Oct 212012

From the site:

“Each BSides is a community-driven framework for building events for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. “

Presenter: James Edge – No Affiliation
Title: Show and Tell: Custom Power Pwn
Abstract:  The people over at Pwnie Express are coming out with a neat device called the Power Pwn. This device follows up on the Pwn Plug and the PwnPhone. With my experience as a penetration tester and junior hardware hacker I’ve been working on my own “pwn” hardware. I combined the PCEngines Alix 6f2, an APC BE650R Battery Backup Power Strip, and a battery Power Pack for a Custom Power Pwn. I integrated the Alix connectors for the serial, ethernet, and external antenna connectors with the existing APC coax, rj45, and rj50 ports. This talk is a show and tell on what I did and how anyone who is a fan of hardware hacking can do this themselves.

Slides from the presentation are here.

Conference videos were never posted on the Bsides site but I managed to obtain the video for my talk.

Direct link to my talk here.


Oct 102012

I don’t feel that this issue gets enough coverage so I am adding my voice to the mix in the hopes that someday the makers of our popular mobile operating systems will FIX THE ISSUE!  What I’m going to discuss is a wireless association vulnerability that was first discovered by Max Moser (site here and his full disclosure) way back in 2004 for Windows XP.  Using airbase-ng (part of the Aircrack-ng suite of tools) this same attack works against the latest versions of iOS5 and iOS6 (iPhone and iPad), Blackberry OS, and Android.  Apple’s iOS, from AT&T Wireless, even comes with a helpful default profile so you can attack a device right out of the box (see Tweet by HD Moore).  The only mobile OS that does not have this issue is Windows 8 on the new Nokia phones.  I don’t know a soul that has one of these phones so I hung out in an AT&T Wireless store to conduct my testing.  Those Microsoft devices will not associate with any Airbase-ng APs that mimic APs from the device’s probe packets.  Some individuals have tried to tell the world about this issue.  A great Youtube video was created by Jeffery Wilkins demonstrating this issue.  Vincent Costagliola at patctech.com wrote this article mentioning the same issue.

My testing has shown that an iPhone will connect to airbase-ng even if it is already connected to a WPA encrypted access point.  Just as described by Max Moser in 2004.