Key exploitMozilla software developer Cody Brocious demonstrated a homebrewed device made for US$50 that unlocks electronic hotel room doors secured with key cards. However, Brocious’s device works only on locks made by Onity, and it works about 33 per cent of the time.
Counterfeit eyesThink iris scanning is secure? Researchers from a university in Madrid showed how they could create a lifelike image of the iris of a person’s eye. In tests against a top commercial recognition system, the iris scanner was fooled 80 per cent of the time. Images of fake irises have been created in the past, but this is the first time the iris of an actual person has been duplicated from data gathered about the organ.
Evading the BouncerWhen Google introduced Bouncer to its online app store, GooglePlay, it was believed the technology would go a long way toward cleaning up apps there infected with malware. But Trustwave demonstrated how, through the use of sophisticated masking techniques, it was able to slip a pernicious app under Bouncer’s radar and remain camped in GooglePlay for two weeks before the researchers took it down.
A trojan in the cardsA pair of researchers demonstrated a payment card they designed that can infect a point of payment terminal when it was swiped by the device. The card planted on the terminal a Trojan that collected credit card information and PIN numbers entered into the device. That information could be later extracted from the terminal with another malicious card.
Tap-and-hackNear Field Communications (also called tap-and-pay) was shown to be vulnerable by Accuvant researcher Charlie Miller, who demonstrated how a tag embedded with an NFC chip could be used to compromise the information in an Android phone simply by brushing against it.
Dubious achievementFinally, among the Pwnie Awards for dubious achievement went to the unknown creators of the Flame software who developed a scheme that used Windows Update to deliver malware to PCs. The authors of Flame did not accept their award when it was announced.