Hackers just spent the week in Las Vegas breaking into planes, politicians' websites, printers, heart monitors and slot machines

The other reason not to use your phone on a plane. Picture: Getty Images

Two of the biggest hacker conferences have just wound up in Las Vegas, finishing with what looked like an attack on one unfortunate casino’s slot machines:

For the past few days, Vegas has been host to the annual Black Hat and DEF CON conferences.

It’s mostly pretty dry content for the rest of the world, but generally, one or two of the more spectacular demonstrations make headlines.

Last year, Black Hat teams showed how to make ATMs spew cash, and how a car wash can be hacked to trap and attack people in their own cars.

Here are some of the highlights of this year’s events:

US elections

The past two years at DEF CON have been notable for investigations into how voting machines can be hacked — a hot topic following the 2016 presidential election in the US.

In March this year, DEF CON’s Voting Machine Hacking Village — the section which is home to vote-hacking demonstrations — won a Cybersecurity Excellence Award for promoting the awareness of the machines’ vulnerabilities.

Before this year’s event had even begun, the US’ National Association of Secretaries of State (NASS) made a point of saying the conference environment “in no way replicates state election systems, networks or physical security”.

In a release, NASS says:

“Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.

Obviously, the Voting Machine Hacking Village struck a nerve. And this year, the demonstrations were just as unkind to NASS.

Former National Institutes for Standards and Technology security expert Joshua Franklin lead a team of independent researchers who planned to show that three of every 10 candidates running for the US House of Representatives have significant security problems with their websites.

One hacker took a voting machine in use in at least 20 US states and turned it into a jukebox with an Illuminati GIF:

Oh, and 11-year-old child accessed a replica of the Florida secretary of state’s website and was able to change voting results found there in under 10 minutes.

Florida’s Secretary of State spokesperson stressed to BuzzFeed that “changing the appearance of the vote on a website isn’t the same as changing actual votes”.


Perhaps the most alarming Black Hat presentation for many this week came from Ruben Santamara of IOActive.

He showed how by accessing a satellite communications network, he could access phones, tablets and laptops on planes as they flew overhead.

Hypothetically, Santamara said, he could damage parts of the planes by transferring energy toward sensitive parts via radio frequencies.


Picture: Getty Images

Security firm McAfee bought a heart monitor off eBay and spent a couple months working out a way to hack into a medical network and falsify a patient’s vital signs.

VentureBeat reports “they were able to switch the display of a patient’s heartbeat from 80 beats a second to zero within five seconds”.

Home hardware

Researchers at Check Point sent a scare through HP after showing how they could take over tens of millions of fax-ready HP OfficeJet inkjet printers.

“There is no prerequisite for this attack,” they said. “All you need to do is send a malicious fax to the printer and you have control.”

HP had already been warned by Check Point and released patches to shut down the vulnerability prior to the start of the conference.

Entire cities

Sparked by the human error in January that had Hawaiians believing their homes were under missile attack, IBM’s X-Force Red Team look at “smart city” systems to see if it could find openings to launch “super villain” attacks.

In four city systems, it found 17 vulnerabilities, nine of which were considered “critical in nature”.

In one demonstration, the team hacked an IoT gateway that cities use to monitor alert sensors, and showed how it could be forced to record false readings.

SC Magazine reports IBM showed a hypothetical situation where that capability was used to release water from a dam and flood a fake road.


Elon Musk made an appearance for a Q&A session with engineers from Tesla and SpaceX.

For laffs

But some of the best hacks were in play even before DEF CON began, as attendees burned the wait time by hacking their own hotel services. This one was deleted soon after being posted:

At Caesar’s Palace, the load on air conditioners made an unexpected jump for the weekend:

Fortunately for one janitor, there were a few white hats in attendance:

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.