Tech enthusiasts, whizz kids and security veterans gathered in San Francisco last week for the annual RSA conference security event to discuss failures, successes and challenges of internet security. In case you missed the news, hereâ€™s a short overview of some of the memorable demos and ideas of this yearâ€™s event:
- Billy Rios, founder of security firm Laconicly, exploited a two-year-old vulnerability in a Vera smart-home automation device, which offered him total access to the deviceâ€™s network and all computers attached to it.
- â€œContactless payment systems are not fraud proof,â€ said Matthew Ngu, engineering manager with RSA, in a talk about payment systems. â€œBut they are more secure than [magnetic] stripe-based systems,â€ he added.
- Attackers leave cheap, malicious devices lying around and hope someone plugs them in â€“ said Ed Skoudis, SANS instructor and founder of Counter Hack. He referred to this trend as â€œdisposable hacking technology.â€
- Despite the rush to the cloud, certificate authentication is still the Achilles’ heel of the industry, according to Scott Charney, corporate vice president of Trustworthy Computing at Microsoft.
- FireEye researchers Yulong Zhang and Tao Wei showed how malware can bypass fingerprint authentication used to unlock Samsung Galaxy S5
- Researchers from Skycure demonstrated an attack that affects iPhones and other iOS devices. Taking advantage of new and known vulnerabilities, attackers showed how to lock iPhones into a never-ending reboot cycle, effectively rendering them useless.
- Ransomware could spread beyond just PCs as the Internet of Things becomes more pervasive, concludedÂ Adi Shamir, a member of the Weizmann Institute in Israel and of the RSA.
On the sidelines, it seems everyone was whispering about data — the challenges of collecting it, analyzing it and securing the colossal amounts of it provided by IoT devices. And, to outline the challenge facing both security experts and common users, IDC, the global market intelligence company, predicted 90% of all â€ªIT networks will suffer an â€ªâ€ŽIoT security breach in the next few years.