johnk

Black Hat 2019: Highlights from the Biggest and Best Yet

Black Hat 2019

Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events. 

At booth 1330, we had a front row seat to some of the coolest trends at the conference -- and made some pretty huge waves of our own. Here’s a recap.

Hacking the Enterprise

In this era of massive data breaches, enterprise companies are realizing there’s only so much they can do internally to prevent cyber attacks. Businesses that process so much data find it difficult to scale their cybersecurity apparatuses with their revenue.

The recent Capital One breach will likely serve as a wakeup call for enterprise businesses: to fight hackers, they must think like hackers.

Hackers are no longer a quirky, outside-the-box option for businesses looking to try something new. Enterprise companies are realizing that hackers can play a crucial role in any mature security infrastructure. At Black Hat, we saw more enterprise companies than ever incorporating hackers and pentesters into their security stack. Microsoft, Google, IBM, and Cisco are just some of the many giants who mingled with hackers at the conference.

Apple made a splash by inviting researchers to hack on an iPhone. They offered a $1 million bounty for any persistent vulnerability that could get kernel code execution and didn’t require victims to click on anything.

The Government is Embracing Ethical Hackers

HackerOne has had a long and fruitful partnership with the federal government. The Pentagon, all branches of the military, and the Department of Defense have all been empowered by vulnerability disclosure policies or live hacking programs. We’ve even partnered with the government of Singapore and the European Union to help protect them from potential security threats.

Now, researchers at Black Hat have confirmed what we’ve already known: the federal government is embracing ethical hackers. According to a survey from The Cybersecurity 202, 72% of experts believe the government has a better relationship with hackers than ever before.

So what does this mean? This means that the government is looking to ethical hackers to test their security gaps with a scale and legitimacy that we haven't seen before. Enterprises should take note that cyber legislation is on the horizon.

Everything is Hackable

One of the most fascinating parts of Black Hat was seeing just how much stuff hackers were able to crack.

Ten of the country’s top medical device companies set up a hospital replica at the Planet Hollywood Casino: hospital rooms, a bloodwork lab, even neonatal and intensive care units. These rooms were packed with pacemakers, drug infusion pumps, and dozens of other devices. Medtronic, Abbott, and competitors invited hackers to probe the devices for vulnerabilities. A spokeswoman from Medtronic commented, “Medtronic has really made a concerted effort to embrace this community and we recognize the value they bring.”

It wasn’t just medical devices. Hackers demonstrated vulnerabilities in GPS systems, Intel chips, 5G, the Boeing 787 network, bluetooth-enabled locks, and much more. One hacker was even able to hack an iPhone...just by sending text messages.

While it can be easy to get overwhelmed by the growing attack surfaces and increasingly porous nature of a company's cyber defenses, finding vulnerabilities can actually be a key feedback loop that helps security and dev teams improve over time. Case in point: Take a look at our HackerOne top 10 vulnerabilities -- 50% of which aren't found in the OWASP Top 10. With everything becoming hackable, vulnerability data is key to driving improvements.

Hackers are Crazy Talented

You already knew that, right? But did you know how talented? This year, HackerOne awarded nearly $2 million in bounties at our live hacking events. That’s a new record!

But that’s not the only record we smashed. The Paranoids, Verizon Media's aptly named security team, paid out over a million dollars in bounties to hackers. That is the highest number of bounties ever awarded at a live hacking event.

Kudos to all the hackers, businesses, and security leaders who made Black Hat 2019 such an amazing event. Looking forward to next year!

The 7th Annual Hacker-Powered Security Report

Hacker-Powered Security Report