The annual DEF CON® hacker conference came and went as swiftly as a light rain against the hot Las Vegas strip. Consumer tech was a big focus and speakers demonstrated how various network-connected gadgets, once hacked, could be controlled to affect the real, physical world. Here are some highlights from two particular lectures about the hacking of network-connected and radio-frequency identification (RFID) enabled devices that got much attention.
At DEF CON 2012 in Las Vegas I sat through a presentation titled “Owning One to Rule them All,” hosted by penetration testers Dave Kennedy and Dave DeSimone. They discussed a recent penetration test that utilized Microsoft Systems Center Configuration Manager (MSCCM) to gain access to essentially an entire network of computers. MSCCM is intended to streamline the management of multiple devices – desktops, laptops, smartphones and tablets – within IT infrastructures. While a tool like MSCCM may seem convenient, granting too many administrative features can lead to more serious network security headaches, including breaches.