 The other title of this talk should be the TMI of Wayne Crowder, because you're gonna learn a lot more about me than you ever wanna know. And there'll be a little bit of fishing porn and some discussions in fishing to fishing, like it says. So first, let me go through the legal disclaimer. This talk is for entertainment purposes only, theoretical examples, and many times you have to have documented permission to do some security research. Don't break the law. I will discuss ways of getting wifi passwords and usually that's not really accepted, so there you go. Who is this joker? My name is Wayne Crowder. There's the obligatory who I do in security, TMI to follow. Let me start out by saying I am from the great state of Alaska, that's where I grew up. You can get an idea of maybe what it was like growing up in Alaska, a lot of outdoors, but also it was quite cold in the winter time. So when I wasn't enjoying the outdoors or fishing, doing other things, I was watching a lot of TV. And occasionally I was watching this guy. So anyone who's familiar with fishing might know who this gentleman is, Mr. Bill Dance. There's a lot of great YouTube videos about him doing some of his antics while he's been trying to film his show. This is one of the ones that I thought would go over well here at the con. These kind of videos made him pretty famous. Some of you might only have experience with fishing with this game. Does anybody play this when they're younger? Yeah, I play it right now with my kids, it's a blast. I didn't know that Harlem Globetroners actually fished with their basketballs, but clearly they did. Some of you may have experienced fishing with this. All right, Sega Bass fishing, one of the best. But a lot of you probably spent time with a family member, maybe a grandpa, a dad, a loved one. Some of the ladies out there even have experience of fishing, but I know through pop culture that sometimes catching a delicious bass is a good way to get the ladies. It might even be a great first date, and it worked for me. That's how I got my wife? No. This is an actual real photo from someplace in Norway. It's pretty funny. There's no help available for her at all. Some of you might have gone fishing at your hotel, right? This is actually supposedly from some room here on the Strip. I thought that was good. And some of you can't go fishing because you always drop the bass, okay? Anyway, I'll get back to some more serious stuff here. Major League fishing. I don't know if anybody's ever seen this show. Professional fishing, there's actually a lot of money in it. It's a huge market for a certain section of the country, fish like this, boats like this with crowds, everybody's lining up. There's a lot of money involved. These guys are chasing, some are even driving their boats sideways for $100,000, $125, even a million dollars. That's the prize money in some of these purses, okay? They fill stadiums like this and like this just to watch people weigh fish, okay? And the ultimate goal is to get one of these, right? Of course they want to get paid, but we always want the trophy. So, bear with me as I set all this up and how it goes into security. The TMI moment. This is me many years ago on a billboard. This was a giant billboard on one of the freeways up north and I was Mr. Big Fish for a dealership with a wrapped truck and boat. This is me hugging myself, all right? It's kind of a cool thing to have your own cut out. I had a wrapped boat, went very fast. I had the same dreams and passions. I wanted to catch all these fish, big, beautiful fish like this, even trout. Heck, if it was in the water, I would catch it. This was a great trip to the Amazon. I got to spend a week in the Amazon and meet the people and do stuff and I even got a trophy, right? I got my trophy, my moment and I got to kiss a lot of these, okay? I got to kiss a lot of fish. But then, something happened, okay? Something happened in my life, yeah. Right there, something happened, right? Did this happen to anybody last week? Yeah, a few of you, okay. So something happened, this happened, okay? This happened in my life, my oldest son who we named Fisher because at the time I was traveling around doing stuff, he was diagnosed with autism and the only familiarity I had with something like this was at a charity event many years back where I took a child out with that and so my priorities changed, okay? I had to change my priorities, figure out what I was gonna do because I had been working jobs like this, a little bit of security, but a lot of technical support, maybe an admin and I was told that there's gonna be more security and security, right? And so I started to look around for jobs and try to see what could I do? Am I the analyst you're looking for? And it brought me to a small little village called Kansas City and there I am in Kansas City and I got this great job, I'm working security and as I'm working, I'm starting to figure out some things and I found out that professional fishing has a lot of similarities with infosec, okay? A lot of similarities with infosec and you might be saying, are you serious? And I'm saying, look, even in orangutan, monkey, ape, however you wanna put this, can fish and that goes on both sides, right? Fishing or fishing, so let me explain, okay? I'm gonna go a little deeper into this. Who's this, does anybody know? Anyone in the crowd? This is Moxie Marlinsbite, okay, from his video. Moxie's here cleaning fish. He was fishing before, he's cleaning the fish he caught. There's even a lure named Moxie. This is the Moxie lure you can use for fishing. Now I know I took us off the rail here, it's not that great, but let me really explain how an infosec analyst and professional fishermen are different but similar in a lot of ways. First, let's go into training. So, how many here have been to training this year? Yeah, a little crowd participation. There's Sands, right? Sands training, we pay a lot of money for Sands training. We sit in classes like this. This is actually a class I was recently in and we get a lot of good education out of this. Well, in professional fishing, they have something very similar. It's called the Bass University and believe it or not, it's set up very similar to how Sands is. All over the country, there's these Bass University weeks that the pros come in and teach, just like the pros come in and teach at Sands, right? And people pay a lot of money to learn how to be better fishermen and how to do different things, okay? So, we've done the training where professional fishing or Sands training, it's time to get those serious skills. And what are some of the serious skills of a fisherman or of an infosec bro, okay? To me, research, research is one of those skills that is something you can't really teach. It's something that comes with a person, right? They're gonna have it. So, here's an example. Information security likes maps, okay? We like to look at maps. We're gonna research something like this. We're gonna look at some of the data on here. Fishermen love maps. They're gonna do some research. They know we've been on this body of water. They're gonna check out A, B, C, D, right? All these different areas, okay? But you can do all the research you want and you can prepare all you want, but nothing beats time on the water, right? Time on the water or experiencing what's going on is the best way to gain that experience. So, analysis via research. This is the obligatory Star Wars slide. You have to have one of those I heard at every con, okay? So, go back to analysis. Infosec professionals spent a lot of time looking at stuff like this, okay? But we need some context, right? Some kind of situational environment. What is it? Well, same thing here. This is a map of maybe how to fish a certain area of a body of water, but we do learn that this is a fall and winter, so maybe you kinda learn maybe how to approach that. Here's something that an Infosec might look at, an Infosec professional. This is lots of data, right? Does anybody know what this is, a screenshot of? Yeah, it's SIF, okay? But what does it all mean? Well, you need to understand it better. So just like with a fisherman, here's a river if anybody fly fishes, there's all these different areas that you can fish, right? I believe there's 12 points on here that you can look at. Some pools, behind rocks, things like that. So, there's a lot of data to analyze. One thing that the Infosec professionals and fishermen need to have is the big picture. They need to understand the big picture, right? So, believe it or not, this is supposedly not Photoshopped. This is some really famous guy in Europe who catches giant goldfish and carp. But it's all about perspective, right? I mean, who knows? He could have been holding it out like crazy. Could have bought one of these. I thought this was funny. Here's another big picture item for anybody in Infosec. What does this tell you if you're in Infosec? What is the big picture here? Throw the thing in the trash? Maybe burn it? I don't know. I thought this was great. I really do miss the little drill guy, right? But here's the big picture, right? The idea for Infosec is we're trying to catch or prevent or stop all the bad guys, right? So, for a fisherman, the big picture is to catch all the fish, right? To catch the biggest fish, to do all those things. So, those are some similarities that I found out over the years. Another one are shiny things, okay? Infosec pros, a lot of people in IT, they get caught up in the shiny things. This kind of box, this is the box that the vendor's gonna sell you. It has a fish symbol on it, right? It's gonna do everything for you. It's gonna make your job better. All these things, it's that shiny thing. Well, for fishermen, you have lures like this. Wow, it's amazing. Look at the detail on that. Look at this one. It looks just like a real fish, right? Shut up and take my money. I want this, right? Who doesn't want that if they're a fisherman? Who doesn't want that, right? How many of you had to deal with that? Well, it's no coincidence that there was a company named Fishnet, right? This is the symbol for Fishnet. They no longer exist. They've rebranded to Optiv, but I thought it was interesting. Coincidental, right? Points. Fishermen and Infosec people love points, okay? Right here, some of you might be salivating right now just looking at this as an Infosec professional. Hey, look at all these points. Oh, look at the ones in the middle there. We gotta figure out what those are. For fishermen, they pay a lot of money for programs to tell them that these points like this are really good. You gotta check out the points. I just thought that was kind of funny that points are there for broke. T-shirts, okay? Hacking and Infosec love t-shirts. I'm wearing a t-shirt today that says does this shirt make my bass look fat, right? It's another one of those that you can hear. Some of you probably have more t-shirts than you can pack at home, right? You're gonna get an extra suitcase just for your t-shirts. Fishing industry, same deal. You know, one day they'll name a lure after me. Kind of Krebs ideas, right? So I also thought it was kind of funny that there's the hack naked and fish naked t-shirts. I thought it'd be cool to get one that says that on both sides, maybe. How about patterns, right? In our jobs, we gotta follow a lot of patterns. We gotta understand what's going on. Fishing's no different. So you have a point here. You've got some wood, some grass. Maybe they're out deeper. The pattern will be dependent on what the fish tell you, right? So maybe you go find one of those maps again or get some context and you figure out that maybe they're on vegetation. Here's a pattern for some InfoSight professionals. What does this pattern tell you? I don't know if anybody can even read that, right? It's probably one of these, okay? It's a pattern. Job security for many of you if you have WordPress in your environment. Another thing I thought was interesting. Stickers, I think the people in this con will do anything for a sticker. If not, just horde stickers that are on tables. We bought stickers and we leave them out and it's kind of funny to watch them disappear like that. Fishing's the same way. Here's a guy from Alaska with his passion about fishing and all the stickers and it's pretty funny. Some of these boats, oh look, see? Plug for Wall Sheep stickers, right there. Some of the boats are made, I got huge stickers on them, big wraps. Another trait, and I want to know if anybody could get this because this is kind of a difficult one to do while you're Google imaging. Does anybody know what this is? Yell it out. It's the HTC desire. So desire is something you have to have to be successful both as a fisherman and as an InfoSight professional. But the problem is if you start looking up desire in Google image search, you're really going to skew your whole profile and it doesn't go well because you end up with stuff like this. I mean, seriously, I don't know what this is. Some kind of desire, I guess. You get stuff like this, which I was like, what the... But even worse, I actually found a Rule 34 for fishing and there's this joker, okay? So I'm gonna leave that there for a bit while you guys chew on that, right? So desire is huge. You have to have desire to really succeed. You can't be the guy that's like gonna go home at five when there's an outbreak of something, right? Or you need to be reviewing stuff, there's an incident. You really gotta have that passion, that burning desire. So I just thought that was kind of interesting and then I learned way more about the old industry I was in in fishing doing this talk than I ever thought I would. Another trait between InfoSight professionals and fishermen is organized, right? They have to do a lot of preparation. A lot of times their things are organized. This looks pretty dang good, right? We've probably seen some cool badges or different gear here that looks organized. For fishermen, they like to have their bags or compartments all organized. Everything ready to go, prepared. Plan A, plan B, plan C. How many here bought a bag like this to DEFCON, right? Had all their stuff, right? Some of you did that. There's a lot of good stuff in there. This is a buddy of mine I stayed with earlier in the week. He's got a garage full of stuff like this, completely organized, labeled out. Some of you are using this to organize your code, right? So organization, another trait. Another funny thing that I thought was interesting is I've noticed that a lot of people have a lot of tabs open that I work with that work in the security analysis field. And I don't know if you have a guy in your department or your company that does this, but I thought it was kind of funny to show the image of all the other maims that talk about people that have all their tabs open because in the fishing industry, we end up with a boat looking like this a lot of times. So a professional fisherman will head out and he's got literally 15 to 20 rods on his deck. And to him, it's organized, right? I've done that. So I thought it was funny and I'll be with people like, what are you gonna do with all those? And I'll be like, I get the same question now. What are you doing with all those tabs open? Well, I know what they're doing, right? So that was another very common thing. Methodical, okay? You have to be methodical with what you're doing both in fishing and in infosec. You have to be patient. If you're not patient, you're never gonna survive. I mean, long term. You gotta be able to endure those times when you're on a pen test and you could go for days without finding anything or reverse engineering some malware and it's been days, right? Also, you have to be able to adapt, right? So I thought this was a cool little name about some brony action going on. It happens in our field quite a bit. I don't think it's really a big thing in fishing but figured I'd throw it in. Although I did add a brony addition to my fish finder we'll see later. So another trait between fishermen and infosec professionals is they have to be curious, okay? And I love the slide because how many of you are curious what is in that awesome float cooler thing, right? I also love the fact that the little kid is pretty much the only one who's like, what are we doing here? Why are we here, right? Everybody else is all excited. He has a space like, what's going on? But no, really, I was looking for a slide like this, okay? So as a fisherman when you really are passionate and you kind of have that, in Portuguese they call it the formite, right? You just kind of have this stuff. All you can think about is fishing. You'll drive by a body of water like this and all you'll think about is, hmm. I wonder what lives in there. I wonder if there's any fish I could catch, right? You kind of look at that. And then as a security analyst, a lot of times you might look at graphs like this and be like, wait a minute. Why has there only been one connection from this IP? You start to look at data differently and it kind of itches that part of your brain, right? So then you see stuff like this and you're like, whoa, yeah? I love this. This was a recent one we found in Malware, right? But a lot of times maybe if we see this one, we want to go further, right? We don't be like, oh, get out of here. I gotta go. We want to take it further and we want to see what's going on. Much like a fisherman does with the body of water. So once again, points for the security analyst, right? Here's a point that you look at and you say, hmm, this DNS traffic is very curious because everything from 29 to 41 characters, there's a huge uptick. So I need to look into that. Another thing through my research of doing this talk, as I found out there's a thing called squirrel fishing. It's a real thing, since like it's over 100 years old and they do it at universities and in the UK. And they tie a papina on a string and they go fishing for squirrels. For those of you who are curious, I suggest you research it and then you'll prove my point. You're curious and you're researching, right? So one big difference between fishing and the Infoset community is they get sponsored by coolers, right? They actually have Yeti sponsorships and I thought this was kind of funny. Evan Williams sponsors major bass events, right? They're like the big title sponsors. So it's kind of a challenge to see some of the smaller cons in the area can get one of them to sponsor their event because I think it would fit well, right? Have a cooler and a lot of y'all are drinking here this weekend. Mistakes, so success in just about any industry, of course, you gotta be able to learn from your mistakes. So in the fishing community, you make a lot of mistakes. In the security community, there's a lot of mistakes too. I love this one as well. I hope that's Batman. Clearly a mistake. So many pictures. There's so many mistakes that happened with this when it first came out. Everybody wanted to jump on it. Things happened and there was a group that said, hey, it was an inside job. It was somebody named Lena and they worked there and did all these things and then it came back, right? And then it's like, oh no, it's this. So who knows, right? But did they learn from their mistake? Yeah, I think they did. This is a friend of mine. His name's Brandon. He was kicking everybody's butt at a tournament leading on the second day by many, a lot of pounds. And you see on the left there that he was calling some fish and that's where you take out a smaller fish and replace it with a bigger one. And throughout the day, you take your best five. So what had happened is he culled in an area where he wasn't supposed to and he didn't realize it. Made a mistake, lost his weight, completely tanked the tournament. He ended up in like 90 something. Comes back, wins the next tournament, learned from his mistakes. Here's a cameraman filming. Gets hooked in the arm because he's too close to the guy, you know? There's mistakes even in that area. He seemed pretty happy though, right? He's like, hey, check it out, you know? Some called this a mistake, right? Some called this a mistake. This is me many years ago with my Mohawk. Is there any Mohawks in the crowd? I can't see with the spotlight. None? Oh, I thought there'd be one for sure. But to me it wasn't a mistake because I took it back to the old autism moment for my son. I put his name on the side. I walked around with a puzzle piece, my son's name. And it was a good time for me to come to DEF CON. So a lot of you probably like Cool Story Bowl, What's Going On, Fisher Cut Bait. We came here to learn about some stuff, not learn about your fishing, right? So brings us back to last year. It's DEF CON 22 on my way to DEF CON about an hour before I left. Boom, this happens to me. I blow my back out. Hurt like crazy. I didn't even realize what had happened until three weeks after. So it's an hour before I catch my flight. I get here, I have to take a lot of these. And I gotta take a few of these just to get through DEF CON week, right? But that kind of inspired the idea for the talk because we had a local meetup in Kansas City called SecKC. And they had a challenge called Trixie. And if those of you aren't affiliated with a local meetup, please do that because it's great. It's a great way to learn. They inspired me to go ahead and put together some kind of talk. And the talk is now what's gonna be coming up. It's about hacking my fish finder. So we're gonna take some of the equipment that I love from my prior life and we're gonna see how it works. So this is tech from the 80s. This is called a flasher. And this was something I think just came out last year. So you can see they're really making advancements. No, this was something from the 90s. This is a graph-based one. It basically prints out a receipt as it went. And now you got 8-bit Nintendo style. But these kind of graphs are another similarity because as InfoSec professionals, we gotta look at a lot of stuff like this too. So water or work. I kind of found myself looking at the same stuff. But we're back to Bill Bantz. He's saying, kiss traditional sonar goodbye, okay? It's changed. We got units that are gigantic. They're huge. They're like this. And they display images like this. You have some amazing detail. You can see above the side finding tech, some of the fish. You can see here some of the things that are discarded there on the bottom. You can see the difference even within the same unit of how the clarity is where you can see the clarity of the grass and what's going on. Right here, we don't know what's going on. It's a flat area. What is this on the edge there? Dude, where's my car? There's your car right there. A lot of times cars are found by these things. And this is actually something that happened this last spring in just south of where I live. It's actually a guy in a bass club that I'm a member of as well. He found a car that saw the cold case from 1972. He's driving around his boat fishing. He sees this car. He calls the authorities. They drag it out and good for the family because they didn't know where this guy disappeared to in the 70s. Here, a lot of times these new modern sonar units are finding drowning victims or people that disappear. So kind of censored that. But back to what we're talking about, the equipment. So this kind of equipment requires networking technology. There's actually ethernet on these boats. For some of the smaller fishing sonar units, you have a device like this over here on the table. It's called a Go-Free. You can buy this as a special ethernet cable. And it has five pins. Here's the pin out. I'm just gonna do it if anybody wants to kind of play around because I talk about cutting this super expensive cable. And you see it's only got two. There's the pin out right there. And there we are. We made a cable. Yay, it worked. I now have a cable that I can hook it up into stuff. But for anyone who has a boat at home and they're actual fishermen, you can do this really cheap with your favorite little $20 device. The cable here, this Loran's cable, actually costs more than everything else combined. So be prepared for that. But if you just get to Amazon and buy one of these 12 volt DC to a five volt micro, you can get it to work and you have something similar to what we're gonna talk about here. So first thing I do when I get it hooked up, I decide to run an end map scan on it because I want to see what is this thing doing? What stands out here besides telling that? Port 80, we got a web server. Wanna log in? What do you guys think the password and username and password are? Admin, admin, right? We've all been through this, you know? So boom, we're in. We're in, let's look around. Okay, SDK version. The platform, it's an embedded switch, RT-3052. See what mode it's in. Here's the access point operation modes. Ridge, gateway, ethernet converter. Wow, it's got a lot of stuff. Oh, check it out, there's your passphrase. Notice the passphrase, it's very complex. It's upper end number, right? Very simple. But you don't even need to get in because if you look on the bottom of the unit, the passphrase is printed there just like a lot of the old home routers. So you could do some social engineering to basically take the Wi-Fi password from a guy out of his boat just by going in and saying, hey, can I check out your stuff or put on a hat? I work for so-and-so. Look at that, it's just all there, right? So let me get into demo time. I'm not gonna get into how we grab and crack the password because I think everybody in this crowd probably knows this, I'll just kinda go through the slides really quick of AirDump, you're gonna grab it, you're gonna see what it's at, you can see Go Free here. Every one of these is the SSIDs called Go Free Wi-Fi with the last four of the MAC address and we're gonna start to dump that, we're gonna see if we can get it, we're gonna de-auth it, right? De-auth, de-auth, de-auth. We're gonna capture it, now we're gonna crack it. And as we crack it, boom, there's a password, okay? So if everybody wants to note that down, they can hop on, you got the password. And a lot of the, this simple upper and numerical, it really doesn't take much to crack, especially with an Amazon instance, you can talk to the password-cracking guys. So you can go out and get an app like this from Lawrence off of your app store. They have a Navico, Simrad, or Lawrence so that you can do stuff like, whoops, stuff like this. So you can take your phone or your tablet and you can then see what's on the screen. So it just tells you what's on somebody's screen. I thought that's kind of cool because when you're out fishing, you're like, why is that guy on the point? Well, if you can get into his device, you can see what's on the screen. So you can see what's on the screen, mirror it out, but more importantly, you can hook it up to a tablet so now you can take that little tiny display and you can have it work so that you can actually control it from a tablet, a full-size tablet like this, and you can control what happens on the screen. So what if you could take a fishing pole and hook up one of these small monitors or maybe add some Wi-Fi and just go out and sniff and start doing sonar driving, right? Drive around a way, get in your boat, start war-driving sonar units. Maybe make an evil sonar unit. Get people to connect to that, right? But I'm running off the rails again. So I start to run a wire shark on the communications between mirroring my screen and what's going on and I see that it's using a screen mirror called G-Streamer, okay? So that's kind of interesting. Well, let's end map what's going on with that device. So I run an end map on the actual sonar unit and I see a lot of interesting stuff. Port 21, Port 80, wow. What's on Port 80? So what? Download a USR file. Anyone who's a fisherman here, do they know what a USR file is? No, you're going to and if you don't, this is kind of a big deal. Right here during tournaments, the powers that be track the fisherman so that they can kind of sell their service to people who want to follow it. It's kind of like if you're in an NASCAR you can buy the direct TV subscription and it'll have the channel of your eraser and you can hear them talking and doing stuff, right? So here you can see the boy duck it, this fisherman is down over here. So if you're on the lake, you can drive over and watch him or you can see what's going on. You can see what Boyd's doing, maybe the fish he's going after. This is a bomb and this is a big deal because waypoints are the currency of fishermen. Anyone who fishes here would know that waypoints are a huge deal. That's your time on the water, that's your experience, okay? They're kind of a big deal because waypoints, if they're taken would be like taking Moxie Marlin Spikes code. This guy's recipes, right? So somebody's head's bleeding, I think. And it would be the kiss of death. So let me get into the demo portion of this and I'm gonna show you guys what happens with the waypoints here. So bear with me, see if we can stream this. So you're gonna see the example of the streamer. What I'm doing is doing nothing right now because I have a blue screen. Awesome, we just did this. There we go. So this is basically a stream coming off of the unit that's sitting there on the table and you can see some of the waypoints that are on it. And if we zoom in, so I can actually go over to my trusty browser and this is the IP of the unit. There's the web interface, I can hit download and boom, it just downloads all the waypoints. So now I would have a user's waypoints, okay? Boom, there they go. I'm gonna download. Boom, what if I wanted to do something a little more fun, maybe a little more malicious? Maybe I said, well, thanks for your waypoints, how about some of mine? So I look at the screen, I think, okay, what could we do? So let's go back and let's upload some waypoints. So let's go find these waypoints which aren't showing up. Try this. So here we go, we're gonna submit some waypoints and you're gonna see that I submitted them. The screen says, a new user data file has been uploaded to the local device. Do you wanna import the data file? Fishing hotspots update. As a fisherman, what do you think? Oh, fishing hotspots update? Heck yeah, I'm out on the water, right? I wanna fish. So you're gonna go in and you're gonna hit yes with your trusty device, so let me do this. This is awesome, I'm in the wrong room to be demoing Wi-Fi in the Wella Sheep Room. Okay, so we can see it's up. I'm gonna hit yes, maybe. There we go. Little bit of lag and delay. There's probably a lot of Wi-Fi going on in this room, I would imagine. And it crashes. I'm gonna have to have some analog help here. Oh, there it goes, update. So now, wait, what is all of this? What is all of this, right? What is all of this? I may have to have assistance depressive because it clearly crashed my Wi-Fi device in the room in the most hostile Wi-Fi area of Vegas right now. Awesome, here we go. So the guy looks at his screen and he's like, wait, what is all of these updates? What are these? So let's zoom in and find out what they are. I need some Jeopardy music. Anyone, Jeopardy music? There we go. We're zooming. Could it be any slower? Oh, oh my gosh, Wi-Fi's stuck. That's hilarious. I'm gonna have to have a manual assistance because the Wi-Fi's not working. It's too saturated. So, we'll center the screen. We've broken it. There we go, we're zooming out. See if it'll stream over. Anything? Press the button on the side there, the minus button on the right there. Yeah, on the right of the display. There we go. Just press and hold it, yeah. You can press and hold it and it'll just zoom, zoom, zoom, zoom, zoom. Okay, so if you hit, there we go. Sorry for the delay on this. I'm streaming, you can see. We clearly, the zoom button got stuck on the device. Yeah, no, keep zooming out. Hit clear cursor up there in the corner. There you go, there's the lake. So, we're in Vegas. So, if you scroll over, I'll scroll a little bit. This demo is crashing and burning clearly. There we go. So, the lake's below you there. See if I can get this thing to work. What's funny is that these sides, of course, I'm in a room where there's no other Wi-Fi around and this is working like a champ, right? But in a wall of sheep room, I can't imagine how hostile it is right now or how much, how saturated it is. So, if we could get back, there we go. So, we found the lake. Here's the lake. Now, we're gonna zoom in to where we uploaded these waypoints for this fisherman who's expecting his amazing hotspot technology. There we go. So, some of you might be able to make it out already. What it says, it's not working. All right, well, I planned for this by putting a slide deck in. There we go. Zoom in for me, Scott. Right, right, right. You basically wrote out that welcome to DEF CON on Lake Mead if they're out fishing on Lake Mead, right? Thank you. Zoom out one more a little bit. Zoom out. There we go. Thank you, you're so kind for the complete failure of my demo. But, you can literally DOS a guy's lake. You know, DOS is favorite fishing spots or sends a little messages or, I don't know, maybe one day they'll put like, this lake map brought to you by some fishing company, right? Who knows, Evan Williams Lake Map. Slide deck's not coming back up now. There we go. So, what I wanted to do is show how you could download and then use custom icons like this, right? But I couldn't get them to load in because it would be cool to be like, oh, sweet. Look at the icons you can get on this device. But these were my failure slides, which clearly I should have gone to. But as you see, you can upload. Once you have access to the device, you can download all the waypoints. You can trick people into uploading the waypoints. Here is the FTP stream. There's an FTP server on this device. It has an internet connection, okay? It actually can phone out. This is me failing, clearly, right here. This is my slide that I wrote in. But no, really, there are vulnerabilities with this box. I'm working with the manufacturer and I'm still in that responsible disclosure phase. We've actually had a couple different emails. And I'll get into that because we talked about some stuff like Man in the Middle. We talked about spoofing, you know, some things that could go on, right? We talked about some buffer overflows. We talked about their streamer service and maybe how that could be exploited or things that are going on. The real interesting one was the telnet. So this device is so chatty, you can see the hub is just continually blinking. And when it's talking to the go free unit, it actually sends commands via telnet. And so that's all clear text, of course. And if you look down at the bottom here, there's your Wi-Fi password right there for the unit coming in, and this is just stuff that goes through. That continually goes through. If you wire shark this for 10 minutes, it's unbelievable the kind of data that comes through. You don't have to do anything. So I kind of started looking at the information from the firmware that you load on these devices. And here's the kernel.bin and some of the information on it. It runs Linux, it's ARM, and it runs Busybox. So the unit has Busybox on it. And so we did a little strings looking for Busybox. It's version 1.2, 20.2. Some of the other tools on these devices appear to be from Slackware. No, I'm working with them on that. I asked them to pretty much tell me, so how are you guys handling the GPL licensing with some of the stuff you're doing? Because you've written some custom kernel modules and honestly after those emails, I haven't heard back from them, but it has been kind of an interesting week. So there's a couple things I asked them about and I think that maybe the lawyers have gotten involved. If not, they will after the video, but we'll see. I'm trying to work with them. I didn't really want to get into too many other things, so I apologize if it's not too technical for everybody, but I thought it'd be fun to show some of this stuff. Like here's the shadow file of the unit. And so you can see root and NOS, these two accounts. Well, then we decided, hey, let's try to crack them. And it was really hard because it took less than a second to figure out what the password is. And it's NOS, NOS for both of those. So there's more that I think some of you could do with that besides me, but we're working with the manufacturer on that. Right now, the unit does want to phone home every hour and it's built so that when you pull it in your driveway, it'll hop onto your own home network. And then it phones home. So the other question I asked that I didn't get an answer to in the same exact email was, do you send back any anonymous statistical data? Metadata, like where was the last GPS point? Or something else, because I thought, that's weird, it phones home every hour. But they have an app store, right? So nothing can go wrong with an app store, right? So anyway, I want to make sure as analysts that we are security professionals that we disclose responsibly and I'm not going to go in any more detail than that fun stuff, because they did say, look, some of our dirty laundry is out there and you can talk about it. And they've been really cool. So we'll see maybe if it goes a little further. And a lot of you, you know, I've seen some people get up and you might think that, hey, phishing is stupid. Why are we talking about phishing? But it has nothing to do with phishing, really. It has to do with the internet of things. Because devices like this have something on them. And if you look at the bottom there, there's something called autopilot. Now I will say that a Lawrence device like this has autopilot disabled, but you do have the ability to kind of hook it into some of the stuff. Simrad is kind of the steroids version of these units. And there's a lot you can do. It controls some of the engine controls. You have autopilot, so you could take boats like this, maybe ships like this, maybe ships like this, and could possibly cause stuff like this, right? We already know that the military is dealing with this issue, because they have some drones. They have drones like this that we know had a problem that the Iranians were able to take over wirelessly. However you want to, quote, take over, but they were able to have it land in their airspace. We know about this. This is huge. Wifi and cars are pretty much that's all I've heard about this week. And rightly so. This was in a slide deck that I did last November, and I was talking about how this was probably going to be an issue. And here we go. We see Charlie. And then take a Jeep and make the guy scared to death to be in the Jeep. We know about this, right? Because this poor guy has had to deal with what he did for a plane of planes sideways. But this is real tech that's being used. Something similar like my tablet is taking smaller planes like this, even some of the personal planes, so that you can take your iPod or your Android device and you can control everything you need to do with your plane. So that's, you know, it worries somebody like me and I think it should worry a lot of us. So some of you may know this gentleman or have seen his talk, Jay Ratcliffe. He hacked his insulin problem because he used it and he wanted to know how does it work? Well, they went after him, right? The manufacturer tried to sue him, shut him down, cease and desist, and he's like, look, this is important stuff. Some of you have smart meters now. This is the thing that's rolled up the last few years. You may have a smart home. It can be modified, messed with. This is one that was actually at my friend's house. Some of you have a nest. I think they've been pretty good about what they're doing, but the whole idea here is I wanna point out that as we've seen the theme of this year's week of Black Hat and Def Con, when we have the new village over here, the Internet of Things, the Internet of Things is gonna be huge. It already is and it's gonna get worse and we need to make sure that this stuff's secure. So basically, I want you to help this kitten, of course, but I want, no, I need you to tinker. I need you to hack, okay? I need you to do something. And a lot of people have hacking as a bad term, but hacking is a great term, okay? This talk inspired me and her talk last year inspired me because we are the Internet's immune system, okay? We're the ones poking at things, checking things out, right? And right now, there's countries and parts of the world and even within our own country, they're trying to kill this creativity. They're trying to make it illegal. Like the demonstration I gave in some areas of the world would be illegal, right? Because of the laws that they've recently passed, okay? All right, you need to use your brains to be problem solvers, okay? Back to the squirrel, right? Full circle. I don't trust words, I trust actions. This to me is an action. It might not be the greatest talk, but it was an action that I took the challenge last year and said, what can I do? What can I figure out? All right? And the whole point here is to hack the Internet of Things for good. And that's my challenge to you. Thank you for your time and for being so gracious. This is me. I will find you and I will talk to you about fishing, I promise. I'm lack pass. If anybody knows more about how to get into these devices or some ideas, I would love it. I do have to thank some people. Scott, 85 here, Axon and Pricery, they helped out a lot with some of the imaging, looking around on the file system. And then of course, my amazing wife and kids. I spent a lot of nights the last few months trying to figure out what to do and how to make this talk happen. So thank you all very much. Have a great con. Are there any questions?