Black Hat 2020, for the first time, was a virtual event due to COVID-19. Out of the many topics, the most prevalent were election security and the worldwide pandemic.
Black Hat started off with their opening keynote, Stress-Testing Democracy: Election Integrity During a Global Pandemic. Hosted by Matt Blaze, a Georgetown University security researcher, this keynote provided relevant insight into the vulnerabilities of the upcoming election process. Instead of focusing on securing the voting machines themselves, most presentations were based on the security of the online and mail-in voting processes. As the country shifts over to new forms of voting, “our confidence in the [election] outcome increasingly depends on the mechanisms that we use to vote.”, stated Matt Blaze. This lack of confidence that currently exists is merited as also stated that, “software is generally hard to secure, even under the best circumstances.”
The second keynote, Hacking Public Opinion, was by Renee DiResta, a research manager at the Stanford Internet Observatory. DiResta focused on how information security can prevent disinformation and “fake news”. These disinformation campaigns have the ability to affect voting results, companies and even full governments. DiResta stated that in order to combat these campaigns, “we need to do more red teaming around social [media] and think of it as a system and [understand] how attacks can impact operations.”
Some other highlights from Black Hat included:
- Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption: Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.
- Researchers Trick Facial-Recognition Systems with the goal of finding whether computer-generated images that look like one person would get classified as another person.
- Digital Clones Could Cause Problems for Identity Systems: Three fundamental technologies have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
- A Mix of Optimism and Pessimism for Security of the 2020 Election: DHS CISA’s Christopher Krebs and Georgetown University’s Matt Blaze at Black Hat USA give the lowdown on where things stand and what still needs to happen to protect the integrity of November’s election.
- Over a dozen vulnerabilities were found in the Mercedes-Benz E-Class car by the Sky-Go Team which allowed them to remotely open its doors and start the engine.
- Satellite internet communications were hacked using only $300 worth of off-the-shelf equipment. This allowed James Pavur, a researcher and doctoral candidate from Oxford University, to eavesdrop and intercept signals across the globe.