Gambling with Security in Vegas: Not Your Best Bet
July 27, 2016
With BSides Las Vegas, Black Hat, and DEF CON around the corner, security is likely at the forefront of many minds in the industry. Each year, headlines focus on unique presenters and the major exploits that really wow us. Understandably so.
From the hack brought to us by security researchers Runa Sandvik and Michael Auger, which caused a self-aiming rifle to miss its target and even rendered the gun completely inoperable, to the viral video of Charlie Miller and Chris Valasek remotely controlling a Jeep Cherokee—big exploits get our attention.
But what about the risks and threats faced on the floor at these conferences? BSides Las Vegas, Black Hat, and DEF CON attract people from all walks of life, to include enterprise practitioners, law enforcement, script kiddies, and traditional hacking enthusiasts. Because of this, visitors, presenters, and vendors all have the opportunity to promote new security solutions, while also learning a lot about the current threat landscape. Although, with this also comes the risk of interacting with individuals who may not have your best interests in mind.
Below are some steps you can take in order to stay safe and avoid ending up on the infamous Wall of Sheep.
- Practically anyone can host a Wireless Access Point (WAP). While many WAPs may appear to be legitimate—named after a hotel, restaurant, or even the conference—you can never be certain of who created it or the security settings on the network itself.
- While 4G and LTE are not completely safe from attacks, they are safer than public wifi. Use these or a personal hotspot with a hidden Service Set Identifier (SSID), when necessary.
- By default, public wireless networks should not be trusted. Consider using a Virtual Private Network (VPN) to encrypt your traffic while at the conference.
- Delete cookies and clear your browser history and cache. These can contain sensitive user information.
- In addition, maintain vigilance while browsing. Avoid following links or visiting websites found on banners or business cards.
- Ensure all devices and applications are fully patched and updated. This especially includes antivirus software.
- Turn off cellular, Bluetooth, and wireless capabilities on all devices.
- Avoid charging devices in public charging stations or public power outlets.
- Ensure your devices are fully encrypted and avoid leaving them unattended.
- USB devices present an effective way for attackers to infect your computer. This includes USBs that are lying on the ground.
- These devices, known as ‘road apples’ may have been placed with the intent to compromise your computer. Be mindful of what you connect to your device.
- Camera covers and privacy screens are recommended.
- Remain wary of potential social engineering attacks that may take place in person or via email (phishing).
- Utilize face-to-face communication when possible.
- If you need to send a message, use an encrypted messaging application.
- Be attentive of your surroundings and refrain from discussing personal information. You never know who may be listening or their motives—especially at a security conference.
- Be aware that social media connection requests may be sent from falsified accounts.
- Maintain discretion when geotagging posts. Providing too much information regarding your location could put you at risk.
- Security conferences are riddled with unique methods of attack and the use of electromagnetic credit card skimmers is becoming more prevalent.
- Carry cards at your own risk and only bring cards you absolutely need. Radio-frequency identification (RFID) blocking envelopes can be used to protect against financial and identity theft.
- Use cash when possible.
- Avoid using ATMs close to the venue. ATMs can be compromised or contain credit card skimmers.
- Hotel safes are not typically the pinnacle of security and can often easily be cracked.
- Always secure your belongings and only bring what you really need.
By following these instructions you can decrease your vulnerability to numerous risks faced while attending security conferences. Proceed with caution, and recognize that this landscape is constantly evolving. A major takeaway from these events is that no security measure is ever one hundred percent safe.
To learn more, check out our infographic: