Date: 18th February 2020: The Hackers Meetup, Ahmedabad chapter organized their monthly meetup on 16th February 2020. The Hackers Meetup is a community of cybersecurity enthusiasts and has multiple chapters in Gujarat including Ahmedabad, Vadodara, Rajkot, and Surat along with soon aiming to set it up in cities of other states including Maharashtra, Rajasthan, Karnataka, Tamil Nadu, etc. The Hackers Meetup is an initiative by Comexpo Cyber Security Foundation with a motto;
By the Hackers, For the Hackers – “Happy Hacking”
The program was initiated by Mr. Shrey Shah; Chapter Lead, The Hackers Meetup Ahmedabad. The speaker shared a talk on Bug bounty –The Beginning including highlights on the need for the bug bounty program, as to how renowned companies create the same, over and above their existing development team. A major benefit of a bug bounty program to the companies is the fact that their vulnerabilities get highlighted.
The talk included a discussion on Responsible disclosure, the benefits that can be received through the bug bounty program including the highlight of the hacker’s name on the company’s website, goodies, certificate, etc.
Alongside, preparation of the bug bounty report, an ideal disclosure mechanism of the findings that happens post-approval of the company.
The talk concluded with live PoC (Proof of Concept) preparation, by sharing of example which was created through Bandicam(Video Recording Software).
Further, the next speaker, Mr. Viral Parmar, Founder, The Hackers Meetup shared a talk on Engineering a Malware. Malware word is a result of words including Malicious Software. The talk discussed on Malware and how to avert the same, along with highlights on Virus and its types, based upon the effect it creates.
Never install a free antivirus through an unauthorized website, ideally, that could be a virus too. These days, viruses could get a backdoor into the processing devices and even utilize the same for Cryptocurrency mining.
Later discussion on Trojan horse, Ransomware, Wannacry (recently famous ransomware). A stat was shared, that 1 out of 4 people pay when they get attacked by a Ransomeware. The increase of IoT and smart devices are also prone to get hacked.
For the same, reference of Mr. Robot TV series, Season 2 Episode 1 was taken and the rise of RaaS (Ransomeware as a Service). Finally, 6 steps to save your devices from such attacks were shared.
Mr. Mahendra Purbia, Ethical Hacker, shared his talk on Hacking MI Band 3. The talk initiated with discussion on working of Bluetooth Technology, its types including Bluetooth Classic (majorly used for audio streaming) and Bluetooth Low Energy (BLE) (majorly used in fitness bands).
With a few simple steps, a practical as to how the access to the MI Band 3 can be achieved, further the device parameters can be monitored, modified as well, further if payloads can be sent through the MI Band 3 to the linked phone as well, thus showing that to be a serious security threat.
Mr. Ranga Reddy, Retd. Airforce Technical Office also graced the program with his presence. He talked about the two critical points, attack and protect. Next, he discussed the use case of Communication Channels, majorly Radio Frequency and Satellite-based devices that are being used, and the possibility of the hacks in the case of frequency getting revealed, later discussing the innovation scope in the domain.
He concluded with the example of Disc break, which is currently being used by civilians from a few years, while an equivalent technology was there in Aircraft much before 1994.
The program moved forward with a Panel Discussion on Malware attack and Piracy, led by Mr. Saurabh Sahu; OSD, GTU Innovation Council. The discussion started with understanding the insights for mobile-driven businesses and their consumers.
Mr. Shrey shared about the critically in approving the permission for app w.r.t the security of the devices. The need for routine check-up software and periodicity of the utility of apps got focused upon.
The discussion was forwarded as to how a quick response system can be created for global problems like Wannacry. Honeypots (a fake environment can be developed). Regular testing, preventive maintenance and regular updating of software are a must for companies.
Piracy is another major concern in Asian countries, the solution for the same to developers was provided that the technologies should be prepared in higher encryption technologies like 128 or 256 bits. Further, the risks of using pirated software with the analogy of Google were taken, as their revenue model is through consumer data.
Gaming and Application Industry is another big industry where piracy and clone apps exist, ideally, they may compromise the data. Unique Identification token (one-click login through FB, Google, Instagram, etc.) mechanism was also pointed out compared to the conventional login mechanism by Mr. Viral.
Finally, for the defense technology enthusiasts, DRDO program postings through the Startup India program were put forward by Mr. Reddy and the scope of the Defence Development Fund.
To stay updated with The Hackers meetup you may stay in touch with the Facebook Page, through the link: https://www.facebook.com/HackersMeetup/
About the Author:
Dhaval Kaku is a budding guest writer on Sugermint.com, with a focus on Startups and Startup ecosystems across Gujarat. He also helps startups with accessing Government grants and preparing startups at a nascent stage as a part of the GTU Innovation Council and Startup Center. He has been the former founder of Grungetech, a music tech, hardware startup. Also, contributing as Operation Head for The Hackers Meetup.