Bishop Fox to Demonstrate Three Innovative Tools at Black Hat Tools Arsenal in Las Vegas

Share Article

Top Security Researchers Will Release Tools Designed to Hack Google Chromecast, RFID Security Systems, and iOS Devices

Bishop Fox IT security researchers plan to unveil three new tools at the Black Hat Tools Arsenal in Las Vegas this week. The Tools Arsenal is a tool/demonstration area where independent researchers and the open-source community can showcase new tools or “weapons” that can help the security community keep up with the threat landscape.

Dan Petro, Senior Security Analyst at Bishop Fox, will present “Rickrolling Your Neighbors with Google Chromecast” on Wednesday, Aug. 6 at 12:45 PM PST at Mandalay Bay. Dan designed the “Rickmote Controller,” which illustrates how attackers can easily hijack users’ Chromecast-enabled televisions and play any video of their choice.

“My research is intended to show a fun pranking tool, but Chromecast is a flagship Google product used by millions of people,” said Petro. “This is a case of security coming second to usability, and there are likely similar issues with other smart devices. I wouldn't be surprised if the Chromecast exploit worked against them as well.”

Joe DeMesy, Senior Security Associate at Bishop Fox, is presenting his “iSPY” iOS security assessment toolkit at the Arsenal. iSPY is an automated toolkit for advanced iOS hacking, reversing, and debugging. DeMesy will release a reverse sandbox that can run iOS apps on jail-broken devices. He’ll also demonstrate how to defeat common anti-jail breaking checks in minutes.

“For years, security researchers have unveiled new iOS hacking research and tools at Black Hat. ISPY is not just any iOS toolkit; I’ll be introducing the world to a new, improved breed,” DeMesy added.

“Oops, I RFIDID It Again”
Fran Brown, Partner at Bishop Fox, will be presenting “Oops, I RFIDID It
at the Black Hat Arsenal. This presentation serves as a follow-up to Brown’s RFID research at Black Hat 2013. In this second installment, Brown will hack high-frequency (HF) and ultra-high frequency (UHF) systems, and explain how to build a RFID penetration toolkit.

The applications for HF and UHF technologies extend beyond the realm of physical access control. They can be found in credit cards, e-Passports, enhanced driver’s licenses, ski passes, NFC reward cards, public transit passes, and are even used as the foundation of Disney’s new MyMagic+ initiative.

Brown will also release a slew of new and free RFID hacking tools made from Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and 3-D printing. On a closing note, he will discuss how to defend against HF/UHF RFID hacking threats.

“RFID security hasn’t changed much in the past year since I presented my research at Black Hat,” Brown said. “My further research in this area shows the increased implications of hacking high frequency and ultra-high frequency systems, and why we can no longer ignore this problem.”

About Bishop Fox
Bishop Fox is a global security consulting firm. They are the trusted advisors to the Fortune 1000, financial institutions, and high-tech startups — helping to secure their commerce, data, IT infrastructure, and intellectual property. Founded in 2005, their team consists of dedicated individuals with a combined 400+ years of experience working in both corporate America and global security.

In addition to authoring several best-selling security books, writing numerous industry articles, and being cited in well-respected journals, the Bishop Fox team has been presenting its security research for more than a decade. Bishop Fox speakers have been featured at many top security industry venues, including Black Hat, DEF CON, RSA, InfoSecWorld, OWASP, SANS, and Microsoft BlueHat.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Arissa Aguilera
Bishop Fox
+1 9163846884
Email >
Visit website