5 Black Hat Talks You May Not Want to Miss

In a few days, security researchers, vendors, feds and hackers of all stripes will descend upon Las Vegas for Black Hat USA.

According to event organizers, the annual security conference is expected to draw 6,500 people this year. The event will also include around three dozen zero-day disclosures, scores of new tools and talks touching on everything from mobile security to hacking embedded devices.

With so much on tap, attendees are going to have their hands full trying to decide what talks and events to attend. But as the conference has been gearing, certain briefings and keynotes have emerged as ones likely to be packed. Here at SecurityWeek, we have compiled a short list of talks attendees should think twice before missing.

1. NSA Comes to Town: July 31, NSA Director Gen. Keith Alexander will give a keynote at the conference. Whether or not his comments will go into the controversy surrounding the leaks by Edward Snowden remains to be seen. Nevertheless, his keynote is worth attending to hear what may get said, particularly since feds were discouraged from attending the DEFCON conference.
2. Cell phone/Spy Phone: There are a number of sessions focused on mobile security. One of the talks that have already received a significant amount of attention and interest include a talk by researchers Tom Ritter, Doug DePerry and Andrew Rahimi  that will demonstrate how to use a femtocell cellular base station to intercept voice and SMS traffic and other data. This briefing is scheduled for July 31.
3. SIM Card Vulnerabilities: Security researcher Karsten Nohl is giving a talk on exploiting SIM card implementation and configuration bugs in SIM cards that can be used to hijack mobile phones. The issue is believed to affect millions of phones using the DES encryption standard. This briefing is slated for July 31.
4. Compromising Industrial Networks on Tap: Lucas Apa and Carlos Mario Penagos of security vendor IOActive will be discussing vulnerabilities in industrial automation and control systems. In their presentation, Apa and Penagos will review the most commonly implemented key distribution schemes and their weaknesses. They will also demonstrate attacks that exploit key distribution vulnerabilities they found in every wireless device developed during the past few years by leading industrial wireless automation solution providers who customers include companies throughout the energy sector. Their briefing is scheduled for Aug. 1.
5. Google Android Master Key Vulnerability:  Jeff Forristal of Bluebox Security will finally detail the widely-publicized master key vulnerability impacting Google Android devices. Recently, researchers at Symantec and other firms found the first set of malicious applications seen in the wild exploiting the issue, which Google has issued a patch for. The briefing is Aug. 1.

The conference itself will stretch from July 27 to Aug. 1 at Caesars Palace Hotel and Casino, dovetailing into the Defcon conference, which will run from 1-4, 2013 at the Rio Hotel and Casino.