The Machines That Betrayed Their Masters ZeroNights 2013
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Machines That Betrayed Their Masters
ZeroNights 2013
@glennzw
Glenn Wilkinson@glennzw
SensePost.com
@glennzw
•2-y Donskoy proyezd, 7/1, Moscow
•Leninskiy prospekt., 2А, Moscow
•Ulitsa Bakhrushina, 24 строение 1, Moscow
•Rublevskoye shosse, 44, Moscow
•Krylatskaya ulitsa, 23, Moscow
•Ulitsa Sushchevskiy Val, 46 строение, Moscow
•Ulitsa Krasina, 3, Moscow
•Bolshaya Sadovaya ulitsa, Moscow
@glennzw
•P132, Kaluzhskaya
•Nevsky Prospect, 114, Saint Petersburg
•Prospekt Medikov, St Petersburg
•Ulitsa 8 Marta, 41, Yekaterinburg
@glennzw
•North 16th Street, Philadelphia, USA
•Captain Cook Drive, Australia
•Trillerpark, 1210 Viena, Austria
•3 Luvianpuistokatu, Satakunta, Finland
@glennzw
•Wingate by Wyndham, Dallas, Texas, USA
•Hotel Strata, California, USA
•Hotel Hacienda, Spain
•Sunrise Diamond Beach Resort, Egypt
•5Footway Inn, Singapore
•H2O Hostel Ljubljana, Slovenia
@glennzw
@glennzw
@glennzw
Machines? Betrayal?
@glennzw
@glennzw
Machines?
@glennzw
Betrayal?
A Device
A Unique Signature
A Link from Signature to a Human
@glennzw
Snoopy Framework
@glennzw
@glennzw
@glennzw
@glennzw
XBee
XBee
XBee3G
@glennzw
XBee
XBee
XBee3G
XBee
XBee
XBee3G
Ethernet
Ethernet
@glennzw
A Unique Signature
98:03:ab:32:11:33
Linking the Signature
Linking the Signature
1. Passive Linking
BTHomeHub-AFV1, are you there?Starbucks, are you there?Virgin-AFVT, are you there?Is anyone out there?
98:03:ab:32:11:33
BTBusinessHub-2DF1
Virgin-AFVT
Starbucks
Starbucks
Virgin-AFVT 50.507 -0.128Starbucks 50.408 -0.041
BTBusinessHub-2DF1 50.601 -0.045Starbucks 50.391 -0.050
SSID GPS Lat GPS Long
@glennzw
BTHomeHub-AFV1, are you there?Starbucks, are you there?Virgin-AFVT, are you there?Is anyone out there?
98:03:ab:32:11:33
@glennzw
Linking the Signature?
2. Active Linking
@glennzw
BTHomeHub-AFV1, are you there?Starbucks, are you there?Virgin-AFVT, are you there?Is anyone out there?
98:03:ab:32:11:33
Hey iPhone! It’s me, Starbucks!
Intertubes
BTOpenzoneVirginMedia-AR45
BTHomeHub-BHA7Starbucks
00:11:22:33:44:55
00:22:33:44:55:66
Drone001
Client00100:11:22:33:44:55
Client00200:22:33:44:55:66
Drone002
Client00311:22:33:44:55:66
Client00444:55:66:77:88:99
squidsslstripmitmproxy
<script src=profiler.jsp>IP= 10.2.0.45
Site= www.facebook.comCookie = supersecretcookie
IP= 10.2.0.45Site= www.facebook.com
username: joepassword: secret
Traffic Inspector
Social Media APIs
SnoopyServer
@glennzw
@glennzw
@glennzw
@glennzw
@glennzw
Scenarios
@glennzw
Conference Unique Devices Number of A4endees
Device Per Person
BlackHatVegas2012 4778 6500 0.74
ITWeb2012 1106 400 2.77
44CON2012 969 350 2.77
BlackHatEU2013 681 607 1.12
Securitay2013 375 100 3.75
BSides2013 208 474 0.44
Hackito2013 309 400 0.77
CERT Poland2013 598 500 1.2
ZeroNights2013 507 ?
@glennzw
glenn@sensepost.comjobs@sensepost.com
http://research.sensepost.com/
Related Documents
