Hackers of the World contest ends: Surface 40% virtuoso Pro props-hacking contest, GeekPwn-IT information
On May 12, hosted by the security team KEEN hacker contest GeekPwn Macau the world over, more than 10 major routers, intelligent remote control, intelligent cameras, anti-hacker safe, intelligent software and hardware products are individually compromised, security geeks have once again shocked the world.
From Pavilion technology of players, with 10 paragraph router project and the small Ant camera project holding go 420,000 bonus, became this times game of big winner; from Tencent network defense group of Surface Pro project, with high difficulty of technology content get 150,000 single bonus and 50,000 "most PA Technology Award" bonus; and from California University of Cao Yue team to its world rare of TCP hijacked technology get of 100,000 single bonus and 50,000 yuan of "most brain hole Award".
High school small meat love cracking techniques female hack random remote control Intelligent remote control
The youngest players of the game is the two 16 year old high school student, they demonstrated how to use mobile phone hijacking UAVs, drones not controlled by remote control while taking off and landing, and does not command automatic return. Although the final judges from the angle of strict vulnerability criteria determined the item does not belong to the security vulnerabilities of UAV, but two juvenile enthusiasm for cracking techniques won this competition "geek spirit Award".
While the only female hacker attack targeting in smart home, she broke the nest-controlled Intelligent remote control via infrared remote control of appliances can be hijacked. Imagine if remote start blankets or bath and may even cause a fire.
"Vows to play smart and not smart Safes" "Uncle hacker" will be safe to play with in between hands, not only hijacked the "SAFEOK anti-hacker safe" password, can also be transformed into "alarm clock"-a specific time is not up, it could naturally. Cerebral hole is wide open in this project because of its spirit of reform was named "Coolest Show Award".
Top hacker contest the difficulty level of the project appeared to be the best fighter technology award
Once Pwn2Own hacker contest in another world championship team appeared in GeekPwn competition, they won the "best fighter technology award". Microsoft products Surface Pro 40% for they of dazzle technical props, show has real world senior continued sex threat attack APT technology: through using Windows and Adobe Reader of vulnerability, from Tencent network defense group of players can completely control Surface Pro--"hacker" to victims sent has a malicious of PDF file, dang victims open this PDF file, Surface camera in site shooting of image that was upload to " Hacking "computers.
California doctoral student past number one hacker attacks remote arbitrary taking of communication
Most startling, from United States University of California doctoral student Cao Yue can be referred to as "network infrastructure" TCP/IP protocol stack implementation of remote hijacking vulnerability shows. In the early 90 's Internet development, kaiwen·mitenike uses the TCP protocol implementation is not perfect, "any Internet session hijacking techniques" and famous today, Cao Yue's team targets have continued to improve the TCP protocol, discovering vulnerabilities so heavyweight, no doubt the information security research in the world have significant reference value.
Cao Yue in GeekPwn the game demonstrated his "magic": the attacker after the IP address of the victim informed of any part of the world, which may be remotely hijack their communications. In the display, on the victim's computer screens are browsing the news page and suddenly jumped out of a fake login page, follow the prompts to enter your account number and password, the same content will appear on the computer player Cao Yue . Common means of cyber-crime in the news (such as Trojan horses, phishing, fraud) different is that victims do not need to make any mistake – will become the attacker of the lamb.
There are more than 4 billion possible serial numbers as well as more than 60,000 possible port, which combine to form the unpredictability is the cornerstone security of TCP/IP protocol. Cao Yue succeeded in achieving within a short time was able to detect TCP connection port and the serial number of the technologies, which means that almost all Android and Linux systems on the Internet, can be attacked at any time, anywhere, hijacked the address.
Tens of thousands of home Wi-Fi can be anytime invasion
This competition Awards players Pavilion 10 router on the market technology projects, including Cisco routers, 360 router, TP-link router, Netgear router, ASUS routers and other 10 router to break one by one. According to the live demo, Android phones are connected to the router have vulnerabilities, while working in the formal application software download, regular software will be replaced with the implantation of the Trojans and malicious programs , allows an attacker view victims can send and receive text messages, control, mobile phone features, called cell phone cameras . In addition, Pavilion Technologies also found loopholes in the ASUS router service is exposed to the Internet, an attacker can be anywhere in the world to launch remote attacks, router that affected tens of thousands of units.
世界黑客大赛落幕:Surface Pro 4成炫技道具 - 黑客大赛,GeekPwn - IT资讯
5月12日,由安全团队KEEN主办的世界黑客大赛GeekPwn澳门站落幕,十几款主流路由器、智能遥控器、智能摄像头、防黑客保险箱等智能软硬件产品被逐一攻破,安全极客再次震惊世界。
来自长亭科技的选手,凭借10款路由器项目及小蚁摄像头项目捧走42万奖金,成为本次比赛的大赢家;来自腾讯网络攻防小组的Surface Pro项目,凭借高难度的技术含量获得15万单项奖金以及5万“最霸技术奖”奖金;而来自加州大学的曹跃团队以其世界罕见的TCP劫持技术获得的10万单项奖金和5万元的“最大脑洞奖”。
高中生小鲜肉钟情破解技术 女黑客随意远程操控智能遥控器
本次比赛年龄最小的选手是两名16岁的高中生,他们演示了如何用手机劫持无人机,使得无人机不受遥控器控制而起降,以及不听指挥自动返航。虽然最终评委从严格漏洞判断标准角度判定该项目不属于无人机的安全漏洞,但两名少年因对破解技术的热情而获得了本届比赛的“极客精神鼓励奖”。
而全场唯一的女黑客将攻破目标锁定在智能家居,她攻破了巢控智能遥控器,凡是可以通过红外遥控器控制的家电都可以被劫持。试想一下,如果遥控启动电热毯或者电热浴霸甚至可能引发火灾。
“誓要玩坏各种智能与不智能的保险箱”的“黑客叔叔”将各种保险箱玩弄于股掌之间,不仅劫持了“SAFEOK防黑客保险箱”的密码,还能将其改造成“闹钟”——特定时间不起床,就可能钱财不保。这个项目因其脑洞大开的改造精神被评为“最酷展示奖”。
顶级黑客大赛难度级别的项目现身获最霸技术奖
曾经在另一个世界黑客大赛Pwn2Own夺冠的团队也现身GeekPwn大赛,他们获得了“最霸技术奖”。微软产品Surface Pro 4成为他们的炫技道具,展示了真实世界中高级持续性威胁攻击APT技术:通过利用Windows和Adobe Reader的漏洞,来自腾讯网络攻防小组的选手可以完全控制Surface Pro——“黑客”给受害者发送了一个恶意的PDF文件,当受害者打开这个PDF文件,Surface摄像头在现场拍摄的影像即被上传到“黑客”的电脑。
加州博士生重现历史头号黑客攻击手段可远程任意劫持通讯
现场最令人咋舌的,是来自美国加州大学的博士生曹跃利用可被称为“网络基础设施”的TCP/IP协议栈实现漏洞进行远程劫持的演示。在90年代互联网发展早期,凯文·米特尼克利用当时还不完善的TCP协议实施了“任意互联网会话劫持技术”并一举成名,如今,曹跃所在的团队针对现代已经不断完善的TCP协议,从中挖掘出如此重量级的漏洞,无疑对世界的信息安全研究都有着重大的参考意义。
曹跃在GeekPwn比赛现场展示了他的“魔术”:攻击者获知世界任意一地方受害者的IP地址后,即可能远程劫持其通讯。在展示中,受害者电脑显示屏上正在浏览的新闻网页突然跳出了一个虚假的登录页面,按提示输入账号及密码之后,相同的内容便出现在了选手曹跃的电脑上。与新闻中常见网络犯罪手段(如木马、钓鱼、欺诈)不同的是,受害者无需犯任何错——就会沦为攻击者的羔羊。
有40多亿种可能的序列号以及6万多种可能的端口号,两者相组合形成的不可预测性是TCP/IP协议的安全基石。曹跃成功地实现了一种能够在短时间内就探测到TCP连接的端口号及序列号的技术,这意味着互联网上几乎所有的安卓和Linux系统,都可以在任意时间、任意位置被攻击,被劫持通讯。
数万家庭Wi-Fi可被随时随地侵入
本次比赛的大奖选手长亭科技带来了市面上10款路由器项目,包括思科路由器、360路由器、TP-Link路由器、网件路由器、华硕路由器等10款路由器逐一被破解。根据现场演示,安卓手机在连接了有漏洞的路由器后,在使用正规软件市场下载应用时,正规的软件便会被替换为植入了木马的恶意程序,使得攻击者可以收发查看受害者短信、控制手机的电话功能、调用手机摄像头等。除此之外,长亭科技还发现了存在漏洞的华硕路由器服务被暴露在互联网上,攻击者可以在全世界任意位置对其发起远程攻击,受影响的路由器达数万台。