Defcon 20: NFC Hacking, DIY Drones and Big Brother

Reporting from Las Vegas, where the Defcon hacking conference held its twentieth anniversary event.

DIY Drones

Amateurs can now build and operate their own mini-Drones, many thousands of times cheaper than the government.Wired Magazine’s editor Chris Anderson turned hobbyist to open source hardware manufacturer galvanized the audience to the possibilities of building their own drones. 3DRobotics, the hardware firm that sells the components, has provided enough parts to build over 10,000 drones, more than currently exist within the defense sector. 

The software to operate the drones is open source and available on Google code called adrucopter.  Hardware is also open source, and sells at 2.6 times the cost of Build of Materials (BOM).  Amateurs build and exchange information at http://www.diydrones.com/.  Since the Web site/hardware company is not actually selling Drones, rather components, the operation is not subject to many of the regulations that defense companies are (such as ITAR).

Big Brother is Back: Access to Smartphones

An encrypted smartphone is not enough to stop a subpoena.  Privacy technologists and members from ACLU from the privacy panel disclosed that both Apple and Google have mechanisms to enable law enforcement access to your smartphone, even if it’s encrypted with PIN protection. 

Law enforcement would need to send the iPhone to Apple headquarters to extract the data, using a master key that is implanted in the phone.  For Android phones, law enforcement would submit a PIN request to be digitally delivered to the phone for one-time access; then reset again to prevent future access without a subpoena.

Peek-a-Boo, I Always Know Where You Are

Wireless carriers (Sprint, AT&T and Verizon) together, get over 1.5 Million requests for location and cellular data (where and who are you calling) from law enforcement.  Due to the deluge of requests, some carriers have created web-based “self-service” portals that allow access to cellular data via the portal, instead of submitting it as part of a manual process to the telecoms. 

Sprint receives roughly a third of the requests because the pre-paid mobile phones market (i.e., Boost Mobile) uses their underlying network; criminals are more likely to use pre-paid phones for surveillance.

NFC Hacking

Charlie Miller, from Accuvant Labs, demonstrated how to root an Android (Nexus S) or Nokia N9 (MeeGo) based NFC smartphone simply by letting the phone scan a crafted RFID tag.  NFC (Near-Field Communication) allow devices to communicate with each other in close range, less than an inch.  Miller demonstrated how NFC technologies like Android Beam or NFC Data Exchange Format (NDEF) could force the smartphone to “parse images, videos, contacts, office documents, and even open up web pages in the browser, all without user interaction.”

Mr. Miller demonstrated this attack on stage, by taking over a smartphone, logging into it with a computer, and sending text messages and making phone calls as if it was coming from the smartphone itself.

Mikhael Felker is an IT pro who has worked in Defense, Healthcare, High-Tech and Non-Profits. He teaches, writes, and speaks at numerous Southern California venues about technology.

See here to check out all his Tom's IT Pro articles.

VIDEO: Build a Secure Future in Information Security

Looking for long-term job security? Check out our top 5 certification options.

VIDEO: Increase Security with Multi-Factor Authentication

More securely protect business and personal apps and data.

VIDEO: How To Make iPads And iPhones Secure

Quickly secure iPads, iPhones and iPad Touches.

VIDEO: Increase Your Internet Privacy With PETS

Our favorite PETs to maintain online.