According to reports from the 2016 Black Hat conference, the event is as cheeky as ever. This was the 19th year for the gathering of IT security experts, who come together to introduce and test information-security methods. Hijinks ensued, as always (witness the mischief).
But it wasn’t all fun and games. A number of forward-thinking security experts provided briefings about emerging threats and solutions.
CRN magazine has a slideshow of the top risks, which cover everything from software for the sharing economy to programs for mobile payment. It’s worth a read. As for the threats that you as a network-technology professional might need to prioritize, consider these three eye-openers:
Software-defined networking: too soft
Ph.D. students and researchers have discovered a way to break into common implementations of software-defined networking (SDN), which is touted as the next level up in network management.
While SDN is supposed to make it easier for organizations to optimize their networks for data-transfer speed and uptime, the demonstration team at the conference pointed out that when compromised, SDN slows the network down and exposes the information crossing it, leaving data vulnerable to snoops.
The researchers also demonstrated a solution: the Open Network Operating System (ONOS) in security mode. ONOS is an emerging operating system specially designed for SDN environments.
Internet telephony? Seriously?
Voice-over-IP (VoIP) is not new, so it’s surprising to see it on the conference’s list of hackable technologies. Haven’t we patched all the holes by now? Nope. Risks linked to botnets and toll fraud remain, and the underpinning IP Multimedia Subsystem (IPMS) technology is still vulnerable in certain situations.
That’s not all: As organizations eye cloud VoIP services as a way to save costs and operate more efficiently, hackers see unprotected VoIP systems in the cloud as a way to infiltrate a number of organizations’ networks in one shot.
Businesses that run VoIP systems — whether for themselves or for other entities — should test their communication platforms regularly to identify and patch vulnerabilities.
Mobile networking: a moving threat
Enterprise mobile security systems are supposed to protect networks from mobile-connection vulnerabilities. But Vantage Point Security senior consultant Vincent Tan showed his Black Hat session that enterprise mobile security systems could themselves be hacked.
Tan also introduced Swizzler, a penetration test system that allows organizations to look for and close holes in their enterprise mobility platforms.
Although Black Hat conference attendees apparently make a game of IT security, their work obviously has a serious purpose: it helps people and organizations protect their information from thieves, blackmailers and other jerks.
But, honestly, sometimes these protective efforts seem pointless. As The Guardian points out, many people are becoming more wary of the web, what with cyber criminals, cyber bullies and digital spies trawling the global network.
“Add up all these factors, and the question becomes not why many consumers are losing confidence in the Internet, but whether they should have any confidence at all,” writes reporter Dan Tynan. He goes on to show that most users aren’t especially IT-security savvy — and that the call to pay close attention to technology protection is louder than ever.
Given this disconnect, the work of researchers like Tan and others who presented during this year’s Black Hat conference is far from pointless. It’s crucial. They show us the vulnerabilities. It’s up to all of us — including consumers and IT decision makers — to consider the best ways to respond.