Cybersecurity experts warn ‘everything is vulnerable’ to hackers… including your ‘camels’ during day two of Black Hat MEA

16

Experts demonstrate how everything from electric cars to livestock can be hacked and controlled remotely

Infosec specialists highlight threats to businesses and individuals from hackers and run workshops to safeguard against vulnerabilities

Riyadh, Saudi Arabia: As the world becomes increasingly reliant on Internet of Things (IoT) and digital services, so too must steps be taken to minimize the vulnerabilities that allow hackers to take advantage, visitors to day two of Black Hat MEA were told.

The world is rapidly shifting towards a digital future as everything from banking to health services, agriculture and vehicles become more reliant on the Cloud and other IoT services. This brings a variety of benefits including convenience, flexibility and ease of use. However, this also provides cybercriminals with far more vulnerabilities they can exploit to steal sensitive data, commit fraud and more.

The second day of Black Hat MEA took the attendance since the start of the event to 20,000 and saw experts highlight threats while providing solutions that can be implemented to protect organizations and individuals from harm.

Defending against cyber threats

Dr. Alissa ‘Dr Jay’ Abdullah, Deputy Chief Security Officer at Mastercard highlighted the key areas of risk during a session related to mitigating cyber risks, focusing on technology, tactics and talent. She mentioned, “Evolution is key, and we need to keep up with the pace of technology and evolve our infrastructure.” She also noted key tactics used by adversaries such as MFA (Multi-factor authentication) fatigue and the mimicking of user voice patterns, while highlighting the importance of upscaling talent, to build a more robust organization. 

Caleb Sima, Chief Security Officer, Robinhood, hosted a session titled ‘Assume Breach’, with a key focus on a company’s crown jewels and how to protect them from hacking threats. “Crown jewels are anything that an attacker can take with them, including customer or employee data, tokens and keys or even systems to modify financial transactions without repercussions.” He highlighted that much like our physical health; safety hygiene is key for any company.

During a panel discussion focused on the global laws related to the regulation, collection, use, retention, and disposal of personal information, Zaki Abbas, Chief Information Security Officer, Brookfield Asset Management said: “While it’s not exciting, data regulations play an important part and helps security programs mature. 70 percent of the world has some sort of data security regulation or legislation implemented.” Vikas Yadav, Chief Security Officer, Nyka, continued: “On a global scale a unified framework for compliance and fundamentals of privacy is the key to data protection. However, it should be implemented with customer trust at the heart of it all.” The panel also included Flavio Aggio, and Jon Staniforth, the Chief Information Security Officers of World Health Organization (WHO) and Royal Mail respectively and was moderated by Jaya Baloo, Chief Information Security Officer, Avast.

Hacking ‘camels’

Taking a unique spin on things, Chris Roberts, Chief Information Security Officer, Boom Supersonic, showcased how connected livestock management and tracking platforms can be hijacked, referring to a previous experiment he had conducted. The session showed how data can be manipulated on platforms that use GPS trackers to show a completely different location, which in this case ‘relocated’ the camels from Riyadh’s deserts to snow-capped regions in Mongolia. “Our digital and physical worlds are colliding, and what you see isn’t always what you get. It is important to have a physical presence and not always depend on the digital,” said Roberts.

Eye-catching demonstrations

During the event, hacking experts showcased vulnerabilities in today’s connected environment where we are surrounded by connected devices including electric cars such as a Tesla. The demonstration showed that is possible to exploit system vulnerabilities where the car’s functions could be controlled remotely including lights, doors and even the on-board infotainment systems.

The three-day conference concludes on 17 November at the Riyadh Front Exhibition Center and features more than 250 exhibitors and over 200 speakers this year. It features international tech giants such as Cisco, IBM, Spire, Infoblox and others have a significant presence showcasing new technology and services.

The event was organized as part of a strategic partnership between Informa Markets, the largest events company in the world, and the Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) to highlights the Kingdom’s investments and growth in cybersecurity and the digital space.

About Black Hat Middle East and Africa

Black Hat Middle East and Africa will be the largest cybersecurity event in the region and feature the most powerful speaker faculty of any technology show in its first edition. It is co-created between Informa and The Saudi Federation for Cybersecurity, Programming and Drones. Informa, itself the largest exhibitions company in the world, is responsible for delivering many of the most recognised brands in events.

About The Saudi Federation for Cybersecurity, Programming and Drones

‏A national institution that aims to empower the local workforce and enhance their capabilities in the fields of Cybersecurity, Software Development, Drones and Advanced Technologies based on the best international practices. Its vision is to have a programmer among every 100 Saudis by 2030, and its mission is to empower and build the next generation capabilities in the field of advanced technology.