DON’T GET PWNED! Securing Yourself at Black Hat
Black Hat, one of the world’s largest security conferences, is a veritable playground for hackers. With thousands of security professionals and enthusiasts gathered in one place, it’s an irresistible target for those looking to exploit vulnerabilities.
Approaching Black Hat as a hostile environment where everyone is potentially trying to hack you is a wise move. Here are some comprehensive tips to help you stay secure.
Connectivity & Updates
The first and most crucial step in securing yourself at Black Hat is to disable any features on your devices that allow connections to the Internet or other devices. This includes Wi-Fi, Bluetooth, mobile data, NFC, location services, and more. By disabling these features, you effectively cut off potential entry points that a hacker might use to gain access to your device.
Before you travel to the conference, make sure to update all your devices – phones, tablets, computers, watches, etc. Keeping your devices updated ensures that you have the latest security patches and fixes, reducing the chances of being exploited. This is particularly important when attending a conference like Black Hat, where new vulnerabilities are often revealed.
Phone Security
At the conference or in the hotel, turn your phone off completely whenever possible. There have been instances of people setting up fake cell phone ‘towers’ to intercept calls and messages–as well as juice jacking. If you must have your phone on, ensure that you adhere to the above steps. Treat all conversations and SMS messages while at the conference as public, just in case.
Your phone’s lock screen is the first line of defense against unauthorized access. Use a strong password, PIN, or biometric security feature like fingerprint or facial recognition to secure your device. Pay attention to the permissions your apps request. If an app asks to access your location, contacts, or messages, consider if it really needs that information to function. When in doubt, withhold permission or consider not using that app.
Be cautious about what you post from your phone. Once posted, texts, photos, and videos are difficult to take back and can be copied and pasted elsewhere. Remember, reputations are at stake. Letting others use your phone when you’re not around is like giving them the password to your social network profile. They can impersonate you, which gives them the power to mess with your reputation and relationships. Always lock your phone when you’re not using it.
Be mindful of people randomly taking pictures at parties or other social events. You may not want to be tagged in their social-network photo albums. If you suspect that someone is monitoring your phone, use a different device that the person cannot access.
Wi-Fi Security
Public Wi-Fi networks, such as those provided at conferences, hotels, and airports, are often unsecured, making them prime targets for hackers. To protect your data, consider using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it much harder for hackers to intercept and steal your data.
Be wary of Wi-Fi spoofing, where hackers set up fake Wi-Fi networks to trick users into connecting. These networks often have names similar to legitimate networks. Always verify the network name with event staff before connecting.
Even with these precautions, it’s best to avoid accessing sensitive information, such as bank accounts or confidential work documents, on public Wi-Fi. If you must access such information, use your mobile data connection instead.
Credit Card Security
Protect your credit card, mag stripe, RFID, and NFC devices. This includes all your credit cards and anything with a magstripe in your wallet, purse, backpack, or laptop bag. Contactless payment cards are especially vulnerable. Invest in a security credit card sleeve, charge to your room, or use cash. These sleeves can protect your cards from being scanned by malicious devices.
Credit card fraud is a common issue, and public events like Black Hat can be hotspots for such activities. To protect yourself, consider using credit cards with EMV chips, which are more secure than magnetic stripe cards. EMV chips create a unique transaction code for each purchase, making it harder for hackers to steal your card information.
Be cautious when using ATMs or card readers at the event. Skimmers, devices that steal card information, can be attached to these machines. Always inspect the machine before use and cover the keypad when entering your PIN.
Consider using mobile payment apps like Apple Pay or Google Wallet, which use tokenization to secure transactions. Tokenization replaces sensitive card information with a unique identifier or “token,” which is useless if stolen.
Monitor your bank and credit card statements regularly for any unauthorized transactions. Most banks offer instant transaction alerts, which can help you spot fraudulent activity quickly.
In case of any suspicious activity, report it to your bank immediately. Most banks have 24/7 customer service and can block your card to prevent further transactions.
Social Engineering
Be wary of social engineering. With Black Hat being a trade show, your natural reaction might be to share information upon meeting people. Be mindful of what people are asking and how much information you are giving away. If people start asking about personal information, it may be time to steer the conversation elsewhere. Trust your instincts; if it doesn’t feel right, it probably isn’t.
Social engineering is a method used by hackers to manipulate individuals into revealing confidential information. It’s not just about technology; it’s about exploiting human vulnerabilities. At an event like Black Hat, where information sharing is common, the risk of social engineering attacks is heightened.
One common form of social engineering is phishing. Be wary of unsolicited emails or messages asking for personal information or urging you to click on a link. Always verify the source before responding to such requests.
Beware of impersonators. In a crowded event like Black Hat, it’s easy for someone to pretend to be a staff member or a fellow attendee to extract information. Always verify the identity of the person you’re interacting with, especially if they’re asking for sensitive information.
Be cautious about what you share on social media. Hackers can use the information you post online to impersonate you or trick you into revealing more information. Consider adjusting your privacy settings and be mindful of what you’re posting.
Lastly, educate yourself about the latest social engineering tactics. Knowledge is your best defense against these attacks. Attend sessions on social engineering at Black Hat, and stay updated on the latest trends in the field.
Airport Security
Since most attendees will arrive at Black Hat via Las Vegas airport, it’s best to follow the above guidelines while at the airport as well. Airports are often crowded and chaotic, making them ideal environments for hackers to exploit unsuspecting travelers.
Airports are bustling hubs of activity, where numerous devices connect to public Wi-Fi networks. These networks, while convenient, are often unsecured and can be a hotbed for cyber threats. As a Black Hat attendee, the information on your devices could be particularly attractive to malicious actors.
Finally, remember that physical security is just as important as digital security. Keep your devices with you at all times and be aware of your surroundings. If you need to leave your devices unattended, use a secure locker or leave them with a trusted individual.
Final Thoughts
Security conferences like Black Hat often present opportunities for proof of concept issues, making these steps increasingly important. The goal is to learn, network, and enjoy the conference without falling victim to an attack. Stay safe and secure at Black Hat!