When computers help you shoot, hackers can help you miss
Computer-assisted rifles are scary, but remotely hacking into one and forcing the shooter to miss his target or potentially to hit something else is even scarier. That's what security researchers Runa Sandvik and Michael Auger did with a TP750 rifle and scope made by precision guided firearm manufacturer TrackingPoint, which they attacked over the gun's built-in Wi-Fi access point.
Their hack, which was presented at both Black Hat and DEF CON, prompted a response from the manufacturer that amused many attendees: "Since your gun does not have the ability to connect to the Internet, the gun can only be compromised if the hacker is actually physically with you. You can continue to use Wi-Fi (to download photos or connect to ShotView) if you are confident no hackers are within 100 feet."
Pass the hash... on the Internet
SMB relay, the network version of a long-time hacker favorite attack called "pass the hash," was believed only to work inside Windows networks. Security researchers Jonathan Brossard and Hormazd Billimoria found that that's not actually true and that an attacker can harvest Active Directory NTLM (NT LAN Manager) credentials from the Internet by simply tricking a user to visit a Web page in Internet Explorer, open an email in Microsoft Outlook or play a video file in Windows Media Player.
SMB Relay involves using man-in-the-middle techniques to capture authentication requests from a Windows computer to a server and then relay those requests back to the server in order to be authenticated as the user. The requests include a cryptographic hash derived from the user's password that can be cracked with some special hardware in some cases. However, in most cases the hash can be used as is, to impersonate users.
Brossard and Billimoria showed that they can pull off the same attack against cloud-hosted Exchange, Sharepoint and other Windows-based servers by using a relatively new feature called NTLM over HTTP. The issue stems from a system DLL that automatically sends the credentials to a remote SMB server even when an Internet Explorer option is set to only send credentials to the local network.
Your car didn't unlock on the first try? You might have just been hacked
You can always count on serial hacker Samy Kamkar to have some tricks up his sleeve. Earlier this year he converted a wireless texting toy for girls into a tool that could unlock fixed code garage doors in seconds. At DEF CON he took that further and showed off a device that can open any car or garage door that relies on the more secure rolling codes.
Sign up for MIS Asia eNewsletters.