Second day of Defcon was a small shock in terms of queues. We knew there would be queues as there are over 20 000 people crammed into two conference centers. We did however not anticipate that the first talk and the following two talks was alteady full when we arrived. We got a bad feeling how the day might go if we needed to queue hours before an interesting event. Luckily it was just a bad start, and we managed to get almost every other event we wanted to attend.
There was a lot of interesting talks and workshops and here is a small pick of what we found to be most interesting:
Our first event was about election systems and machines. Especially relevant as there has been evidence of election tampering campaigns against the US from Russia. Surprisingly the systems is more secure than previously thought, but its still relevant in securing further. Seeing as election tampering has been present for decades, but recently shifted focus into more digital “warfare”.
One of the more interesting talks today was about Knox Boxes. These are boxes containing keys for easy access when fire departments, police or paramedics need to access your apartment. The boxes are mounted on apartment buildings and not always in a secure manner. Not everybody trusts the security of these boxes and one guy set out to see if they can be broken. That they could, and very easily with the right tools. In short you can duplicate keys with only a picture, and there is a lot of pictures floating around of knox box keys…
Another scary event was regarding an IoT automation system, Creston. It consist in short of a management system and windows/android devices that can project sound/video. These are systems used broadly in hotels, airports, businesses and homes. Security on the devices are in short horrible. There is no authentication and if you access them you are by default admin. And as admin you can open browsers (type in urls), record sound or video to mention just a few commands available. Just imagine hotel rooms or business meetings being available for anyone to monitor, scary!
Finishing off the day with the traditional Jeopardy, testing the skills and wits in cyber security. Great fun and cant wait for day three!