Hacker Summer Camp 2022

If it’s August in Las Vegas, it’s time for Hacker Summer Camp. There are three hacker conferences that coordinate to happen next to each other every year: BSides Las Vegas, Black Hat and DEF CON. My first trip to DEF CON was last year and I was hooked – I hope to go back every year. This was the big 30th anniversary of DEF CON and several of the news stories this week came from one of these hacker conferences. And next week I’ll air my wonderful interview with DEF CON’s CEO and Founder, Jeff Moss (aka The Dark Tangent).

In the news this week: Several malicious Mac apps have slipped through Apple’s App Store security checks and contain malware – you should delete them ASAP; iOS VPN apps aren’t properly securing connections made before activating the VPN; TikTok’s in-app browser injects JavaScript code that could enable it to snoop on your session, including capturing keystrokes; Cisco’s network breach has lessons for all of us; Signal’s use of phone numbers as identifiers highlighted due to breach at Twilio; a new jailbreak has been found on John Deere tractors that might allow farmers to service their own equipment; Amazon is planning to release a reality TV show based on Ring doorbell footage; a digital hallway pass allows schools to intrusively monitor its students; and law enforcement is tapping into DNA databases of the blood samples taken at birth by hospitals to solve crimes.

Article Links

  1. [Tom’s Guide] These Mac apps are secretly spreading malware — delete them now https://www.tomsguide.com/news/these-mac-apps-are-secretly-spreading-malware-delete-them-now
  2. [Ars Technica] iOS VPNs have leaked traffic for years, researcher claims [Updated] https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/
  3. [Forbes] TikTok’s In-App Browser Includes Code That Can Monitor Your Keystrokes, Researcher Says https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research/
  4. [None] Cisco Confirms Network Breach Via Hacked Employee Google Account https://threatpost.com/cisco-network-breach-google/180385/
  5. [TechCrunch] Signal says 1,900 users’ phone numbers exposed by Twilio breach https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/
  6. [Ars Technica] A new jailbreak for John Deere tractors rides the right-to-repair wave https://arstechnica.com/information-technology/2022/08/a-new-jailbreak-for-john-deere-tractors-rides-the-right-to-repair-wave/
  7. [VICE] ‘Ring Nation’ Is Amazon’s Reality Show for Our Surveillance Dystopia https://www.vice.com/en/article/7k8x49/ring-nation-is-amazons-reality-show-for-our-surveillance-dystopia
  8. [VICE] A Tool That Monitors How Long Kids Are in the Bathroom Is Now in 1,000 American Schools https://www.vice.com/en/article/dy73n7/ehallpass-1000-thousand-schools-monitor-bathroom
  9. [WIRED] Police Used a Baby’s DNA to Investigate Its Father for a Crime https://www.wired.com/story/police-used-a-babys-dna-to-investigate-its-father-for-a-crime/
  10. Tip of the Week: https://firewallsdontstopdragons.com/be-my-guest-no-i-insist/

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:00:17: DEFCON 30 notes
  • 0:03:00: Quick security notes
  • 0:03:46: News run down
  • 0:06:50: Delete these Apple apps immediately
  • 0:10:44: iOS VPN apps fail to secure old connections
  • 0:15:00: TikTok’s in-app browser able to record private info
  • 0:20:49: Cisco breach due to employee Google account hack
  • 0:25:08: Signal says 1900 users’ phone numbers exposed
  • 0:28:15: Hacker reports vulnerability in John Deere equipment
  • 0:32:04: Amazon’s new Ring video reality show
  • 0:36:27: e-HallPass monitors students bathroom breaks
  • 0:39:27: US baby DNA being used by law enforcement
  • 0:44:54: Tip of the Week
  • 0:51:51: Wrap up