Black Hat Las Vegas

Key exploit

Mozilla software developer Cody Brocious demonstrated a homebrewed device made for US$50 that unlocks electronic hotel room doors secured with key cards. However, Brocious’s device works only on locks made by Onity, and it works about 33 per cent of the time.

Counterfeit eyes

Think iris scanning is secure? Researchers from a university in Madrid showed how they could create a lifelike image of the iris of a person’s eye. In tests against a top commercial recognition system, the iris scanner was fooled 80 per cent of the time. Images of fake irises have been created in the past, but this is the first time the iris of an actual person has been duplicated from data gathered about the organ.

Evading the Bouncer

When Google introduced Bouncer to its online app store, GooglePlay, it was believed the technology would go a long way toward cleaning up apps there infected with malware. But Trustwave demonstrated how, through the use of sophisticated masking techniques, it was able to slip a pernicious app under Bouncer’s radar and remain camped in GooglePlay for two weeks before the researchers took it down.

A trojan in the cards

A pair of researchers demonstrated a payment card they designed that can infect a point of payment terminal when it was swiped by the device. The card planted on the terminal a Trojan that collected credit card information and PIN numbers entered into the device. That information could be later extracted from the terminal with another malicious card.


Near Field Communications (also called tap-and-pay) was shown to be vulnerable by Accuvant researcher Charlie Miller, who demonstrated how a tag embedded with an NFC chip could be used to compromise the information in an Android phone simply by brushing against it.

Dubious achievement

Finally, among the Pwnie Awards for dubious achievement went to the unknown creators of the Flame software who developed a scheme that used Windows Update to deliver malware to PCs. The authors of Flame did not accept their award when it was announced.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News