If you follow Apple’s involvement in the political sphere, or if you’re just a concerned citizen who cares about privacy issues, Doctorow’s talk is definitely worth your time. In particular, he looks at legislative attempts to force interoperability standards onto large tech companies - and discusses why this is so important for privacy. Instead, Doctorow tackles the wider issue of privacy as it relates to Big Tech. It’s not about Apple specifically, although Apple comes up frequently in the talk. And it has been accused of compromising its position on privacy in exchange for access to China’s market.Ĭory Doctorow gave a DEF CON 29 presentation entitled “Privacy Without Monopoly”. It enforces its App Store monopoly with aggressive lobbying and lawsuits.
But Apple isn’t a plucky little startup anymore. The elephant in the roomĪpple gets a lot of good press for its stance on privacy, especially when compared to other tech giants like Facebook and Google. If you’re interested in AirTag and security, you’ll want to have a look at Roth’s presentation. In his DEF CON 29 talk entitled “Hacking the Apple AirTags”, Roth explains how he did it - and how a bad actor could use a hacked AirTag for malicious purposes. Thomas Roth made headlines back in May when he pulled off the world’s first successful hack of an AirTag. That sounds good … but what about AirTag security? Despite some initial privacy concerns about AirTag, Apple has been responsive to customer feedback around the issue, and has introduced additional privacy measures for the device.
Paired to an iPhone, it can be used to locate misplaced objects around the house, and can even use the Find My network to track down lost or stolen belongings. The AirTag is essentially a tracking device for your stuff.
#Defcon 2021 how to
How to hack an AirTagĪpple introduced AirTag at their Spring Loaded event earlier this year.
#Defcon 2021 mac
If you’re interested in vulnerability research and Mac app security, as well as the specific tools and techniques used to fuzz macOS apps, be sure to check out Brown’s talk. Jeremy Brown discussed fuzzing on macOS in a presentation called “Summer of Fuzz: MacOS”. In a nutshell, fuzzing is the practice of feeding a whole bunch of random input to an app or system in order to see what breaks! But have you ever wondered how these researchers actually find those bugs in the first place? One main method used by vulnerability hunters is called “fuzzing”. In reporting on a new macOS vulnerability or iOS exploit, we often say that security researchers “discovered” a flaw in some part of the OS code. If you’re interested in Mac malware analysis, you won’t want to miss Wardle’s talk. His presentation was called “Bundles of Joy: Breaking MacOS via Subverted Applications Bundles”. At DEF CON 29, he offered a technical deep dive that explained in detail how this vulnerability worked. Patrick Wardle is a noted Mac security researcher (and friend of The Checklist). Security researchers found evidence of bad guys actively exploiting this vulnerability to create a sneaky new variant of Shlayer adware. Unfortunately, the issue was more than just theoretical. In April, the world learned of a major macOS 0-day flaw that allowed attackers to build malware that would bypass a Mac’s normal security features. If you’re interested in issues related to Mac in the enterprise, or red teaming and pentesting in general, Owens’ talk is definitely worth a watch. His presentation took a red team perspective, looking at the different ways that an attacker might approach a macOS environment. And as we’ll see, while businesses that run on macOS are still in the minority, they’re definitely not immune to attack.Ĭedric Owens discussed macOS security in the enterprise in his DEF CON 29 talk “Gone Apple Pickin: Red Teaming MacOS Environments in 2021”. There are a number of factors behind this phenomenon, but in part, the trend has been driven by the increase of Macs in the enterprise.
We’ve talked before about the rapid growth of macOS malware.
#Defcon 2021 full
DEF CON 29 brought together security researchers from around the world to talk about everything from app security and malware to car hacking and lockpicking. There were also some great talks that will be of interest to Apple users - so we decided to round them up for you in one place!īelow you’ll find brief summaries of this year’s Apple-related DEF CON presentations, along with links to the speakers’ social media accounts and full videos of the talks on YouTube. DEF CON 29 Apple security and privacy talksĪlong with Black Hat USA, DEF CON is the other huge infosec event in August.
0 kommentar(er)
