« June 2005 | Main | August 2005 »

July 31, 2005

What The Hack

On Tuesday, the 26th of July 2005 I safely arrived in the What The Hack camp near Boxtel in the Netherlands. Even though the weather was not perfect at all, the people there were all having a good time. It is long ago that I felt such a strong community feeling like at this event.

During four days of the conference, there were a lot of interesting talks in our tents. Audio and video recordings of all the talks are available online.

The hoax that the Dutch Police was holding a daily workshop on 'Lawful Interception' even made it to the associate press and got published in quite a lot of online news tickers :) .

Look at the pictures in the trifinite.album in order to get an idea of this great event.

Many thanks to the organisation.

Posted by Martin Herfurt at 04:43 PM | Comments (0)

Introducing the Car Whisperer at What The Hack

Since Adam and Marcel were at Blackhat and DEFCON in Las Vegas, I had to do the 'Bluetooth Security' talk at What The Hack by myself (and the help of Collin).

After introducing the various Bluetooth security flaws (old and new ones) that were identified mainly by the trifinite.group also a new toool has been released.

This new toool is called The Car Whisperer and allows people equipped with a Linux Laptop and a directional antenna to inject audio to, and record audio from bypassing cars that have an unconnected Bluetooth handsfree unit running. Since many manufacturers use a standard passkey which often is the only authentication that is needed to connect.

This tool allows to interact with other drivers when traveling or maybe used in order to talk to that pushy Audi driver right behind you ;) . It also allows to eavesdrop conversations in the inside of the car by accessing the microphone.

Since the attacker's laptop is fully trusted once it has a valid link key, the laptop could be used in order to access all the services offered on the hands-free unit. Often, phonebooks are stored in these units. I am quite certain that there will be more issues with the security of these systems due to the use of standard passkeys.

See the images from the initial Car Whisperer Experiments in the album.

Posted by Martin Herfurt at 11:50 AM | Comments (0)

Phone Testing @ New Faces Award

On my way to the very cool hacker camp What The Hack in the Netherlands I passed Duesseldorf. This city has a big focus on fashion. This is the reason, why the 'New Faces Award' (a competition for young wannabe models) took also place there.

Together with a prodction team doing a story for the German Pro7 TV lifestyle magazine BIZZ, I did a mobile phone audit service at this event and in the city of Dusseldorf. It was quite amazing how many companies still use the most famous vulnerable phone (of which the name is very much known to everybody being interested in Bluetooth security issues).
Also in the city we could find quite a few people that learned that they had to update their firmware.

As for the New Faces Award, there was a rather high amount of new phones that were not vulnerable to the BlueBug attack. The more glamorous the people, the newer the phones! But even there, we found people with vulnerable phones.

Check out the pictures of this event here. Enjoy.

Posted by Martin Herfurt at 10:57 AM | Comments (0)