Hackers Convene To Find Mobile Security Flaws This week Las Vegas saw the world's largest hacking party — and it was all legal. The gathering was designed to bring together cybersecurity experts — including the top hackers in the business — to expose vulnerabilities before criminals uncover them. The big focus this year was on mobile phones.
NPR logo

Hackers Convene To Find Mobile Security Flaws

  • Download
  • <iframe src="https://www.npr.org/player/embed/157538677/157538714" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Hackers Convene To Find Mobile Security Flaws

Hackers Convene To Find Mobile Security Flaws

  • Download
  • <iframe src="https://www.npr.org/player/embed/157538677/157538714" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


This week, thousands of computer hackers descended on Las Vegas for the annual summer hackers convention. The hot topic this year: hacking attacks on smartphones. NPR's Steve Henn is there, where he witnessed seasoned hackers display their destructive prowess at two of the main conferences: the Black Hat and Defcon.

STEVE HENN, BYLINE: These events, especially Defcon, are known for their pranks. Nicholas Percoco says that one year, all the ATMs in one of the casinos were hacked. No money was stolen but...

NICHOLAS PERCOCO: Instead of the screen saver for the bank, they put pornography on the screen.

HENN: The banks and the casino were understandably flummoxed.

PERCOCO: And they put a piece of paper over it that said: ATM maintenance in progress. That's what it said. It was like a piece of paper over there. You could still see the image flashing behind the paper. They didn't even turn it off.

HENN: Every year here someone tries to show off. Some of the pranks can be crude. But actually, the purpose of these events is pretty serious. Stephen Ridley is an independent security consultant. Ridley says in the digital age, almost every aspect of our lives is touched by computers and machines that speak in ones and zeros. And frankly, most of us don't understand how they work.

STEPHEN RIDLEY: I am of the mind that people who do have this knowledge are actively exploiting these things now.

HENN: He believes that most of the hackers here, who take the stuff apart and poke holes in all these products that we depend on, are kind of like the investigative reporters of the digital age. Ridley says their goal is to expose problems before bad actors can find them and take advantage.

RIDLEY: The more that it's out in the open, the more that you can have skilled people choose what side of the fence they want to be on. And I believe in kind of the goodness of human nature.

HENN: If you don't know where the problems are, no one can fix them. This year, there are talks on how to hack into the new air traffic control system and lots of talks about how to break open your mobile phone. Nicholas Percoco gave one.

PERCOCO: I have my iPhone here, and it sits on the nightstand every single night when I'm sleeping. When I'm traveling around, it's in my pocket. And so the ability to do things to people's mobile devices becomes even more enticing to a criminal.

HENN: In some ways, mobile phones are inherently vulnerable. They connect with other networks in all kinds of ways, and some have payment systems that use near field communication or NFC chips. These chips let you wave your phone near a reader. Your phone connects, and you can pay.

But Charlie Miller, a researcher at Accuvant, realized he could use these chips to break your phone wide open. And for this hack to work, Charlie just has to be standing next to you.

CHARLIE MILLER: So now I can do things like, you know, read all the files.

HENN: And that's just one of the half-dozen mobile hacks unveiled here this week. Nicholas Percoco figured out how to slip past Google's bouncer. That's the system that polices Android's app store. Stephen Ridley and his partner figured out how to attack computer chips that run on pretty much every mobile phone.

RIDLEY: By clicking on a link, we took over their phone, basically. They have to click the link.

HENN: Ridley's been giving a how-to course on this attack all over the country. His customers include some of the biggest cell phone makers in the world. And after Nicholas Percoco figured out how to beat up on Google's bouncer, his first call was to Google.

PERCOCO: Google's a great organization to work with. They want to learn.

HENN: Google says it's already made a fix. Still, the relationship between hackers and big companies has not always been so cozy. Charlie Miller got so tired of firms fixing the problems he pointed out without so much as a thank you note, last year he publicly went on strike, vowing not to reveal his attacks until firms agreed to pay. Now, many companies sponsor contests, where they pay hackers up to $100,000 to break their products. And Miller, who has a couple of kids and college funds to think about, is already hard at work. Steve Henn, NPR News, Las Vegas.

Copyright © 2012 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.