Archive for the ‘Phones’ Category

DEFCON 31 notes, part 2.

Friday, August 11th, 2023

Slides are up for Thursday’s Black Hat presentations. At least some of them, including:

Here’s a link to the DEFCON 31 presentations on the DEFCON media server.

Thursday’s DEFCON presentations that I was interested in:

As I noted earlier, the current state of Twitter makes it almost impossible for me to keep up with and provide presentation updates. Your best bet (and I feel like a lazy journalist saying this) might be to check out the decks on the media server for any presentations you are interested in, check out those folks Twitter or Mastodon feeds (if you’re on one of those services, and they’ve put that in their deck) and look for updates there.

Tips in comments are welcome.

DEFCON 31 notes.

Wednesday, August 9th, 2023

The Black Hat Briefings in Las Vegas started today.

DEFCON 31 starts tomorrow, though it seems like Friday is when things pick up.

Despite the recent, and much appreciated, shout-out from Borepatch, I’m feeling kind of ambivalent about trying to keep up with DEFCON this year.

My recent trip (write-up coming in the next few days, promise) blew a pretty big hole in my schedule. I haven’t had any time to do prep work for DEFCON/Black Hat. And I have a whole bunch of things I want to do, and so little time to do them in.

I also rely heavily on Twitter for links to presentations. And the current state of Twitter makes that almost impossible.

It also feels like DEFCON has moved past me. It used to feel like a gathering of one of my tribes. Now it feels like…something else. I note that DEFCON admission is now $460. And you don’t get free admission, or even a discount, if you go to Black Hat.

Still, tradition is tradition. So let’s see how badly I can do this.

(more…)

“What you gonna do when you get out of jail?…” part 30

Wednesday, April 29th, 2020

Here’s a little bit more Bell System history for you.

“Challenge of Change”, from 1961. I think this is noteworthy as a very early depiction of the first modem (among other things). That punch-card dialing system is pretty neat for 1961, too.

Bonus video #1: This goes out to all the radio people and “Mannix” fans out there: “Mobile Telephones”, or: what cell phone technology looked like in the late 1940s. Show this to your children.

Bonus video #2: “The Far Sound”, a Bell Labs history of the development of long distance service.

You’re going down in flames, you tax-fattened hyena! (#49 in a series)

Thursday, April 12th, 2018

I haven’t been covering the corruption trial of former Texas congressman Steve Stockman as well as I could have. Not because of my own political sympathies (though I’m sure there are people who won’t believe that), but simply because of flat-out being busy three nights a week and having a series of full weekends.

Anyway, the verdict is in: guilty on 23 out of 24 counts.

Stockman was charged with “masterminding a wide-ranging fraud scheme that diverted $1.25 million in charitable donations from wealthy conservative philanthropists to cover personal expenses and campaign debts”. Specifically, he was convicted of mail and wire fraud, the ever popular “conspiracy”, “making false statements to the Federal Elections Commission”, and money laundering. The acquittal was on a single count of wire fraud.

Prosecutors presented a meticulously documented case, featuring flow charts and canceled checks, to illustrate how the two-time Republican lawmaker funneled charitable donations through a series of sham nonprofit organizations and shell bank accounts to spend on an array of personal expenses that included his brother’s homemade Advent books, a dolphin watching trip and an amateur spy operation that trailed a perceived GOP rival around the statehouse in Austin.

Two of his aides, Jason Posey and Thomas Dodd, took plea bargains and rolled on Stockman.

Posey testified that he and the former congressman knew they were breaking the law by concealing the source of the funds. But Stockman instructed him to push forward with his plans to spend charitable money on hotel rooms, plane flights and burner phones for secret conversations, and he complied.

I’m sorry, but the fact that they bought burner phones fills me with delight.

Stockman could get “a maximum of 20 years in prison on each of the fraud charges alone” but we all know that’s unlikely to happen, right?

Actually, they can read your poker face.

Wednesday, October 26th, 2016

Or at least your cards.

This is a presentation that I overlooked from DEFCON 24, but the authors have now been blogging.

For somewhere between $1,300 and $5,000, you can buy a device that helps you cheat at poker.

The technology is quite interesting. It isn’t just “disguised” as a phone: the device is actually a fully functional Android phone, with a custom ROM and app that controls the cheating portion.

Ironically, there is a hardcoded backdoor password in the app, which makes this security measure pointless if you know the backdoor password.

How does it work? Hidden camera, concealed infrared LEDs, and…

What makes the whole thing work is the use of a special deck in which the four edges of each card are marked with IR-absorbing ink. As a result, when this marked deck is illuminated by the IR LEDs, the spots of ink absorb the IR, creating a sequence of black spots…
The sequence of black spots created by the IR illumination, illustrated in the photo above, is read remotely by the cheating device to infer a card’s suit and value. You can think of those markings as invisible barcodes.

So yes, you do need to slip in a marked deck. But the people who will sell you the phone will also sell you pre-marked decks, which are designed to look like they haven’t been messed with. And apparently the phone will pair with Bluetooth based audio and haptic feedback devices, so you don’t even have to be looking at the display.

And yes, because it is based on marked cards, it will work with card games other than poker, too. (High-end bridge cheating? Chris Christie, call your office, please. Sorry, little joke there.)

The post that’s up now is just the first one in a promised series: I’ll try to link to the other ones as they go up.

DEFCON 24 updates: August 11, 2016.

Thursday, August 11th, 2016

“SITCH – Inexpensive, Coordinated GSM Anomaly Detection” doesn’t just have slides up. Or a whitepaper.

It has an entire freaking website. Which does include, yes, slides and whitepaper. (Thanks to SecBarbie on Twitter for this.)

Slides for the Tamas Szakaly “Help, I’ve got ANTs!!!” talk are here. And his GitHub repo is here.

Good stuff is going up on the Black Hat 2016 briefings site, too. I haven’t had a chance to go through all of the abstracts yet, but my current favorite is: “Does Dropping USB Drives In Parking Lots And Other Places Really Work?”. Slides here, code here, blog post here, no spoilers here.

DEFCON 24: 0-day notes.

Wednesday, August 3rd, 2016

Another year observing DEFCON remotely. Maybe next year, if I get lucky, or the year after that.

The schedule is here. If I were going, what would I go to? What gets me excited? What do I think you should look for if you are lucky enough to go?

(As a side note, one of my cow-orkers was lucky enough to get a company paid trip to Black Hat this year. I’m hoping he’ll let me make archival copies of the handouts.)

(more…)