a day in the life of a hacker
play

A Day In The Life of a Hacker Things we get up to when nobody is - PowerPoint PPT Presentation

Jul 03, 2023 •413 likes •1.34k views

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake at night... Adam Laurie adam@thebunker.net http://www.thebunker.net FIRST Geek Zone Seville, 2007 Contents InfraRed RFID ATMs /

  1. A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake at night... Adam Laurie adam@thebunker.net http://www.thebunker.net FIRST Geek Zone Seville, 2007

  2. Contents ● InfraRed ● RFID ● ATMs / (Magstripes?)

  3. Who am I? ● Co-Maintainer of apache-ssl ● DEFCON goon ● Bunker non-exec ● Freelance Hacker – White Hat!

  4. What do I do?

  5. InfraRed ● IR is the ultimate in 'security by obscurity' – Invisible rays hide a multitude of sins ● Simple codes ● Total control ● Inverted security model – End user device filters content ● e.g. Hotel PPV TV

  6. InfraRed ● Car keys ● Garage doors ● TVs

  7. Garage Door Openers – Simple code, manually configurable ● Dipswitch with 8 on / off bits = 256 possible codes

  8. Analyse Data Bits With XMODE2 All on S11111111 s s s s All off S 00000000 s s s s 1-7 off, 8 on S 00000001 s s s s 1 on, 2-8 off S 10000000 s s s s 1-3 off, 4-6 on, 7-8 off S 00011100 s s s s Conclusion: 1 start bit, 8 data bits, 4 stop bits

  11. TV Remotes More complex codes (more bits)

  38. Hotel TV – New Capabilities – Room enumeration ● %age occupancy ● Who's where ● With who ● Who's eating, drinking & viewing what ● Where they've called ● For how long

  45. InfraRED - MMIrDA Full slides from IR presentation here: http://www.alcrypto.co.uk/MMIrDA/

  46. RFID – Moo am I? ● Animal ID ● Hotel Door Entry ● Passport ● Car immobiliser ● Ski Pass ● Goods

  47. Human Implants

  48. Human Implants ● Military – Access Control ● Mental Patients – Tracking ● Beach Bars – Digital Wallets

  49. Unique ID!!! ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned ● Cannot be cloned

  50. Unique ID? ● DIY Cloning Units – http://cq.cx/vchdiy.pl ● Industry Defence: Spot the original? “Clones do not have the same form factor and are therefore not true clones”

  51. Unique ID? ● Readers cannot 'see' so form factor irrelevant and...

  52. Unique ID? ● Readers cannot 'see' so form factor = irrelevant identical blanks ARE available...

  53. Demonstration ● Clone ISO 11784 'Animal' TAG – Cow implant – VeriChip paperweight ● Clone Trovan 'Unique' TAG – Door entry system

  54. RFID implanted chip threats ● Track individuals ● Target individuals ● Impersonate individuals – Gain access to restricted areas – Provide alibi for accomplice! ● 'Smart' Bombs – Device only goes off if target of sufficient rank is in range.

  55. Encryption is your friend ● RFID Enabled 'Biometric' passports ● 48 Items of Data – Fingerprint – Facial Image – Birth Certificate – Home Address – Phone Numbers – Profession

  56. Keys to your kingdom ● Pseudo random UID – Cannot determine presence of specific passport without logging in ● Strong Authentication – Basic Access Control ● 3DES ● Content Encryption – Extended Access Control

  57. Deriving the Keys ● MRZ – Machine Readable Zone ● Key – Document Number – Date of Birth – Expiry Date

  58. ePassport Demonstration

  59. ePassport Modification ● “Not Possible” due to cryptographic signatures – Certificate Authority (CA) not verifiable ● Signatures provided by document ● CA Key provided by same document ● Public Key Directory (PKD) not available ● Self-Signed Forgery may not be detected!

  60. ePassport Certificates New Zealand genuine: Certificate: Data: Version: 3 (0x2) Serial Number: 1122333666 (0x42e573e2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NZ, O=Government of New Zealand, OU=Passports, OU=Identity Services Passport CA Validity Not Before: Jan 23 21:46:58 2007 GMT Not After : May 18 12:00:00 2012 GMT Subject: C=NZ, O=Government of New Zealand, OU=Passports, OU=MRTD, CN=Document Signer 200701241034 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:a8:bf:fb:c0:ae:f4:c7:fe:ec:19:71:b6:25:e9: ...

  61. ePassport Certificates New Zealand forgery: Certificate: Data: Version: 3 (0x2) Serial Number: 1122333666 (0x42e573e2) Signature Algorithm: sha256WithRSAEncryption Issuer: C=NZ, O=Government of New Zealand, OU=Passports, OU=Identity Services Passport CA Validity Not Before: Jan 23 21:46:58 2007 GMT Not After : May 18 12:00:00 2012 GMT Subject: C=NZ, O=Government of New Zealand, OU=Passports, OU=MRTD, CN=Document Signer 200701241034 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:dc:19:33:f3:11:86:a4:82:b9:c7:21:45:ca:81: ...

  62. Other ePassport threats ● Key data may be obtained through other channels ● Passport profiling – Determine country of origin without logging in – Implementation errors: ● Australian passport does not start with '08' on select ● Australian passport does not require Basic Auth on 'File Select', only on 'File Read'. ● Target specific passport holders – Bomb that works for Australians only...

  63. RFIDIOt ● Open Source Python library ● Hardware independent – ACG – Frosch – PC/SC – OpenPCD coming soon http://rfidiot.org

  64. ACG reaction to RFIDIOt “Unfortunately your companies activities seem to be counter to ACG's interests so we will not be able to support you any further.” Email - 3 rd January, 2007

  71. ATM 'default password' attack ● Non-bank based cash machines – Grocers, Newsagents, Petrol Stations etc. ● 'In-Band' management – Management interface is front panel – AND NOTHING ELSE! ● Simple activation, simple passwords – Two-key combination to access menu – Master '123456' – Admin '987654'

  73. ATM Management ● No command to 'empty' cash trays – 'Purge' goes to internal tray ● No command to dispense cash – Test dispense goes to internal tray ● So what good is getting into the menu?

  75. The Attack ● Enter management mode ● Change value of high denomination notes – £20 becomes £5 ● Withdraw '£100' ● Receive £400 ● Change it back! – Or get caught... :)

  76. The Response ● Manufacturers removed manuals from websites – Were still there 72 hours after international news items – Are still on 3 rd party sites today ● Too little, too late!

  77. Defence ● Internal button or other secondary system

  78. Defence ● Internal button or other secondary system

  87. Keypads and PINs

  92. Questions? http://rfidiot.org adam@algroup.co.uk

Recommend

Collecting information g about the life course: The ELSA life history interview and possible

Collecting information g about the life course: The ELSA life history interview and possible

Collecting information g about the life course: The ELSA life history interview and possible implications d ibl i li i for future studies Elizabeth Hacker, Kate Cox, Carli Lessof and Colin Miceli Overview Experiences of using an

420 views • 28 slides
CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught hacker/fixer Love retro-hardware CAN WE FIX IT? PROJECT 4 PRACTICAL REPAIRS FOR EVERYONE APRIL 2, 2016 HACKER HOTEL DATUM KLANT REFLOW BAKE

447 views • 23 slides
Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi Talbi Security researcher at Stormshield haka-security project. Past life: academia (phd, postdoc, ) Main research topics: advanced

1.61k views • 94 slides
Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 | Confidential Provided for Workshop use only Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining

517 views • 17 slides
Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky chad@allthenticate.net Founder and CEO of Allthenticate My Journey 1990s: Internet pirate, hacker, and master tinkerer 2004-2008: College student at

809 views • 53 slides
CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure

929 views • 64 slides
Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the Mobile Platform Client Kresten Krab Thorup Hacker @drkrab About the Speaker Language Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled

963 views • 41 slides
From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

313 views • 14 slides
STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me. CULTURE HACKER AGILE & LEAN Trainer SPEAKER Scrum & Agile User Groups Global Agile Conferences Guest Lecturer at

475 views • 19 slides
RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

1.04k views • 52 slides
<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker varnish hacker Operations & Engineering at Wikia Thursday, July 23, 2009 Wikia Hosts wiki communities www.wowwiki.com (second largest)

1.16k views • 103 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from 1907 to 1922 American women lost their American citizenship by marrying non-Americans without even leaving the United States? Did these women regain

642 views • 43 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open source under Apache License v2.0.) Questions to be Answered: Why? Brief Example Demonstration What can it do? How does it work?

494 views • 20 slides
W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new

942 views • 46 slides
An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu Weve got a problem. Why? Attacks are

262 views • 15 slides
Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing

423 views • 31 slides
Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing a high value on freedom of inquiry; hostility to secrecy Information-sharing as both an ideal and a practical strategy Upholding the right to

549 views • 15 slides
How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas, some projects, and development infrastructure to get ideas where to get involved. Andr . Klapper <aklapper@wikimedia.org> | Daniel

243 views • 23 slides
SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7,

SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7,

SwimTimer App an exercise in UI-design Bay Area Mobile Meetup - Hacker Dojo - Thu Jul 7, 2011 Frank Siebenlist FrankS@CreativeApptitude.com Monday, July 11, 2011 What? SwimTimer App Demo High-level App Implementation Features

480 views • 14 slides
RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker

RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker

RIAK ON DRUGS (AND THE OTHER WAY AROUND) Kresten Krab Thorup CTO, Trifork About the Speaker Language/Runtime Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled Java, Java Generics, J2EE, Erlang Hacker, Ph.D. Trifork CTO Conference

759 views • 35 slides
Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Partners in Information Security Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu Rombaut Traxion Smartphones will never be secure Since security is not a simple notion What & Whom

331 views • 18 slides
Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department

Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department

Monitoring of membrane failure due to pinhole formation Viktor Hacker, Eva Wallnfer Department of Chemical Engineering and Environmental Technology, TU GRAZ, Austria Peter Prenninger AVL List GmbH, Austria Trondheim, June 23 rd ,2009

474 views • 20 slides

More recommend