Black Hat 2019 is over. The event which takes place annually for the last 22 years, in Las Vegas, NV, hosted around 20,000 cyber security professionals this year. The day after Black Hat wraps up, the Def Con event takes place. Just to give you an idea of how Black hat has grown over the years:
2013 attendees numbered 7,500
2014 attendees numbered 9,000
2017 attendees numbered 17,400.
In five years the people attending has doubled. Black Hat has become the third largest cyber security conference in the USA. RSA is the largest hosted annually in San Francisco, CA, with roughly 45,000 attendees and Def Con with roughly 25,000.
This year’s conference had some standout sessions. The opening keynote was given by Dino Dai Zovi, the mobile security lead at Square, who set the theme of the show with his discussion about security as it relates to communication and collaboration with other teams. You can view his presentation at https://youtu.be/v1_mMO30Mxw.
The fail of Apple to protect their products was the talk of the conference. There were multiple presentations about vulnerability in Apple products, which have inaccurately been considered more secure than competitors. In one of the most impressive demos, Google Security Engineer Natalie Silvanovich showed how she partially seized control of an iPhone just by sending it text messages
Apple claimed that recent software updates fixed the issues presented by Silvanovich. Hackers also showed off an Apple Lightning charging cable custom-modified with electronics that allow it to be used to access any Mac it has been connected to over a Wi-Fi network.
In response to continual flaws in the iPhones and other products, Apple announced improving their bug-bounty program upping the rewards they offer to $1 million-dollar payouts for certain vulnerabilities. Apple also added more devices to be in-scope for the program, like Mac devices, WatchOS and TVOS.
The general consensus among the attendees was Apple is way behind the curve and late to the party in terms of having an open bug bounty program. It was well received news.
There was an unvetted pay-to-play session which sponsors can use any way they wish. A company called Crown Sterling and speaker, Robert Grant, gave a presentation entitled “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean for Encryption?” The talk did not go over well. A well-known security expert Dan Guido interrupted the session and challenged the speaker. The conference goons, monitors, ejected Guido from the talk. The topic was about a new type of encryption that he termed “Time AI.” There were no technical details provided about how his company has invented a mysterious quantum physics-based encryption algorithm that is unbreakable. Researchers cried BS on it.
He used jargon like, “infinite wave conjugations” and some other phases that he did not link back to any technical specs. People started taking to Twitter and making fun of this. Researchers claimed that it is dangerous and he is committing fraud by saying his company has this type of encryption technique that clearly cannot exist or does not exist, and if it does, he needs to prove it. Conference organizers deleted him from their audio recordings and cut off access to his talk completely, even the recorded version after the fact.
The Business hall was teaming with visitors. Much like past conferences, the big players were in force with impressive booths. Cisco, RSA, Splunk, Crowd Strike, Service Now, Recorded Future. Cylance was acquired last year for $1.5 billion dollars. Their name change stood out. Blackberry|Cylance.
As in years past, many VC funded companies had smaller booths. Though after walking the floor there seemed to be little new and innovative technologies, just a different spin on what is already out there.
Attendees had no issues finding after event parties. Most are hosted by the larger companies. Others teamed up together in smaller venues. One company, Cymatic, who did not have a booth this year, stood out with an executive launch dinner featuring well know security leader, Malcolm Harkins, who joined their team as the Chief Security and Trust Officer after the Blackberry purchase of Cylance, followed by events at the Omni, and happy hour at Kumi with co-sponsor Safe Breach.
One of the largest parties every year is the Security Leaders VIP Party hosted by Digital Shadows, Tessian, Threat Quotient, AT&T Cybersecurity, Risk Sense, Mimecast, Capsule 8, vArmour, and Cybrary.
This year’s Black Hat was a success.
SecureNation was present and represented by CEO, Jon Davis. “It was great visiting our channel partners, meeting new people, and fostering relationships with future partners. We look forward to continually bringing our customers the best solutions to fit their needs be it a new innovative company or a tried and true one.”
Image Source: https://www.youtube.com/watch?v=v1_mMO30Mxw&feature=youtu.be