Full Disclosure mailing list archives



DEF CON 19 - hackers get hacked!

while most were enjoying libations or talks a very interesting event was taking place at the conference. we're all familiar with the hostility of WiFi and GSM networks at DEF CON, however, this year the most hostile network on earth was not 802.11; it was CDMA and 4G! on Friday some parts of Anon and Lulz made appearance. by early Saturday morning a weapon was deployed. some characteristics: - full active MitM against CDMA and 4G connections from Rio to carriers. - MitM positioning for remote exploitation to ring0 on Android and PC. - fall back to userspace only or non-persistent methods when persistent rootkit unattainable. - many attack trees and weaponized exploits. escalation from easy pwns up to specialized techniques and tactics until success is achieved. - simultaneous attack across CDMA and 4G connections using full power in these LICENSED bands. - operated continuously (except for outages :) from early Saturday until 8am Monday. - designed with intent: mass exploitation, reconnaissance, exfiltration, eavesdropping. how to tell if you met the beast at Rio: - did you accept an upgrade for Android, Java, or other applications? (oops) - did you notice 3G/4G signal anomalies, including full signal yet poor bandwidth or no link? - did you notice your Android at full charged plugged in, but dropping to <50% charge once unplugged? - did you notice 4G download speeds at quarter of usual, yet uploads over twice as fast? - did you notice Android services that immediately respawn when killed? (Voice Search?) - does your Android no longer connect to USB debugging yet adbd is alive? - does your PC have an sshd that cannot be kill -9'd? - did your Android crash - a hard freeze, and then take a long time to reboot? ...many other indicators, but for now that's sufficient to express the point. if you met the beast, it seemed to have a nearly perfect success rate; your odds not good. in fact you probably didn't even notice as it pilfered bytes off your devices and monitored your conversations. i have waited over six DEF CONs to meet an adversary of this skill. i was not disappointed. did the talks suck this year because the good stuff is under NDA? clearly a lot of you are selling out... to those who got pwned, i would be interested in your experiences and binaries: ID 9B65F087 , FP = 1029 E3E0 F22A C73D B2D6 468F 2798 76BB 9B65 F087 gpg --keyserver pool.sks-keyservers.net --recv-keys 9B65F087 gpg --keyserver subkeys.pgp.net --recv-keys 9B65F087 gpg --keyserver pgp.mit.edu --recv-keys 9B65F087 to the beast operators, i hope to see you next year! (and get your availability deficiencies and network anomalies worked out. kind of a shame you spent so much time and money only to have your kit fall over again and again. and thanks for the 0days :) until next year,... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread: