Security Experts:

Connect with us

Hi, what are you looking for?


IoT Security

DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites

Tens of researchers showcased their work last week at the DEF CON hacking conference. They presented research on hacking phones, cars, satellite communications, traffic lights, smart home devices, printers, and popular software services, among many others.

Tens of researchers showcased their work last week at the DEF CON hacking conference. They presented research on hacking phones, cars, satellite communications, traffic lights, smart home devices, printers, and popular software services, among many others.

Here is a summary of some of the most interesting presentations from DEF CON 2020:

Hacking Samsung smartphones via Find My Mobile

A series of vulnerabilities affecting Samsung’s Find My Mobile could have been chained to track a phone, wipe it remotely and perform various other activities, according to cybersecurity company Char49. The flaws were patched by Samsung last year.

Vulnerabilities in Qualcomm chips expose over 1 billion devices to attacks

Check Point has identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks. At least one billion devices are believed to be affected and while Qualcomm has developed patches, it’s now up to OEMs to distribute them to end-users.

DEF CON 2020 summary

Vulnerabilities exposed thousands of HDL smart devices to remote attacks

Several vulnerabilities found by SentinelOne researchers in smart devices made by HDL could have been exploited to remotely hack thousands of impacted devices found in homes and buildings. The vendor released patches after being notified.

New techniques for bypassing biometric systems

Yamila Levalle from Dreamlab Technologies has demonstrated some new techniques for bypassing biometric systems, particularly fingerprint scanners, using 3D printing.

Related: Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

Zoom vulnerabilities allowed data theft and malware deployment

Zoom recently patched some vulnerabilities that could have been used by an attacker with access to a device to steal user data and execute malware. The researcher who discovered the flaws described his findings.

Analysis of a Boeing 747-400 from a hacker’s perspective

Researchers from Pen Test Partners presented the systems of a Boeing 747-400 airplane, focusing on systems that could be of interest to a hacker. They pointed out that some updates are still performed using floppy disks.

Hacking smart traffic light systems

Researchers at Netherlands-based applied security research company Zolder showed how they hacked a traffic light management system that is connected to a smartphone app. They talked about how a hacker could remotely control traffic lights. The affected product is used in over 10 municipalities in the Netherlands.

TLS 1.3 enables a new type of domain fronting

Domain fronting has been used to bypass internet censorship and monitoring, but it stopped being popular in 2018 when Google and AWS stopped supporting it. A researcher from SIXGEN says he has found a new form of domain fronting that leverages TLS 1.3.

Targeting satellite communications using home TV equipment

Researcher James Pavur demonstrated an attack on satellite broadband communications networks using $300-worth of home television equipment. He showed that he could intercept sensitive data transmitted on satellite links by some of the world’s largest organizations.

Hacking a Tesla’s battery management system

A researcher from Rapid7 described how he was able to hack a Tesla’s battery management system to obtain more power for the electric vehicle. While he bricked a car during his experiments, he ultimately did manage to make a car faster.

Hacking Spark clusters

A researcher from Qonto showed how an attacker could “pop a shell” on hundreds of Apache Spark nodes. Such an attack can result in a malicious actor gaining access to highly sensitive information belonging to a company.

Printer attacks

Researchers from SafeBreach found potentially serious vulnerabilities in the Windows Print Spooler service, the same service that was targeted by the notorious Stuxnet malware in attacks on Iran. A vulnerability in the Print Spooler service was also identified by researchers from Tencent Security Xuanwu Lab.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.