The 10 Best -- And Scariest -- Hacks From 20 Years Of Black Hat Conferences

Honoring Hacks

Black Hat is one of the biggest stages for hackers and security researchers to demonstrate the latest and greatest hacks on devices, systems, and critical infrastructure. Over the past 20 years, the conference has displayed many significant vulnerabilities that led to major patches and highlighted security challenges with medical devices, ATMs, cars, routers, mobile phones and more. In celebration of the 20th anniversary of the conference this year, which is being held next week in Las Vegas, CRN has compiled some of our favorite hacking demonstrations from the conference's history. Take a look through some of the best – and scariest – hacks of the past 20 years of Black Hat.

Car Hacking

In 2015, hackers Charlie Miller and Chris Valasek (pictured) caused a massive 1.4 million vehicle recall for a software patch after successfully hacking into a Jeep Cherokee. The hack used a zero-day exploit in the car's Uconnect system. In doing so, the hackers gained access to the vehicle's entertainment system, controls, steering, brakes, transmission and more -- from more than 10 miles away -- and ultimately caused the car to crash in a ditch. Solution providers s at the time said the hack served as a wake-up call for automakers and other manufacturers developing connected technologies, and the need to embed security into the systems from the start.

ATM Hack

In 2010, renowned hacker Barnaby Jack demonstrated vulnerabilities in ATMs, a demonstration that had the machines spitting $50 bills onto the floor of the event. He demonstrated multiple vulnerabilities in common ATM systems and software that year, including being able to overwrite the system after inserting a USB drive and leveraging a remote management feature on the ATMs. He said these vulnerabilities could be leveraged to steal cash, copy credit card data or learn master passwords.

SQL Slammer Worm

First introduced at Black Hat in 2002, the Slammer worms wreaked havoc on SQL Server systems the following year, hitting more than 75,000 victims in less than 10 minutes on Microsoft SQL Server 2000. The worm, demonstrated by David Litchfield as a proof of concept, revealed vulnerabilities in Microsoft and Oracle products that allowed for buffer overflow. Microsoft patched the vulnerability before the 2003 attacks, but users affected had not updated their systems.

Conficker Worm

In 2009, the Conficker worm had attendees on high alert, with a USB infected with the Conficker worm reportedly floating around the conference. The Conficker worm, which was under investigation at the time and the subject of a talk by Mikke Hypponen, is a computer worm targeting Windows operating systems. The worm, which infection millions of computers, uses vulnerabilities in Windows systems and dictionary attacks to spread and form a botnet.

RFID Hacking

RFID technology is widely used in many companies for physical access control and tracking. Black Hat 2013 demonstrated the hackability of this technology with a demonstration by Francis Brown into hacking and cloning RFID tags. His demonstration included developing long-range RFID readers and then copying those RFID cards, a proof of concept that had serious implications for physical access security.

Apple Smart Battery Hack

Apple made its first official appearance at Black Hat last year, but its devices have felt the heat from Black Hat hackers in years past. In 2011, security researcher Charlie Miller demonstrated how firmware embedded in Apple batteries, centering around the microcontrollers that are part of the standardized Smart Battery System, could be exploited to brick the batteries and launch denial-of-service attacks against the operating system. Miller had also previously demonstrated vulnerabilities in Apple's Safari Web browser.

Cisco IOS Security Architecture

In 2005, security researcher Mike Lynn revealed a major vulnerability in Cisco's Internetwork Operating System for the company's routers. Lynn demonstrated at Black Hat how the vulnerability, which was patched before the talk, could be leveraged to take over enterprise networks. The vulnerability could shut down the Cisco routers with a work attack, in such a way that the routers could not be restarted. Cisco gave significant push back against the talk, and Lynn ultimately had to quit his job from ISS to complete the presentation.

FAA Air Traffic Control Systems

Black Hat has demonstrated the vulnerability of many critical infrastructure systems. One example of that was a 2012 presentation by computer scientist Andrei Costin, which revealed security risks in the FAA's Automatic Dependent Surveillance-Broadcast air traffic control system. He showed how the vulnerabilities left air traffic messages and plane locations were open to viewing and how hackers could insert their own messages and spoof aircrafts. Other demonstrations of critical infrastructure security weaknesses in other Black Hat presentations include vulnerabilities in SCADA systems, satellite terminal communications links, and oil and gas systems.


In 2015, security researchers at Zimperium zLabs revealed what they called the "Mother of all Android Vulnerabilities." The series of vulnerabilities in Android's Stagefright multimedia playback tool could allow hackers to access a user's mobile device with only the person's mobile number (and no need for the user to click on a link or download a file, as in a phishing attack). The demonstration was just one of many over the years about Android vulnerabilities. The vulnerability was present in 95 percent of Android devices, around 950 million devices, the company said. Devices running older versions of Android (before Jelly Bean) are particularly vulnerable because of "inadequate exploit mitigations," it said. Google has provided a patch for the vulnerabilities.

Medical Devices

Medical devices are another area that has been a popular target of Black Hat hacker demonstrations. One such demonstration in 2009 by Jerome Radcliffe showed how he could hack his own insulin pump and continuous glucose monitor. The hack, requiring only the pump's serial number, leveraged vulnerabilities in the radio frequency technology to wirelessly disable the insulin pump or deliver a lethal amount of insulin.