Black Hat Abu Dhabi to demo ATM hacking and cellular phone phreaking

Presenters lined up for the event will include Barnaby Jack, the director of research with IOActive Labs, who caused a sensation at last year's Black Hat USA when he publicly cracked a specific brand of ATM in widespread usage in North America.

This time around it seems he's going one better, as he will bringing two new model ATMs from two vendors.

"I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks", he said.

Interestingly, another presenter will be Zane Lackey, senior security consultant with iSEC Partners, who will be hosting a seminar titled `Why You Can't Trust Mobile Phone Networks for Critical Infrastructure' in which he will intercept live phone calls on stage and explain how hackers can track user locations.

Infosecurity notes that Lackey showed his technical prowess at RSA Europe in London last month when he when he and co-presenter Luis Miras detailed how it is possible to spoof text and picture messages on a mobile phone, and cause a mobile phone user to log into a spoof server that appears to be their mobile banking portal.

This is apparently made possible through the subversion of the UDH header code that is integral to SMS (text message) and MMS (picture etc., message) transmissions on the cellular networks.

Other presenters lined up with Black Hat Abu Dhabi include The Grugg, another cellular security researcher who has researched a cellular phreaking technique know as baseband fuzzing to attack 2G cellular networks; and Stephen A. Ridley, a senior researcher with Matasano Security.

Ridley's presentation will include details of how to evade memory and similar sandboxing defence systems, as well as detailing the actual program code needed to by-pass this critical security technology.

What’s Hot on Infosecurity Magazine?