Day: August 4, 2007

Defcon 15: Exploiting Authentication Systems

August 4, 2007 by 34 Comments


[Zac Franken] gave a good talk on authentication systems. (Card readers, biometric systems, etc). After a good introduction to various access control systems, he demoed an excellent exploit tool. Rather than focus on the access mechanism, he exploited the lack of reader installation security. Most card readers are secured by a plastic cover and a pair of screws. Inside, the reader wires are vulnerable. [Zac] put together the equivalent of a keyboard sniffer for the reader wiring. With this little device in place, he was able to collect access codes and use them to exploit the reader authentication system.

The operation goes like this: Install the sniffer. Let it collect some codes. On return, [Zac] is able to use his own card to become a pseudo authenticated card owner, restrict and allow access to other cards. That’s it. No sneaking up behind people to read their cards, just a few minutes with a screwdriver.

He’s not releasing the design, simply because measures to prevent this type of intercept/control mechanism would be extremely costly.

Defcon 15: Hacking EVDO

August 4, 2007 by 20 Comments


[King Tuna]’s Hacking EVDO was a popular talk. Things are really just starting on this front. Now that some of the newer cards have unlocked firmware (probably thanks to the need for sofware update EVDO revisions), It’s now possible to edit the firmware. With the door open, people can start mucking around with ESN’s and we’ll probably see some ESN duplication exploits soon.

Defcon 15: WiCrawl From Midnight Research Labs

August 4, 2007 by 2 Comments


[Aaron] gave the latest on WiCrawl. The focus has been on the UI and usefulness for penetration testing. It’s got support for [David]s coWPAtty FPGA WPA cracking accelerator and some UI improvements. Even better, you can grab the WiCrawl module to put on a BackTrack Slax livecd from the project page. [Aaron] passed out some CD’s at the talk – I’ll update if the ISO gets posted.

And yes, I think I finally recovered from playing Hacker Jeopardy on team MRL. We held our own, but lost on the (LAME) final jeopardy question.