 Wow. I'm always impressed at how many people are here, especially considering, you know, I'm opposite Phil Zimmerman. Wow. Thank you for stroking my ego. So I am Render Man, if you don't know me, for the three of you. I've been going to Def Con for ten years, asked to see my liver, and I'll show you the scars. I love this place. These guys are family. This is the only place I feel normal, and that should say something. So this talk is where I started getting a little more literal with my titles rather than going for, you know, analysis of yadda yadda yadda or anything like that. It's like, how do I poem the Let Me Count the Ways? This is actually a talk born out of a conversation I had at Sektor in Toronto. Good convention, everybody should go. Workforces are becoming increasingly mobile and depending on wireless devices. You know, you've all seen them in airports, hotel lobbies, you know, you probably see a whole swack of them out here in Vegas. You know, the guys that are always typing or on the phone or something like that, well, this is common now. Everybody, every company's got somebody like this. Mobile users are often away from the eyes of, you know, the BOFHs, you know. So if they're doing something stupid to usurp your security measures, you can't go down there and club them to death. As much as you'd like to, they're, you know, halfway around the world. You're investing vulnerabilities into your networks. Sort of how do you educate them, protect your company, protect yourself, you know, because most of us had to travel here, I don't think there's that many locals. You run into these situations. This is by no means an exhaustive list and in the interest of full disclosure, there isn't really anything brand new in terms of wireless information if you're expecting some zero day or anything like that. It isn't, but it's, there's a lot of stuff in here you probably haven't thought of or would probably just wish you could club into your mobile workforces. So this is Bob. Bob's going to be our bitch. Works for Widgets International, selling widgets, amazingly. Bob travels to customer sites all over the world, and he's your worst IT nightmareer. He likes to think himself tech-savvy, you know, you've all got this kind of guy in the office. He just knows enough to get access to porn. That's it. You know, if you remove all the icons off his desktop, he thinks all the programs are uninstalled. You've all run into people like this. Don't deny it. He's also the worst case scenario in this situation. He's not, he is the dumbest, the worst offender possible, and we're going to spend the better part of the next hour making his life miserable. Amen. So let's poem Bob. We're not going to touch Bob. We're not going to goon rush him or something like that and take his wallet and beat this nut out of him or anything like that. We're just going to look at the various, you know, wireless and things at a distance that a business traveler or, you know, traveling person would probably have on them. I.e. Boardhacker on a trip to Norway for a wonderful conference called Sektor, or HackCon. If you spend any amount of time in airports, you always see these people and when I get bored, I don't know what you, but when I get bored, bad things tend to happen. You know, idle hands, being what they are. He is sitting there in the departure lounge and there's all these other laptops and Bluetooth devices around. It's just, it's enticing. So we'll start off with Wi-Fi, something I'm assuming you all have probably used this weekend. Bob has a laptop with tons of private info for the company. He connects to hotspots at airports, you know, hotels, Starbucks, wherever. You know, the kind of guy that just likes to get on the internet, find out the latest headlines from CNN, stock quotes, whatever, check his email. He'll connect to anything and especially things like the Glinksys Global Network that I'm sure you're all very familiar with and have possibly used on your trips here. I will remind you that is a felony theft of service, but that's not why we're here. In general, hotspots found in public places do not encrypt. Clear text is clear to read and also clear to inject in a lot of cases. So things like replacing images, scripts, oh look, I see a DNS request. What can we do with that? If you're not using a VPN or some sort of layer of encryption between yourself and the access point, you are vulnerable. Be it through just plain text leakage of information, you know, somebody's reading your email as it's being sent to, you know, malicious injection and alteration of your data both ways. If you don't have a firewall, think about this. You're connected to an access point. How many of you have access points in your home? You know, wireless networks in your home. Cool. You all know that you're on the local LAN. You are connected to every other computer on that local LAN. Now, if I'm connected to the hotspot in a hotel, oh gee, I'm on the local LAN. You know, all the access, you know, all the shares and everything you can see on all the other systems in your network? Well, oftentimes, if you don't have the firewall on, you can see all this shit on the other people's computers. And it is absolutely terrifying. You just connect to the network and it's like, oh, look, I've seen SMB shares. Man in the middle attacks, password snarfs are all possible. If you don't use any level of encryption last year. I think there was something like 20 access points for the hotel network here. During the con, there was like 150. This is a gambling town, but I don't know what those odds are for gambling is to connecting to the real one, do the fake one, real one, the fake one. Which is it that you're connecting to? And like I said, the attacker's on the local network. So you've just removed an awful lot of barriers. I'm not having to come in over the internet through Lord knows how much filtering. I'm sitting right next to you. Driver vulnerabilities are especially entertaining because, well, think about it. You don't even need to have your computer connected to something in order to be vulnerable. I could just send a magic packet, your driver explodes, it gives me root access. It's kind of a terrifying thought. So when I was in Norway, I wanted to see, back in February, I wanted to see, I was bored, had the most horrible flight over, had just been up for like 48 hours straight, and I'm like, okay, I'm at a security conference. Let's see what kind of security knowledge we have here. Do people actually take what we've been ranting about for years to heart? Do they actually do it? And this is my first time off with the North American continent in years, and I wanted to see just, okay, I want to play around with other cons. So what I did was I set up AirPone, and for those of you who don't know, AirPone is a wonderful little tool that, let's see, you're getting Google's homepage. You get the HTTP request for the main image, and when the remote server gets added, it sends back the image. Well, if I'm in the room, I can respond as the access point faster than Google's request would come back. So the client gets this image really quick, and oh, these other packets coming in, I'll just drop those. So I'm able to substitute my own image in place of Google's main logo. This debuted at DEF CON 10, 11, somewhere around there, basically where people were replacing images on the fly with GoatSea, and you can imagine that one. They've actually got some really good pictures and video up on their site. So I'm at this conference, a couple hundred people. They've got three wireless networks, an open one, a web-encrypted one, and a WPA one. So I started playing with the open network. So I started injecting an image to see if people were observant. I don't know if you can tell, but that's a 10-foot kayak and a 12-foot shark. That says Poned, or it's really gonna make your day suck anyways. I hope that's not a rental because I don't think he's getting his deposit back. So I started injecting this image, and looking over people's shoulders, and they'd fire up a new site and all the little thumbnails would be this image. But it was small. You couldn't really tell what it was. Some people were like, somebody got a shark fetish or something. What's going on here? There was some general confusion, but nobody was really getting it. So kind of I had to up the ante here. When I'm bored, tired, and partially drunk, I get creative. So I started injecting this to see if anybody would actually figure it out. They got it. They figured it out. And it didn't get punched. I did have a few people running up to me with their corporate webmail with my face in the corner. They're like, what did you do to my laptop? What did I do to you? Why are you hacking me? Why are you giving me such grief? I didn't do anything to you. And I'm like, come to my talk. I'll explain then. And it was just highly entertaining because there's a room with vendors and they're going to show their stuff and they go to the company site and oh, what the hell? It's just highly entertaining. And I do have to thank the staff for hack on, for not kicking me out or getting overly pissed off with me because I was making a point and I think most people got it. Other threats to Wi-Fi that you're going to run into more and more at airports and public spaces, things like karma, hot spotter, Metasphalite now has a karma module. Karma is the program that listens for beacon requests from clients and says, oh, that's me. And literally makes your laptop the universal access point. It responds to any request to connect, no matter what the SSID is. Simple Nomad a few years ago gave a talk at Shmoon Chronicle hacking the friendly skies, which was highly entertaining. And he basically found a way that he could have an access point with beaconing when it couldn't find the network it was looking for or any network it was looking for. It dropped into an ad hoc mode that you could then see the packets coming from an ad hoc. And I don't know if you know I think about unencrypted ad hoc networks, but it's like, what authentication? Oh, that's me here. We're now connected to each other. So he'd sit back in cattle class on these long haul flights and you'd have all these guys in first class they'd be typing away in their ultra expensive laptops and everything like that and be able to look through the curtain and see these guys. So he would connect to them, go through their shares, see what sort of things were there. Oh, look, company memos, company directories. Oh, that's an interesting report. But he upped the ante and would go up, you know, walk up to these guys. And I don't know if you've seen Simple Nomad. Is he here at all? I've not seen him this year. Okay. You know, kind of an old scruffy guy, usually using like a trench coat. Just not your usual typical clean cut businessman. Would go up to these typical clean cut businessman and go, hey Bob, how you doing? How's Julian accounting? Did you get that memo about that new project and these guys would go, what the hell? How do you know all of this? It's just absolutely terrifying these people. Cafe Latte came out, I believe it was last year, which you don't actually have to be connected to a network, or your company network. If you're just sitting in a cafe, I can throw packets at your laptop and tease out the web key without you even being connected to the corporate network. So if I know that Widgets International is in my hometown, and I want to attack them and make their lives miserable, and I know that, oh, their business guys have breakfast here, I can attack him. You know, he probably doesn't have an intrusion detection system on his laptop. So, you know, pull the web key out of there, go attack the company. No web can be broken in like 60 seconds. But still, think about this, that this is something that was, I don't type that fast. But you shouldn't be using web to begin with, but other things like de-authentication, headaches, like been seeing a bunch of attacks like that going around, just people playing around. Do that in a coffee shop, in a Starbucks, and people just go, huh, it says I'm connected, now I'm not, yes I am, now I'm not, what? It's confusing as hell. If your wireless is on, you're probably ponible in one way or another, so if you don't need it, turn it off, and if you do, take some measure. Disable it when not in use. Use a VPN, there's a lot of good free products out there. Assume you're going to be attacked. Don't just think it's all one happy wireless world out there. You're gonna get board hackers sitting in, you know, airport departure lounges with, you know, an hour to spare. Don't trust customer networks either. If Bob's going out to a customer network, and he's connecting in to get internet access to check his email, get, you know, pricing or availability or anything like that, I've heard stories from people that they'll see, oh, new host on the network, oh, go poke it, oh, it's the sales guys, oh, look, open shares, oh, private information about margins on all the widgets and everything and all the term models, that would be interesting to know so we know exactly how much we can, you know, talk him down in his price. Being able to renegotiate contracts based on knowing exactly how much margin is in there. Like, you're connecting to somebody who really, from a business perspective, is hostile to you. They want the cheapest price you want the most. Don't trust them. Turn on the firewall. Even if it's the windows one, just do something. Be cautious. And Roger Dingledein, is he in the room? Nope. Tor Project actually pointed out that in a pinch, Tor can actually be a real life saver because when you're sitting in an airport or something like that, Tor will encrypt from your from your laptop through the access point to have your connection pop out in like, Hungary or someplace like that. But it provides that level of encryption that you can't see what the data going through and inject. So Roger was actually at the same con in Norway when I was doing this experiment and he was hearing all these things like, what the hell's going on with the network? There's all these images in that. He actually had to turn Tor off before he noticed. And he actually encouraged me to keep it running because he was making a point in his talk that this is the sort of crap that Tor can be useful to stop. Let's go after his phone. How many of you guys have got the sales guys in your office that are always on their cell phone that's like welded to the side of their head? You know, a bunch of you, you've all seen people like this. Bob also loves his Bluetooth headset. Now, I know a bunch of states and provinces have mandated you have to use hands free and car. I have a Bluetooth headset. I use it in the car. It's handy. I'm sure you've all seen them in like Dunkin' Donuts where they're sitting with that stupid blue light blinking in your eye. How pretentious do you have to be? I'm sorry. I have a major hate on for these things. How pretentious do you have to be to be able to answer a phone call in two seconds? He also uses his phone for SMS one-time pads with his bank. This is actually something I'm not familiar with in North America, but I know in South Africa when you do a transaction before, you know, online or through like an ATM or something like that, it will SMS you like a one-time key that you have to enter to complete the transaction. And this is a really sensible system because it's a back channel that an attacker theoretically if they read your card off the ATM are not going to be able to get at your SMSes as well. Bob also keeps company directories in his phone. If it's on and discoverable with Bluetooth, anyone can probably connect or at least see it and initiate trying to connect. Most devices have a pin, however, how many of you have changed your default pin on your Bluetooth phone? How many of you haven't? Why did your people put up your hands? Give me time. Paired devices, if you can either force pairing, trick pairing or just have a legitimate reason to pair, oftentimes you can get access to the whole device, not just the little segment you're trying to, oh, okay, I'm trying to exchange a business card. Well, why do I have to, why can I do AT commands now to your phone? It should be just OBEX file transfer one way done. Why is there still a trust relationship here? This isn't a specification. It's kind of dumb. You can rewrite SMS messages, change phone book entries, notes, images. There's actually a very interesting case going on with the mayor of Detroit who got caught with several hundred SMS messages between him and his mistress on company time and the newspaper published all of them. His lawyer is actually saying right now that, oh, it was an attacker. Somebody inserted these messages in and, well, that's really possible. It'd be very interesting to correlate the date times that those were sent and if you was sitting in the same place at every time because I get the feeling if he's traveling around you'd have to have somebody following around within a few feet to insert these at different date times. Yeah, I don't think that case is going to hold any water. Some models of phone are actually really interesting in that you can connect to them and you get a, or the ability to connect an RFCOM channel 17 and you can issue AT commands like old style modem, AT commands, you know, ATDT and then a phone number. This is actually not something I've heard of in North America but in Europe there are some issues with premium rate calls like our version is like 1,900 numbers. You can basically connect to somebody's phone and make them dial a number of your choosing. This gets interesting because if I make Bob dial a phone number that shows up on the bill as something that he would never, ever want to have to explain he's just going to pay the bill and make it go away but imagine just putting into his expense report, you know, a nine hour phone call to Madam Whips a lot fun time party line. You could just, even just from a malicious standpoint, you could make somebody's life miserable or something like that. Audio. Have we got audio? Let me try some. And one of the later closest friends, the mobile phone. This is either UK. Audio. Experts have discovered a security flaw in some of the most popular Bluetooth enabled phones that allows others to hack into your handset and take control of it. Our hustlers are going to demonstrate for our hidden cameras just how vulnerable your phone can be to a silent attack. This is the Bluetooth scam. The problem with some Bluetooth phones is you can make a major connection to the phone if you take over the phone. Read the contents out to the phone book. SMS messages even actually make calls with it. So, how does the Bluetooth hack work? Our hustlers are going to demonstrate to here. Jess and Paul's phones have their Bluetooth turned on. Alex uses his mobile pocket PC. Because of a security flaw in Jess's phone, he is able to locate the Bluetooth signal, hack directly into the handset and take control of it. Before he can make a call from Jess's phone to Paul's phone. This technique is known as bluejacking. The Bluetooth hustle works by using the Bluetooth feature on mobile phones. It's a very modern, very useful, very easy piece of technology. They can connect to your phone without you knowing it. Your phone will not even show that it's connected to something. They're now ready to test it on the public. Alex has set his pocket computer to search for Bluetooth signals. Now he's pinpointed a mark with an enabled handset. He can go for the hack. Now he's in and making a call using the Mark's phone. But where's the actual scam here? It's in the number that Alex is calling from the Mark's phone. Our hustlers have set up their own premium rate line where calls are charged at £1.50 a minute. So this guy's having the money taken from his pocket but he's totally oblivious. And if the Mark doesn't realise his phone is calling the hustler's premium line during his journey between Manchester and Liverpool, he will lose £75 in call charges. Ouch! So if Alex spends some time here, he can really take home the vacant. In an hour he manages to target 20 phones with an average call time of 15 minutes, making him a grand total of £500. Our hustlers have proved for those with the ability and the know-how this is a really money-spilling scam. The simplest and best way to protect yourself against this scam is just simply to keep your Bluetooth turned off unless you're actually using it. If you do not switch off the Bluetooth feature on your phone when you're not using it, you're in danger of somebody finding a way in. With apologies to Major Malfunction. I wish you guys could see it from up here but every time I play this video or give this talk there's always Bluetooth threats. Bob's headset uses a default pin. Most headsets don't have a keypad so you can't change the pin number. It's usually like 0000 or 1234 something simple. There's the indexes out there of different manufacturers they know exactly what these are. You can do a blue bump and repair. You basically break the connection between the headset and the phone. You connect your device to it and oh look you can now turn it on. You can also inject audio. There's a few people around you who talked to me this weekend about playing with car whisperer which allows you inject audio into Bluetooth devices. But think about this I go to a bunch of meetings and standard procedures take the phone out turn it off or put it to vibrate or whatever but they'll take it out usually just turn it off but they'll leave the headset on and it's still blinking. Wait a minute you just turn off the phone in a favorable mode. Hmm we now have a bug in the board room. If I can connect with a long range antenna I can now start pulling audio directly from that room conversations you know Lord knows well I really like the idea of injecting audio particularly if you're sneaky enough to lower volumes in that and just screw with people's minds you can make this guy think he's crazy. I actually want to do this the scene from Real Genius where they're injecting audio to his braces into his head making him think it's God talking to him I want to do that I just but I absolutely hate headsets Audio Do you want to go to a party? I'll start that I'll start that again So what are you doing tonight? Uh Nothing Do you want to go to a party? With me? Yeah We could just go to my place before and hang out Yeah that sounds awesome Hold on How many of you have had a moment like that where you're not sure if there's schizophrenic or on a phone call especially line candid seal and the taste Keystone light is always smooth even when you're not I'm really sorry but what just happened That's cool I was feeling embarrassed Just a second We've all been there that's why I hate these things Okay This this is a new section I'm trying to stay serious here so follow with me Alright Well rummaging through Bob's phone we make a discovery There's just something that should not be wirelessly enabled and I'm sure you will agree with me on this Special SMS messages in his phone with special five or six-digit headers to them You start looking at these things and oh these are all to his Bob's wife We now know the codes We know the phone number of his wife This device in question is not discoverable but who the hell thought this was a good idea Have you figured it out yet? A Bluetooth-enabled vibrator I've tried to stay serious with me here Basically this device pairs with a cell phone and you send it special text messages with a set of digits at the beginning to identify that it's meant to be passed onto the device Each character that you can type in on the phone has a different motion So there's like 700 or hundreds of different motions on this thing You can imagine The toy.co.uk if you really want to check this out but Let's get in your window out of the way I want this to be serious I know you're thinking it I really want to find one on a site survey You don't wait Really? Teledonics is an actual field of research It is But Every example you come across when you start Googling into this stuff There is no security Nobody can tell me on devices like this or any of the other stuff what level of security they've done Nobody's done reviews on this This is something that Hello New field It's an extreme example of a generally bad idea of wirelessly enabling stupid things I mean I'm sorry There are serious implications here I'll give you a moment You okay? Now if I start sending messages to Bob's wife through his phone he didn't send those Is that rape? Seriously Oh honey Thanks for sending me that message It's 7.30 I didn't send you a message Think about it There probably will be a court case sometime in the near future where this will happen this will become a question What about non-principle characters? Has anybody checked that out? You know start sending control characters or something like that to the device You know, does it like misbehave? Like does it just jam on? Or like what? You know It makes me wonder like Has anybody actually tried this? It seems funny but this is a serious thing because I mean this is rather intimate and you could theoretically hurt somebody Now you could like hurt somebody with an SMS message This is terrifying actually What's that? Actually I don't own one My wife helps me with a lot of different projects This isn't one she was wanting to But if anybody's willing to pony these things are like 300 bucks if anybody's willing to pony went up to bring to like DEF CON next year so that you can just put on a table and just let people go shit on this thing Well that is you come out at the end of this thing with a white paper Does stop Bluetooth threats She asked What do you mean by on this thing? Poor choice of words I apologize But Does stop Bluetooth threats just turn off your Bluetooth It saves battery life too I mean my phone goes maybe eight hours if I'm lucky if I keep the Bluetooth off or keep the Bluetooth on turn it off I get a couple of days change the default pin if you can some of the new headsets that don't have keypads you can actually connect to you over USB and through a little program change what the pin is you need to connect to this thing always if your cell phone allows for it prompt for pairing don't just automatically accept any connection that wants to turn off headsets when not in use it saves battery as well plus you can get that stupid blue light blinking in my eye from across the board table and just consider the security implications of devices you have with you and if you're building something it gets really really bored and wants to you know start hacking away at whatever device you're creating think about it let's go after his keys Bob has one of his RFID proximity cards for his office you know you've all seen him Johnny Long has a really good talk in his no tech talking hack he talks about how he goes around and takes pictures of people's IDs that are on their land years and is be able to make up his own based on those because often times they're on their land years or whatever I don't know if you guys have seen this but Jonathan West used a website called cq.cx pointing out most of these cards are legacy systems some of the newer ones are encrypted but a lot that you see out there are not it's just reader queries give me a number it says here's my number oh you're on my list I'll let you in Jonathan created this wonderful little device this is actually one he's actually gone to version three now which is even better with this one it's basically you push one button wave in front of the card it reads the information push the other button it spits it back out so I just go up to the CEO or the other person who has access to the entire building the janitor and go hey how are you doing you're doing a really good job you know copy their card now the you know now the or the CEO has to explain why he's in the research and development you know rooting through you know sensitive files at three o'clock in the morning because all the audit trails will point back to his key which is still in his pocket traditional keys are vulnerable too they're photos of keys so if you're one of these guys that carries their keys on an exterior belt it's all jingling away a lot of janitors or maintenance people do this too the photo can reveal the bidding of the key which is what you need in a lock D-BOLD who is now premier election systems got caught doing this with the keys for their election machines you go to their web store to order more keys for your devices and oh there's this handy little photo of what a key looks like that's a key of the actual the photo of the actual key yes that's the actual key and it works for all the machines across that the company makes it's actually a common as dirt office supply and like mini bar key can we have the video up? there we go basically what happened was some guys were auditing these units for one of the universities and one of the guys was like hmm that key looks familiar that's the key from his mini bar at home we basically went home came back the next day it's like click oh hell there goes democracy passports passports I know major malfunctions been talking about these for a while but still it seems that people are just not quite getting it new RFID passports how many of you have one of these new passports with the little boxy thing at the bottom that says it's RFID enabled? you do? alright the encryption on these is generally not very strong the way it works is each country does have the ability to tweak how they're doing their keying but typically what happens is you walk up to border control hand on the passport they have to swipe the machine readable zone the text at the bottom underneath your picture on that page swipe that that gives them the information they need to generate the key to then unlock and download the contents of the RFID chip well there's only so much information to have in that machine readable zone the things like birth date very fairly limited key space especially if you know your target and roughly when they were born sequence number of the passports well if you know how long passports have been around or with the RFID well you can make some easy guesstimations as to how they do their sequencing you know there's other information that's fairly easily guesstible and they've actually been not US ones but other countries they've been able to hack them literally through the envelope that it arrives in the mail with just based on stuff that's on the outside envelope and Google you know they're able to get into these things even the US like the US okay when they put out when they were looking at doing this they basically put out a request for comment and the results from that were rather interesting like 2,000 comments against saying this was a bad idea to saying it was good a little lopsided their solution to appease people was okay we'll put it literally put a tinfoil hat on this the front and back cover have a liner of foil that is supposed to keep the keep the signal from being the RFID reader from being able to interrogate the chip until it's actually open and presented well again apologies to major malfunction this is his hand I don't know if you can see this but you push the thing closed the data stops it naturally springs open and they start streaming by the passport the tinfoil hat is self defeating I'll show you that again basically what happens is the rigidity of the material they used makes the cover want to pop open about an inch and that's just enough to get a reading now this passport is sitting right on top of the reader yeah paperclip an elastic band something you know it just if this thing is sitting in a purse or a loose pocket or something like that it can be read it's false sense security oh we put the tinfoil hat on it well passport condom he says no actually I'll just let that run swipe this from major malfunction actually in the UK just on Wednesday they were basically able to clone the chip out of a UK passport and put it into another one and the software used at border control says yep this is authentic and they were also able to go in and alter that chip and replace a baby's photo with bin Laden now and it still checks us out like this is like still going on right now we've been going at this for like a couple of years now we've been talking about this people aren't getting this and I think you really need to educate your salespeople who do travel abroad now one of the common fears is that oh you know if you're an American traveling abroad sniff your passport and figure you're American so they can kidnap you or hijack you or whatever I'm sorry most anybody from the western hemisphere traveling to Europe or other countries we stick out like a sore thumb you know it's like a bunch of hackers in Vegas in the middle of August you know we all dressed in black and we're pasty white we stick out but still think about this if you go somewhere if somebody clones your passport because they kind of look like you and you re-enter and they re-enter the country before you suddenly you're at the border and you're re-entering they say well you're already here come with me and you know the usual rubber glove treatment and you have to explain that no I how they won't probably believe that somebody clones your passport even though it is possible alright Bob has other duties occasionally works trade shows Bob's sales depend on having you know all those widgets in order being able to show off how wonderful they are you know how neat and shiny and everything that they are well what happens when you have widgets that have unauthenticated unencrypted commands and I'm sure most of you have probably spent a great deal of time because I was so excited when I found out that the badges were TV be gone that I was I'm sure there was a few people around Vegas this weekend that were kind of hating that this is an extreme example and please don't try this at home most of all this focus is about making most of all this focus is about making sure that we deliver devices for the consumer and you can just wait a moment to make some more screens and just go down and get some dancing girls to keep an eye on you for a few minutes while we just get things together let's take a look at what he go up to on his trip to Vegas that was Gizmodo at CES 2008 this past January Make magazine gave them a bunch of TV be gone and this was like the year of the TV at CES how much does a little square of tape cost I mean you have to feel sorry for the Motorola guy though I don't encourage people to do this because if you're trying to do a presentation this guy's livelihood and they're sitting there making his life miserable not cool now the wall of screens that was cool so I mean you know don't be a complete jerk when you're pointing things out to people but you know make the point now a couple of years ago at Shmucon I found myself in an interesting position there was a vendor who was giving away little USB hubs that lit up with an LED when they were plugged in and you know they had a whole bunch of them daisy chained together and they wanted to show off that they lit up so they had to plug them into something namely the demo laptop well I again you know you get a hacker right place right time right tool gets kind of bored waiting for registration and I'm standing next to these guys and I fish around in my pocket and I find oh look I have my USB switchblade with me go up to them have a friend distract them go click click I don't have all passwords out of memory I'm not one to make a small you know to make a small point I like making big like clue-bat side to the side of the head kind of level so scrub the passwords because I'm not complete it you know complete jerk scrub the passwords just to the first three characters did up a little script scrolled them across the screen borrowed a projector set up on the table next to them projected on the poster in behind them and then stood on a chair the announcement that okay ladies and gentlemen you're at a security conference that means to secure your ports not just your network ports but your USB ports and went on to explain what I had done the best part was that the the woman who was working the booth at the time was fairly new to the job and there was another more senior guy who was off on lunch he'd spent the entire day previously secure out of HackerCon don't connect anything with that you need a password for you know to be very careful these guys are listening who's doing this and who's doing that so she was being ultra paranoid with her laptop like not checking email not doing anything that transmits a password it was his laptop so when he came back from lunch he had a rather rude awakening it was very cordial I didn't give away all of his passwords but I proved what I had done and basically had to go through a little bit of mandatory retraining when I got back to the office they have a ritual in the office that if anybody does a real bone head pulls a homer they have to wear this big foam cowboy hat for a whole day so so what have we done to Bob here pwned his laptop his data his cell phone his wife his keys his demos and his ability to work you know has anybody got any suggestions I know Blackberry is going to come up Blackberry has actually done a fairly decent job of keeping things relative to secure Bluetooth on the device notwithstanding but through their own network they do do a decent job but just think about this how many of you have seen or have been or have seen people that during one of the big outages or something like that they can't get their email off their Blackberry they become like simpering piles of goo on the floor clicking like hoping that it will come back up imagine if you could cause that on demand like people are way too dependent on technology I'm also curious what are you guys doing to teach your staff and those under you that you're responsible for the security what are you doing to teach them to keep their stuff secure you know so other things that you might want to consider wireless presentation mics you notice me using the cord wideband jamming the ever so wonderful Lady Aida I gave it as a Christmas gift to everybody I can't remember the name of it right now wideband scanner does GSM Wi-Fi and Bluetooth wave bubble that's what it is just the ability to stand there and go click and watch people like hello, hello where'd you go hello just to be able to do that on demand and enforce some privacy is her logic imagine doing this next to something a little more interesting like I said people are putting wireless and stuff that should not be medical devices that's a little terrifying if you have any questions there's my email a huge thanks to Rob T. Firefly out in New York who did the artwork for Bob because I can't draw with crap and basically I have for sale the WPA tables the 33 gig addition 9 DVDs for sale in the wireless village basically I have to pay you back DEF CON for the ability to sell these things as well as this is how I'm eating so if you really like what you hear and you want to be able to crack WPA faster please buy a set they're 50 bucks they have lots of them I don't want to take them home thank you