Hacking Tesla, Breaking Banks And Killing People Online: The Best Of Def Con 2015

It’s been a rough week for corporate cybersecurity teams. Car manufacturers, garage door companies and surveillance video suppliers are headed home hungover after security researchers spent three days exploiting cyber vulnerabilities in the most popular products in those and other industries at the Def Con hacker conference in Las Vegas.

Unlike the more grown up Black Hat conference, which also took place last week in Vegas, Def Con is known for its misfit appeal. One year Gen. Keith Alexander, former director of the National Security Agency, is using the Def Con conference as a recruitment opportunity, and two years later it’s the place to go to play Drunk Hacker History. But, between those two extremes, there are also always a number of cool hacks, tricks and toys on display.

Here are some of the best of 2015.

Unlock Your Car For Hackers

A wire hangar and a broken window are no longer the biggest threat to your car’s security. Samy Kamkar, a notorious carjacker who revealed in July that it’s possible to locate and unlock any vehicle with OnStar Remote Link, showed off a new wallet-size device that costs only $32 to build and can unlock most vehicles and garage door openers.

RollJam exploits the “rolling codes” used in remote key fobs that car owners use to unlock their cars. A car owner trying to unlock his vehicle when a RollJam is nearby will first notice that the fob doesn’t work. Upon pressing it again, though, the RollJam intercepts the code and can be used later to unlock the same car or garage door.

It’s Really Easy To Kill Someone …. Online

Rejoice, all you Internet assassins. Australian computer security specialist Chris Rock showed that the process of someone declared dead usually requires little more than having signatures signed by a doctor and a funeral director.

But an oversight in the system makes it possible for an everyday Joe to Google a doctor’s name, address and medical license number then input that information into the online portal that physicians use to declare patients deceased. Rock also set up a fake funeral home, naming himself director and ultimately discovering that someone might not find out they were declared dead until they tried filing a tax return or obtaining an insurance payout.

“You could kill anyone you want,” he told Agence Presse-France after presenting the findings at Def Con. “No one is off limits.”

Bank Safes Are Anything But

You’d think that storing valuables in a safe that’s in the direct sightline of a surveillance camera is enough to protect your possessions. Not so, according to independent computer researchers Eric Van Albert and Zach Banks. The pair figured out how to loop the footage captured by security cameras by spending $500, splitting an Ethernet cable and re-creating innocuous video footage that would have anyone watching believe nothing’s amiss.

The subversion technique was revealed on the same weekend that another team of researchers announced that, by plugging a USB drive into a Brinks smart safe, thieves could siphon off money without a merchant’s knowledge.

“We set out to create our own device as close to the movies as possible,” Van Albert told the crowd during his presentation.

Tesla Wins

Car companies have taken the brunt of the criticism leading up to and during the BlackHat and Def Con conferences. First, Jeep’s lack of security went viral in a Wired magazine video that showed how hackers could bring a moving Jeep to a halt on a busy freeway. Criticism only grew when Fiat Chrysler, Jeep’s manufacturer, announced it would fix the flaw by mailing customers USB drives that included the necessary software update.

Then hackers announced they found a flaw in Tesla’s Model S that would enable them to take control of the vehicle. Even before that flaw was made public, though, Tesla had already issued an over-the-air security update that owners could download straight to their vehicle immediately.

Tesla representatives were on hand at Def Con Saturday to meet attendees and watch as the Model S research was unveiled.

“Hackers are a crowd that is really important to us,” Tesla’s Khobi Brooklen told AFP. “It is a community that we want to be part of, and collaborate with, as well as recruit from.”