DEFCON 18 notes: Day 1.

I’m running a little behind, between running around with Andrew and Mike the Musicologist, and some technical issues (DEFCON 18 has a secure wireless network, but it hasn’t been stable), but I’ll post updates when I can. I’ll also add links to the presentations as they go live, or as I find them. If you have questions, I’m willing to try to answer them, but I’d suggest you email the presenter first. If you are a presenter who wants to respond to my comments, I welcome that.

“Build a Lie Detector/Beat a Lie Detector”: This was the first presentation I attended; it was a pretty awful one. The presenters started 15 minutes late and opened with a crappy rap performance (differing tastes in music, fine, but when you’re running 15 minutes behind schedule, the rap should be the first thing to go). Once they actually got going, they spent too much time on a general history of justice systems and of the polygraph. When they did finally get to the technical aspects of their presentation, it amounted to “Oh, yeah, we built this lie detector based on this paper these other guys posted” (with, to be fair, some minor modifications). I walked out of this presentation before the end, which is something I rarely do at DEFCON.

Build your own UAV 2.0 – Wireless Mayhem from the Heavens!“: On the other hand, Renderman and his partner did an excellent job with this one And not just because they played “Thunderstruck” before the presentation started (playing music is okay, even if I don’t like your choice of music (and I like “Thunderstruck”), as long as you start on time), or because they started on time, or because they actually had video of their UAV launching rockets. (Edited to add 8/10/2010: added link to DEFCON 18 slides and video on Gremlin’s website.)

Key takeaways for me from this one:

  • You have two choices for stabilization systems. Thermopile based systems work in the infrared range and are very cheap, but have problems in certain weather conditions. Inertial based systems are more expensive, but offer all-weather capability, and are rapidly coming down in price.
  • Arduino based control systems dominate at the moment, but there’s some interest in developing systems based on the Beagle Board.
  • There’s off the shelf Zigbee based hardware that can easily be used for telemetry, and offers a 10-12 mile range.
  • You can get cheap and decent video out of board cameras, but transmitting video is a harder problem; for good range, you need to work on frequencies that require an amateur license.
  • GPS systems with a 10 Hz refresh rate are down to $80 or so. Most of the GPS systems I’ve dealt with have a 1 Hz refresh rate, which isn’t good enough for UAV use; it was news to me that faster systems are that cheap now.
  • Foam airframes are cheap and easy to repair.
  • Practical UAV applications, other than launching rockets; warflying with kismet, communications relay (imagine a UAV that could hover on station and serve as a repeater in areas of poor radio coverage), search and rescue (imagine a UAV that could survey a wide area looking for signs of a lost hiker, or recon an area where a search and rescue beacon was picked up), and post-disaster recon. I hadn’t thought much about that last one, but now that Renderman’s brought it up, I find that exciting. The theory here is: you send your UAV into areas that your disaster relief staff haven’t physically visited, and it returns good quality imaging of exactly what the damage is and how accessible the area is (have the roads collapsed? Are they under water?). From that, you can develop priorities (damage in this area doesn’t look too bad, we can hold off for a day; these people look like they need immediate help) and plans to get needed resources into the area.

“Exploiting Digital Cameras”: Another solid presentation. Basically, Isacson and Ortega did some clever banging on the firmware of the Canon Powershot series of cameras, found that these cameras have an embedded interpreter, documented that interpreter, and developed some simple exploits using it. The exploits are somewhat limited; you can’t launch malware on an attached computer, for example, but you can do things like turn on the microphone, display arbitrary images on the camera, and modify EXIF data.

“DCFluX in: Moon-bouncer”: A decent presentation on the theory and practice of radio communication using moon-bouncing, satellites, and other methods. I’m going to gloss over the details of his talk and refer you to the presentation when it goes up, as there was a great deal of technical information in it related to historical and amateur radio usage; I’m not sure the majority of my readers are that interested in ham radio, and those who are would be better served getting their information from the source.

Black Ops Of Fundamental Defense: Web Edition“: So here’s a high-level summary of Kaminsky’s talk. Now that the DNS root certificates are digitally signed, we have the ability to use DNSSEC and the Domain Keys Infrastructure (DKI) to do all kinds of cool stuff, including end-to-end email authentication (so you can be sure that the email you got from Bank of America is actually from Bank of America, and not from some random Nigerian), and to do these things in a scalable way.

Kaminsky’s new company, Recursion Ventures, is building (and plans to release shortly) a set of tools that will allow for the easy deployment of DNSSEC. Kaminsky also gave a brief overview of how DNSSEC works, and touched on a few interesting points related to his research. (For example, not only is it possible to run DNS over HTTP, but Kamisky’s figures show performance over HTTP is actually better than normal DNS.)

(Edited to add 2: The link above goes to a page on Recursion Ventures web site where you can view the slides from Kamisky’s version of this talk at Black Hat 2010. I did not see the Black Hat version of this talk; I do not believe the DEFCON 18 version was significantly different. It may have been shorter, and there is some Black Hat specific material in those slides. Also, I’m aware the actual title (“Black Ops of Fundamental Defense: Introducing the Domain Key Infrastructure”) differs from the title in the DEFCON 18 schedule; I chose to stick with the DEFCON title to make cross-referencing easier.)

Edited to add: I’m sorry if anyone is disappointed, but I did not go to the “Weaponizing Lady GaGa, Psychosonic Attacks” panel.

3 Responses to “DEFCON 18 notes: Day 1.”

  1. Thanks for the great review!