As promised in their yellowsnow demo, [pytey], [MuscleNerd], and [planetbeing] from the iphone-dev team presented at 25C3 on their work Hacking the iPhone. The team originally formed in 2007 and this is the most comprehensive presentation on how the iPhone was compromised to date. You can find the full talk embedded above.
[Florian] and [Xavier Carcelle] started the day at 25C3 by covering power line communication. PLC technology is not widespread in the US, but has gained popularity in countries like France where it’s included in set-top boxes. PLC lets you create a local network using the AC wires in your wall. The team started exploring PLC because despite being newer technology, it had a few principles that made it similar to old networks. There’s no segmentation in the wiring, which means it behaves like a layer 2 hub. You get to see all of the traffic unlike a switched network. Most power meters don’t filter out the signal, so it’s possible that you might see your next-door neighbor’s traffic on your line. [Florian] reports having seen all the traffic in a six-story building just by plugging in. The wiring also acts as a large antenna so you could employ tempest attacks.
[Kai Kunze] from the Embedded Systems Lab at Passau came to 25C3 to talk about Cyborgs and Gargoyles: State of the Art in Wearable Computing. There have been a lot of homebrew wearable computing solutions, but [Kai] covered specifically projects that could see everyday use in the real world.
The 25th Chaos Communication Congress is underway in Berlin. One of the first talks we dropped in on was [script]’s Solar-powering your Geek Gear. While there are quite a few portable solar products on the market, we haven’t seen much in the way of real world experience until now.
With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.
Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.
The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.
To appease people waiting for the iPhone 3G unlock, iphone-dev team member [MuscleNerd] did a live video demo this afternoon. The video shows him removing the AT&T SIM and putting in a T-Mobile SIM. After the switch, the phone shows no connectivity. He then runs “yellosn0w” in an SSH session with the phone. The phone then unlocks without needing to be rebooted and the signal bars appear. The final test shows the phone receiving a call.
The target for this release is New Year’s Eve and it doesn’t support the most recent baseband. Well be attending the 25C3 talk hosted by [MuscleNerd] and other team members. The VNC screen you see in the video is thanks to [saurik]’s Veency.