Defcon 16: Covert Warballooning Flight

August 10, 2008 by 6 Comments


Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

Defcon 16: Pacemaker-B-Gone

August 9, 2008 by 24 Comments

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.

Defcon 16: MIT Boston Transit Presentation Gagged

August 9, 2008 by 13 Comments


[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.

Defcon 16: Badge Details Released

August 5, 2008 by 16 Comments


Defcon will once again be one-upping the sophistication of the conference attendee badges. Wired has just published a preview of this year’s badge. The core is a Freescale Flexis MC9S08JM60 processor. The badge has an IR transmitter and receiver on the front plus eight status LEDs. On the back (pictured below), there is a mode select button, CR123A battery, Data Matrix barcode, and an SD card slot. You can add a USB port to the badge and upload code to it using the built in USB bootloader. All the dev tools needed will be included on the conference CD or you can download the IDE in advance. The low barrier to entry should lead to some interesting hacks. In previous years, you needed a special dongle to program the hardware. There is no indication as to what the badge does out of the box. Releasing the badge early is a first for Defcon and the one pictured isn’t the attendee color, but we’re sure someone will still come up with a clone.

Now comes the fun part: What do you think the best use of this badge will be? Would Defcon be so cavalier as to equip everyone in the conference with a TV-B-Gone? I think our favorite possibility is if someone finds a security hole and manages to write an IR based worm to take over all the badges.

Defcon 14 introduced the first electronic badge which blinked in different patterns. Defcon 15 had a 95 LED scrolling marquee. [Joe Grand] will be posting more specific Defcon 16 badge details to his site after the opening ceremony. Check out more high resolution photos on Wired.

Continue reading “Defcon 16: Badge Details Released”

More Defcon 16 Events Announced

August 2, 2008 by 1 Comment


Defcon keeps announcing more and more interesting events for next week’s conference. A free workshop is planned for the soon to be released DAVIX live CD. DAVIX is a collection of tools for data analysis and visualization. They’ll be running through a few example packet dumps to demonstrate how the tools can help you make sense of it all. [Thomas Wilhelm] will be driving out from Colorado Springs in his Mobile Hacker Space. He’s giving a talk Sunday, but will be giving presentations a few hours every day at the van. Some researchers from NIST will be setting up a four node quantum network and demonstrating some of the possible vulnerabilities in the system. Finally, as part of an EFF fundraiser, Defcon will feature a Firearms Training Simulator. Conference attendees will participate in drills designed to improve their speed, accuracy, and decision making skills.

WarBallooning At Defcon

July 30, 2008 by 3 Comments

[rocketman] has posted about a new event at Defcon dubbed WarBallooning. They are using a Kismet drone (a modified WRT54G), a webcam, and a few high gain antennas. The balloon will be launched at about 15 stories and will be remotely fed targets chosen directly by the Defcon participants. The the directional antenna will be mounted to the camera so pan and tilt can be controlled. The Kismet CSV files will be available for everyone after the event.

If you are interested in WarDriving or building you own high-gain antennas, we suggest you check out this WiFi biquad dish antenna mounted on a car. If cars are too boring, or you do not have one, you could always go WarSailing or WarFlying. Yes, the permutations are endless.

[photo: JoergHL]

Defcon 16 Schedule Finalized

June 28, 2008 by No comments


If you were waiting to finalize you travel plans, now’s the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There’s quite a few talks we’re looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.