Hack a Day » defcon16

BSoDomizer blue-screens your enemies

Eliot — Sun, 02 Nov 2008 21:32:21 +0000

In case you were wondering what industrious hacker [Joe Grand] was doing when he’s not building stuff for Prototype This!, designing Defcon badges, or testifying before congress, it’s this: The BSoDomizer is a VGA pass through device that displays an image of your choice on the victim’s screen. It can do this either periodically or via an IR trigger. The image of choice is a Windows style Blue Screen of Death. It’s powered by a watch battery. The project site has all the schematics you need plus ASCII goatse imagery; you’ve been warned. Embedded below is a demo of the device. We unfortunately didn’t get to see it when it was originally presented during Defcon 16.

[via Gizmodo]

Posted in home entertainment hacks, peripherals hacks, portable video hacks

Subway hacker speaks

Eliot — Mon, 25 Aug 2008 04:30:00 +0000

Popular Mechanics has an interview with [Zach Anderson], one of the MIT hackers that was temporarily gagged by the MBTA. The interview is essentially a timeline of the events that led up to the Defcon talk cancellation. [Zach] pointed out a great article by The Tech that covers the vulnerabilities. The mag stripe cards can be easily cloned. The students we’re also able to increase the value of the card by brute forcing the checksum. There are only 64 possible checksum values, so they made a card for each one. It’s not graceful, but it works. The card values aren’t encrypted and there isn’t an auditing system to check what values should be on the card either. The RFID cards use Mifare classic, which we know is broken. It was NXP, Mifare’s manufacturer, that tipped off the MBTA on the actual presentation.

Defcon 16: List of tools compiled

Kimberly Lau — Tue, 19 Aug 2008 22:30:00 +0000

Zero Day posted a list of tools and applications that were released at Defcon 16. The applications run the gamut, from Beholder, an open source wireless IDS tool, to CollabREate, a reverse-engineering plugin that allows multiple people to share a single project. The list covers a lot of ground, and there’s a lot for hackers to play around with and explore. It’s nice to see someone bothering to maintain a list since the majority of conference tools just get lost in the shuffle and are never seen again.

Defcon 16: Biometric cloning

Eliot — Fri, 15 Aug 2008 04:40:00 +0000

One of the more novel talks we saw at Defcon was [Zac Franken] presenting on access control systems. He covered several different types, but the real fun was his live demo of bypassing a hand geometry scanners like the one pictured above. With the help of two assistants, 4 pounds of chromatic dental alginate, and 5 liters of water, he made a mold of his hand. The box he placed his hand in had markings to show where the pegs on the scanner are located. After 2 minutes he could remove his hand from the cavity. They then filled the mold with vinylpolysiloxane, making sure to remove all bubbles. 20 minutes later the hand was solid and passed the scanner’s test. This may not be a completely practical attack, but it does defeat the overall idea of biometrics; biometrics are built on the assumption that every person is unique and can’t have their features reproduced.

[Zac] also showed an interesting magnetic card spoofer that emulated all three tracks using coils of magnet wire. We hope to see more about that in the future.

[photo: morgan.davis]

Defcon 16: Glimpses of the Network Operations Center

Kimberly Lau — Tue, 12 Aug 2008 03:52:00 +0000

Wired’s Threat Level takes us on a photo tour of the Defcon Network Operations Center, giving a unique behind-the-scenes perspective of one of the largest computer security conventions. The Defcon Network Operations Center is run by a volunteer group named the “Goons”. They keep operations running smoothly and securely with both high and low-tech resources, like a Cisco fiber switch and an armed guard, to protect the router and firewall.

Defcon 16: Covert Warballooning flight

Benjamin Eckel — Mon, 11 Aug 2008 00:49:00 +0000

Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

Defcon 16: Pacemaker-B-Gone

Benjamin Eckel — Sun, 10 Aug 2008 04:43:00 +0000

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.

Defcon 16: MIT Boston transit presentation gagged

Patrick Lokken — Sun, 10 Aug 2008 03:45:00 +0000

[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.

Black Hat 2008: French hacking failure

Patrick Lokken — Sat, 09 Aug 2008 00:30:00 +0000

French reporters at Black Hat crossed the line when they sniffed fellow reporters’ login info on the designated “safe” wired network. Proud of their handiwork, they were nabbed when they tried to get their spoils posted on the wall of sheep, which is used to publicly post attendees credintials. It turns out that monitoring communications without informing one of the parties involved is a felony, so although it is legal to sniff convention goers’ login info with their knowledge, hacking reporters covering the event is a no-no. An FBI agent we ran into commented that in his experience, they’d probably just turn it over to the local US attorney’s office to see if they wanted to proceed with an investigation.

We’re in the Defcon press room today and there’s still a buzz about these “sleazy” French reporters. We’re tunneling through our cell connection like any sane person at a security conference.

Defcon 16: Badge details released

Eliot — Tue, 05 Aug 2008 22:30:00 +0000

Defcon will once again be one-upping the sophistication of the conference attendee badges. Wired has just published a preview of this year’s badge. The core is a Freescale Flexis MC9S08JM60 processor. The badge has an IR transmitter and receiver on the front plus eight status LEDs. On the back (pictured below), there is a mode select button, CR123A battery, Data Matrix barcode, and an SD card slot. You can add a USB port to the badge and upload code to it using the built in USB bootloader. All the dev tools needed will be included on the conference CD or you can download the IDE in advance. The low barrier to entry should lead to some interesting hacks. In previous years, you needed a special dongle to program the hardware. There is no indication as to what the badge does out of the box. Releasing the badge early is a first for Defcon and the one pictured isn’t the attendee color, but we’re sure someone will still come up with a clone.

Now comes the fun part: What do you think the best use of this badge will be? Would Defcon be so cavalier as to equip everyone in the conference with a TV-B-Gone? I think our favorite possibility is if someone finds a security hole and manages to write an IR based worm to take over all the badges.

Defcon 14 introduced the first electronic badge which blinked in different patterns. Defcon 15 had a 95 LED scrolling marquee. [Joe Grand] will be posting more specific Defcon 16 badge details to his site after the opening ceremony. Check out more high resolution photos on Wired.

[Photo: Dave Bullock]

Defcon 16 schedule finalized

Eliot — Sat, 28 Jun 2008 08:05:00 +0000

If you were waiting to finalize you travel plans, now’s the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There’s quite a few talks we’re looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.

Defcon badge hacking contest

Eliot — Thu, 26 Jun 2008 05:20:00 +0000

[Joe Grand] is designing the Defcon badges for the third year in a row. Just like the previous years, they’ll be hosting a badge hacking contest. This time around though, they’re going to start leaking clues in advance. Earlier contests were often frustrating because of the specialized equipment needed to talk to the microcontroller. Hopefully this year it will be a lot more accesible. The specs for the badge have not been released yet, but after last year’s 95 LED scrolling marque, we can’t wait to see what this year will bring. [Joe] has posted info on the previous two badge designs and resulting contests.

DefconBots sentry gun competition

Eliot — Wed, 25 Jun 2008 01:30:00 +0000

DefconBots is returning again this year with their shooting gallery robot competition for Defcon 16. They’ve decided to leave the rules unchanged from last year. It’s a head to head competition between fully autonomous guns. The first gun to shoot all the targets on their side of the board wins. The rules aren’t very strict on design; as long as you use nonlethal nonmessy amunition and include a safety switch you’re pretty much good to go. The DefconBots site has a reference design to put you on the fast track to competing. Defcon 16 is August 8-10, 2008 in Las Vegas.

Related: [Aaron Rasmussen]‘s sentry gun we covered back in 2005

[photo: Bre Pettis]

DefCon CTF qualifier results

Eliot — Tue, 03 Jun 2008 00:00:00 +0000

Kenshoto held qualifiers for the DefCon‘s Capture the Flag competition last weekend. The top seven finishers: Routards, Pandas with Gambas, Guard@MyLan0, Shellphish, Taekwon-V, WOWHACKER, PLUS, and last year’s winners, 1@stPlace, will be invited to participate in the final this August in Las Vegas.

The qualification started Friday night at 10PM EDT with an email (Subject: M0rt4g3 y0ur /14gr4 up 2 3 1nch3$) being sent to all 451 registered teams. Connecting to the game server displayed a Jeopardy style score board. The five available categories were Binary Leetness, Forensics, Real World, Potent Pwnables, and Trivia, with point values from 100 to 500. Only one question was opened to start. The first team to answer that was allowed to select the next question to open and then any team could try to answer it. Participants were warned about the difficulty of the 500 level questions and the entire Real World category. At the end of everything, four questions still remained locked at the end.

If you’re interested in what type of questions the contest had, check out the write up on NOPSR.US, which has all the files and solutions. Non-qualifiers can still participate in DC949′s OpenCTF.

Upcoming convention roundup

Sean Percival — Sat, 31 May 2008 03:00:00 +0000

Lots of con news is coming in these days so lets do a quick roundup of upcoming events:

REcon
June 13-15, 2008
Montreal, Canada

REcon has started posting information about their training sessions such as the Advanced Reverse Engineering session with Nicolas Brulez.

The Last HOPE
July 18-20, 2008
New York City

The Last HOPE just announced its speaker list. It includes the infamous Kevin Mitnick, Mythbusters co-host Adam Savage, and author Steven Levy to name a few.

DEFCON 16
August 8-10, 2008
Las Vegas

The DEFCON team also released the first batch of speakers for this year’s convention. Qualification starts tonight at 10PM EST for the capture the flag (CTF) contest so be sure to get registered. Check the txt for more information. We recently talked about the beverage cooling contraption contest, but you can find many other contests on the forums.