBit ransomware gang. Through meticulous open-source intelligence gathering, DiMaggio uncovered the identity of the hacker, Dmitry Khoroshev, before federal agents could publicly name him.
### Laser Microphone to Intercept Keyboard Taps
Hacker Samy Kamkar showcased a novel technique at Def Con that uses an invisible laser to detect keystrokes from a laptop's keyboard through a nearby window. This method capitalizes on the subtle acoustics generated by typing on a computer.
### Manipulating Microsoft Copilot with Prompt Injections
Zenity's CTO, Michael Bargury, revealed a prompt injection technique that exploits Microsoft's AI-powered chatbot, Copilot. By manipulating Copilot's prompts, attackers can extract sensitive information, such as bank account numbers, to deceive unsuspecting users.
### Foiling Ransomware Gangs with Flaws in Leak Sites
Security researcher Vangelis Stykas identified vulnerabilities in the web infrastructure of ransomware gangs like Mallox, BlackCat, and Everest. By exploiting these flaws, Stykas was able to obtain decryption keys for two companies and alert four others, ultimately saving six companies from hefty ransoms.
In conclusion, these revelations from the Black Hat and Def Con conferences shed light on the evolving landscape of cybersecurity threats and the innovative tactics employed by researchers and hackers. It serves as a stark reminder of the importance of staying vigilant and proactive in safeguarding our digital assets and personal information.