Threat Research

Black Hat US 2016 Wraps Up

By David Maciejak | August 16, 2016


Once again, Black Hat US 2016 was held in Las Vegas in the huge Mandalay Bay resort conference center.

This is the biggest Black Hat event of the year, and for sure the largest computer security conference as well. In fact, this year it broke its attendance record as its largest USA show in Black Hat’s 19-year history. To give you a better picture, we are talking about more than 15,000 of the most security savvy professionals gathering from all over the world.

I spent some time wandering around the exhibition area, also called the “business hall”, among the 256 security exhibitors. Fortinet had a nice booth there as well, as reported already by Bill McGee some days ago here.

As a security researcher, my mission was to follow some talks and collect some insights. Again, it was hard to choose which topic to follow at a given time, because this year there were more than 175 speakers, split into nine parallel tracks.

The following sessions grabbed my attention.


“A lightbulb Worm?” by Colin O’Flynn

I think that this was the session I most appreciated, not only because it was in the morning and everybody was fresh, but because it was well done and interesting. The two guys on stage demonstrated how to hack a smart lightbulb. They even showed us a video of a war flying session they did where they hacked an industrial building and turned on and off lights successively to call for help by transmitting SOS using Morse code. The security of IoT devices is a big deal these days, because most of devices are headless and just can’t be updated. However, that’s not the case for these lightbulbs. You can upgrade the firmware, and the researchers even mentioned that the vendor was really keen on providing a fix to the demonstrated vulnerability as soon as possible.


“Understanding HL7 2.x Standards, Pen Testing, and Defending HL7 2.x Messages” by Anirudh Duggal.

This was an interesting talk about the underlying protocol used by medical devices, called HL7 which stands for Health Level 7.

The speaker mentioned that most of the time, medical devices don’t use any encryption. That means that if an attacker runs a MITM attack, he can easily sniff personally identifiable information, like the patient’s full name and SSN, as well as collecting critical data like the allergy field or diagnostic field.

In these kinds of healthcare networks, it would make sense to implement internal segmentation firewalls, as well as use specific application control detection like the one we have for HL7.

For tech people, one of the most exciting parts of BlackHat is the Arsenal area, where you can meet authors who are demonstrating their tools. One of these was about the upcoming Cuckoodroid version 2.0, by Idan Revivo.

Idan provided a quick look into the new version, and ran some live demos about how to sandbox an Android malicious package. I was quite amazed by the support of the Android x86, and how fast a sample can be analyzed. The new version has yet to be released, but when it is it will be available on the official github.

I don’t have enough space here to describe the whole event. So I would recommend that you get some more details by crawling the available briefings at

See you next year, same time, same place, for the return to the biggest Black Hat ever!

-= FortiGuard Lion Team =-