Archive for the ‘Apple’ Category

DEFCON 25/Black Hat updates: July 28, 2017.

Friday, July 28th, 2017

Round 2:

  • The white paper for “Free-Fall: Hacking Tesla from Wireless to CAN Bus” (Ling Liu, Sen Nie, Yuefeng Du) is here. Slides here.
  • Slides for “Exploiting Network Printers” (Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk) are here.
  • Found slides for “Breaking Electronic Door Locks Like You’re on CSI: Cyber” here. (I called this one wrong: no Bluetooth. Not a complaint, just an observation.)
  • This is one that I saw, overlooked, and now am intrigued by: “All Your SMS & Contacts Belong to ADUPS & Others“. “Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers in China – without disclosure or the users’ consent.” Slides. White paper.
  • Slides for Vlad Gostomelsky’s “Hunting GPS Jammers”. I think this is one that really needs video, too.
  • “Intercepting iCloud Keychain” (Alex Radocea) slides.
  • And “The Future of ApplePwn – How to Save Your Money” (Timur Yunusov) slides.
  • And (hattip to Mr. Yunusov) “Jailbreaking Apple Watch” (Max Bazaliy). I haven’t compared these slides to the onea on the presentations server, just FYI.

Okay, lunch time is almost over, and I feel like I’ve done enough damage to the security community today. I’ll try to have more updates later today or tonight.

Here’s your hat.

Wednesday, July 26th, 2017

Black Hat 2017 is just getting started.

There’s some overlap with DEFCON 25. For example, hacking wind farm control networks and the SHA-1 hash talk are on both schedules. But there are also a few things unique to the Black Hat 2017 schedule:

The same rules for the DEFCON post apply here: if you’re a presenter who wants some love, or if you want me to follow a specific talk, leave a comment.

DEFCON 25: 0 day notes.

Tuesday, July 25th, 2017

I’m not going again this year. Maybe next year, if things hold together. But if I were going, what on the schedule excites me? What would I go to if I were there?

Thursday: neither of the 10:00 panels really grab me. At 11:00, maybe “From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices” but I’m at best 50/50 on that. At 12:00, I feel like I have to hit the “Jailbreaking Apple Watch” talk. “Amateur Digital Archeology” at 13:00 sounds mildly interesting.

Not really exited by anything at 14:00. At 15:00, I suspect I would end up at “Real-time RFID Cloning in the Field” and “Exploiting 0ld Mag-stripe information with New technology“. And 16:00 is probably when I’d check out the dealer’s room again, or start getting ready for an earlyish dinner.

Friday: 10:00 is sort of a toss-up. THE Garry Kasparov is giving a talk on
The Brain’s Last Stand” and as you know, Bob, chess is one of my interests. On the other hand, there’s also two Mac specific talks, and Kasparov’s talk is probably going to be packed: I suspect I’d hit “macOS/iOS Kernel Debugging and Heap Feng Shui” followed by “Hacking travel routers like it’s 1999” (because I’m all about router hacking, babe). Nothing grabs me at 11:00, but I do want to see “Open Source Safe Cracking Robots – Combinations Under 1 Hour!” at 12:00:

By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, ‘set testing’ is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe.

13:00: “Controlling IoT devices with crafted radio signals“, and “Using GPS Spoofing to control time” at 14:00. (I do want to give a shout-out to the Elie Bursztein talk, “How we created the first SHA-1 collision and what it means for hash security“, though.)

Do I want to go to “Phone system testing and other fun tricks” at 15:00? Or do I want to take a break before “Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods“:

As we introduce each new attack, we will draw parallels to similar wired network exploits, and highlight attack primitives that are unique to RF. To illustrate these concepts, we will show each attack in practice with a series of live demos built on software-defined and hardware radios.

And then at 17:00, “Cisco Catalyst Exploitation” is relevant to my interests. However, I don’t want to dismiss “The Internet Already Knows I’m Pregnant“:

…EFF and Journalist Kashmir Hill have taken a look at some of the privacy and security properties of over a dozen different fertility and pregnancy tracking apps. Through our research we have uncovered several privacy issues in many of the applications as well as some notable security flaws as well as a couple of interesting security features.

Saturday: Nothing at 10:00. At 10:30, maybe “Breaking Wind: Adventures in Hacking Wind Farm Control Networks” because why not?

I have to give another shout-out to “If You Give a Mouse a Microchip… It will execute a payload and cheat at your high-stakes video game tournament” but I’m personally more interested in “Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices” at 11:00. (“All Your Things Are Belong To Us” sounds pretty cool, too, but I’d probably wait for the notes/repos/etc. to be released rather than attending in person.)

Oddly, there’s really nothing that grabs me between 12:00 and 15:00. At 15:00, “Tracking Spies in the Skies” mildly intrigues me (mostly for the ADS-B aspect), while at 16:00 I’m really excited by “CableTap: Wirelessly Tapping Your Home Network” (more home router hacking! Hurrah!)

At 17:00:

In this talk, we explore the security of one of the only smart guns available for sale in the world. Three vulnerabilities will be demonstrated. First, we will show how to make the weapon fire even when separated from its owner by a considerable distance. Second, we will show how to prevent the weapon from firing even when authorized by its owner. Third, we will show how to fire the weapon even when not authorized by its owner, with no prior contact with the specific weapon, and with no modifications to the weapon.

You have my attention.

(Related article from Wired. Presenter’s Twitter feed.)

Sunday: “I Know What You Are by the Smell of Your Wifi“, followed a little later by “Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years“.

Weirdly, after that, there’s nothing that interests me until the closing ceremonies at 16:00. (Though I might go to “Man in the NFC” if I was there.)

This seems like a very low-key year, and I’m not sure why. I don’t see any Bluetooth related stuff, and very little lock related. Perhaps I should be glad I’m skipping this year.

Anyway, you guys know the drill: if you see a talk you’re interested in, leave a comment and I’ll try to run it down. If you’re a presenter who wants to promote your talk, leave a comment and I’ll try to give you some love.

DEFCON 24 updates: August 8, 2016.

Monday, August 8th, 2016

More on Blue Hydra.

Sunday, August 7th, 2016

Earlier, I wrote “It runs! It works! Mostly. Kind of.”

I’ve been banging on Blue Hydra in my spare time since Thursday, and I stand by that statement. Here’s what I’ve run into so far.

The README is pretty clear, and I didn’t have any problems installing the required packages. (I don’t have an Ubertooth, so I skipped that one. We’ll come back to the Ubertooth later.)

First problem, which was actually very tiny: I know next to nothing about Ruby, other than that cartoon foxes are somehow involved, so the phrase “With ruby installed add the bundler gem” was more like “I don’t speak your crazy moon language”. Google cleared that up pretty quickly: the magic words are gem install bundler.

Next problem: running bundle install resulted in an error stating that it couldn’t find the Ruby header files. It turns out that, while my Ubuntu installation had Ruby 2.1 installed, it didn’t have the ruby-dev package installed. sudo apt-get install ruby-dev fixed that issue.

Next problem: the SQLIte Ruby gem failed to install when I ran bundle install. It turns out that I also needed the sqlite3-dev package as well. And with that installed, the bundle built, and I could do ./bin/blue_hydra.

Which gave an error stating that it didn’t have permissions to open a handle for write. Okay, let’s try sudo ./bin/blue_hydra (because I always run code from strangers as root on my machine; everyone knows strangers have the best candy). And that actually worked: Blue Hydra launched and ran just fine. In fairness, this may be a configuration issue on my machine, and not an issue with the software itself.

In playing with it, I’ve found that it does what it claims to do. Sort of. It’s been able to detect devices in my small lab environment with Bluetooth discovery turned off, which is impressive. I also like the fact that it stores data into an SQLite database; other Bluetooth scanning tools I’ve played with didn’t do that.

However, it seems to take a while to detect my iPhone; in some instances, it doesn’t detect it at all until I go into Settings->Bluetooth. Once I’m in the Bluetooth settings, even if I don’t make a change, Blue Hydra seems to pick up the iPhone. Blue Hydra also has totally failed to detect another smart phone in my small lab environment (and I have verified that Bluetooth was both on and set to discoverable.)

Now, to be fair, there may be some other things going on:

  • I’ve also observed previously that Bluetooth under Ubuntu 15.10 didn’t work very well. At all. So at one point on Saturday, just for giggles, I upgraded Project e to Ubuntu 16.01.1 LTS. And shockingly (at least for me) Bluetooth works much much better. As in, I can actually pair my phone with Ubuntu and do other Bluetooth related stuff that didn’t work with 15.10. That seems to have mitigated the discovery issues I was seeing with Blue Hydra a little, but not as much as I would have liked. (Edited to add 8/8: Forgot to mention: after I upgraded, I did have to rerun bundle install to get Blue Hydra working again. But the second time, it ran without incident or error, and Blue Hydra worked immediately aftewards (though it still required root).)
  • I was using the Asus built-in Bluetooth adapter in my testing. Also just for giggles, I switched Blue Hydra to use an external USB adapter as well. That didn’t seem to make a difference.
  • In fairness, Blue Hydra may be designed to work best with an Ubertooth One. The temptation is great to pick one of those up. It is also tempting to pick up a BCM20702A0 based external adapter (like this one) partly to see if that works better, partly because I don’t have a Bluetooth LE compatible adapter (and this one is cheap) and partly because the Bluetooth lock stuff is based on that adapter. (Edited to add 8/8: I’m also tempted by this Sena UD100 adapter. It is a little more expensive, but also high power and has a SMA antenna connector. That could be useful.)
  • It may also be that I have an unreasonable expectation. Project e is seven years old at this point, and, while it still runs Ubuntu reasonably well, I do feel some slowness. Also, I think the battery life is slipping, and I’m not sure if replacements are available. I’ve been thinking off and on about replacing it with something gently used from Discount Electronics: something like a Core i5 or Core i7 machine with USB3 and a GPU that will work with hashcat. Maybe. We’ll see. Point is, some of my issues may just be “limits of old hardware” rather than bugs.
  • And who knows? There may very well be some bugs that get fixed after DEFCON.

tl, dr: Blue Hydra is nice, but I’m not yet convinced it is the second coming of Christ that I’ve been waiting for.

DEFCON 24: 0-day notes.

Wednesday, August 3rd, 2016

Another year observing DEFCON remotely. Maybe next year, if I get lucky, or the year after that.

The schedule is here. If I were going, what would I go to? What gets me excited? What do I think you should look for if you are lucky enough to go?

(As a side note, one of my cow-orkers was lucky enough to get a company paid trip to Black Hat this year. I’m hoping he’ll let me make archival copies of the handouts.)

(more…)

Random thought.

Friday, May 27th, 2016

Is there a use case for a shot timer app for an Apple Watch?

I’m aware of existing ones for the iPhone; I’m just wondering if having the same information, or a subset, available on your wrist – probably linked to your phone – is something that people would find useful?

Random thought.

Friday, September 11th, 2015

Sensors included on the iPad Air 2 and iPad Pro:

  • Touch ID
  • Three-axis gyro
  • Accelerometer
  • Barometer
  • Ambient light sensor

Not included: GPS, unless you purchase one of the cellular models. It looks like “assisted GPS and GLONASS” are built into the cellular chipset or something?

I keep thinking about getting an iPad or some other sort of tablet to supplement my first generation Kindle Fire. But it always comes back to this: I want GPS, and can’t get it. Okay, I could if I bought a cellular model, but:

  1. The cellular iPad 2 is $130 more than the Wi-Fi equivalents in every memory configuration. Same with the iPad Pro. Except the Pro only has one cellular/Wi-fi memory config, and that’s over $1,000.
  2. I don’t want cellular data. I don’t have the $60 to $85 a month it would take to add a device to my plan. $60 to $85 a month is at least one good Smith and Wesson a year. I’d be perfectly happy with a device that just does Wi-fi, as long as it has GPS. If I desperately needed data in non-Wi-fi areas, I’d enable the hotspot feature on my phone – at least that’s only $30 a month, I think.

It isn’t just Apple, though. I’ve looked at Android tablets too. I’ve heard that Android gives you lower-level access to GPS data than iOS, but I haven’t been all that impressed by the Android tablets I’ve seen. The price/memory ratio just seems out of whack to me.

Best Buy, for example, is selling a Nexus 9 with 32GB of memory (which to me is a hard minimum; I’d prefer 64GB) for $432. I can get a Mini 2 for $319 from Apple, or a Mini 4 with 64GB for $499. Decisions, decisions. Do I want an Apple device that doesn’t have GPS, but that I can trust to be updated regularly and work for a while? (I’m still using a MacBook I bought in 2007 as my main computer.) Or do I want to buy another shoddy piece of crap Android thing that’s going to stop getting updates in 18 months, but does have GPS?

Or does it? The specs on Google’s site show the Nexus 9 does, but they also show it has a cellular chipset. Does the Wi-Fi only version do GPS? Can I buy a cellular tablet and use GPS on it without a carrier? Who knows? I can’t find that on Google’s site, the specs on Best Buy’s site don’t mention GPS, and asking a Best Buy employee seems like a good way to invoke the customer appreciation bat.

Am I making this too hard? Am I asking too much? All I want is a reasonably priced tablet that does GPS and doesn’t require a cellular data plan. Why is this so hard?

DEFCON 23: -2 day notes

Tuesday, August 4th, 2015

DEFCON 23 starts Thursday. Black Hat USA 2015 starts tomorrow.

Once again, it doesn’t look like I’m going to make it out to Vegas. Once again, I’m going to try to cover things from 1,500 miles away. It isn’t completely clear to me that anyone other than me is getting any benefit from this, but I’ve been doing this for long enough that I have a hard time stopping now.

Here’s the schedule. There are several presentations that are already getting media attention:

So what would I go see if I was there? What sounds interesting to me?

(more…)

After action report: Spokane, WA.

Saturday, June 27th, 2015

The Smith and Wesson Collector’s Association annual symposium was in Spokane this year.

(more…)

Norts spews.

Tuesday, April 14th, 2015

Lawrence Phillips, former NFL running back who is serving out a 31-year prison sentence, may have killed his cellmate.

Gaioz Nigalidze’s rise through the ranks of professional chess began in 2007, the year the first iPhone was released. In hindsight, the timing might not be coincidental.

Nigalidze is suspected of stashing an iPhone in a men’s room stall and using it to cheat during games.

“When confronted, Nigalidze denied he owned the device,” according to the tournament’s Web site. “But officials opened the smart device and found it was logged into a social networking site under Nigalidze’s account. They also found his game being analyzed in one of the chess applications.”

I just want to say…

Thursday, January 15th, 2015

this is my favorite John Moltz post ever.

(Well, okay. My favorite John Moltz post as John Moltz at “Very Nice Web Site”. I’m not quite sure it displaces the one at Crazy Apple Rumors where he actually used a question of mine in the “Crazy Apple Help Desk”.)