Every August, the hacker community gathers in Las Vegas for one of the industry’s most well-known conferences, Black Hat. Black Hat has become something of a spectacle both inside and outside of the talks, with dramatic presentations and vendor marketing teams all vying for the flashiest parties, promotions, and giveaways. It’s fitting that it takes place in Vegas.
But the conference isn’t all fun and games. Since its inception in 1997, researchers have exposed weaknesses in mobile devices, connected vehicles, the electronic locks on your hotel room – even the local ATM. This year, the hype machine is once again in full swing in advance of a presentation on hacking an airplane.
So if you are planning to attend this year’s show or are watching from the sidelines, here is what you need to know:
Despite its commercialization over the years, the conference still brings together some the best and brightest minds within the infosec community. The research, training, and networking events are a great way to get a sense of the industry. Attendees and outside observers can learn about new research, emerging threats, and vulnerabilities, and get up to speed on security products and services.
The levels of paranoia surrounding the event are as diverse as the infosec community itself. While there are certainly skilled hackers with various motives for gaining access to your devices and data, many attendees will tell you that bringing a burner phone and swearing off internet access may be overkill.
Here are tips to keep your data and devices safe while at the conference:
♦ Everything is connected, therefore everything is vulnerable. Take some time to harden your personal devices against unauthorized access before and during the show: turn off Bluetooth and near-field communications (NFC, used for mobile payments like Google Pay and Apple Pay), and ensure you’re running the latest software before heading to Las Vegas; do not accept any software or carrier updates while at the show.
♦ Do not connect to Wi-Fi in public areas or the hotel properties. Opt for mobile tethering instead.
♦ Finders, Keepers: keep your devices on your person at all times!
♦ Use cash wherever possible. If you need to use plastic, stick to a single credit card so you can monitor your account and minimize collateral damage from compromised point of sale systems.
♦ If you need to send any information at all while at the conference, use a VPN to keep your communications private.
♦ Faraday bags and RFID-blocking wallets are your friends and worth the investment.
Mark Orlando is a Black Hat veteran and Chief Technology Officer for Raytheon’s Cyber Protection Solutions. The conference takes place from August 4-9, 2018 at the Mandalay Bay Hotel in Las Vegas, Nevada. August 4-7 are reserved for technical training and the main conference events are August 8 and 9.