Filed Under:

Hackers Convene To Find Mobile Security Flaws

Play associated audio

This week thousands of hackers — computer security researchers, government recruiters, spooks and cyberpunks — descended on Las Vegas for the annual summer hacker convention.

Hosted by organizations called Black Hat and Defcon, these events are known for their elaborate, though often crude, computer pranks. The convention's actual purpose, however, is pretty serious.

Stephen Ridley, an independent security consultant, says almost every aspect of our lives today is touched by computers and machines that speak in ones and zeroes, and most of us don't understand how they work.

"I am of the mind that people who do have this knowledge are actively exploiting these things now," he says.

Ridley says the hackers in Las Vegas who are taking this stuff apart and poking holes in products we depend on are kind of like the investigative reporters of the digital age. He says their goal is to expose problems before criminals can find them and take advantage.

"The more that this is out in the open, the more you can have skilled people chose what side of the fence they want to be on," he says. "I believe in kind of the goodness of human nature."

If you don't know where the problems are, no one can fix them. This year's conference includes talks on how to hack the air traffic control system and how to break open your mobile phone.

"When I'm sleeping [my mobile phone] is on my nightstand; when I am traveling around it's in my pocket," says Nicholas Percoco, an ethical hacker and security researcher. "So the ability to do things to a mobile phone becomes even more enticing to a criminal."

In a couple of ways, mobile phones are inherently vulnerable. They connect with other networks in all kinds of ways and some have payment systems that use near-field communication, or NFC, chips. These chips let you wave you phone near an NFC reader, your phone connects and you can pay.

Charlie Miller, a researcher at Accuvant, realized he could use those chips to break a phone wide open. For this hack to work, Miller just has to be standing next to you.

"So now I can do things like read all the files," Miller says.

That is one of just half a dozen mobile hacks unveiled at the convention this week. Percoco figured out how to slip past Google's bouncer, the system that polices Android's app store. Ridley and his partner figured out how to attack the computer chips that run pretty much every mobile phone.

"By clicking on a link we took over their phone, basically," Ridley says.

Ridley's been giving a how-to course on this attack all over the country and his customers include some of the biggest cellphone makers in the world. After Percoco figured out how to beat up on Google's bouncer, his first call was to Google.

"Google is a great organization to work with, they want to learn," he says. Google says it's already made a fix.

Still, the relationship between hackers and big companies has not always been so cozy. Miller got so tired of firms fixing the problems he pointed out without so much as a thank you note, last year he publicly went on strike and vowed not to reveal his attacks until firms agreed to pay.

Now, companies sponsor contests where they pay hackers up to $100,000 to break into their products. Miller, who has two kids and college funds to think about, is already hard at work.

Copyright 2012 National Public Radio. To see more, visit http://www.npr.org/.

WAMU 88.5

Art Beat With Lauren Landau, Aug. 31, 2015

You can see a play about a brother and sister on a European journey or see a classic comedy with a gender-bending twist.

WAMU 88.5

Virginia Man Turning Waste Heat Into Rooftop Greenhouses

How can the U.S. improve food security? One Charlottesville native is pioneering the construction of greenhouses on buildings to take advantage of their waste heat.

WAMU 88.5

America's Tolerance For Gun Violence

There are more gun-related deaths in America than in any other industrialized nation. We discuss what makes the U.S. different and why some hold out hope that change is possible.

NPR

China Arrests Nearly 200 Over 'Online Rumors'

The rumors ranged from a man leaping to his death in Beijing over stock losses to highly inflated death tolls in the Tianjin industrial blasts.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.