SlideShare uma empresa Scribd logo

ICTY Codebits 2014

M
mmveiga
InternetDispositivos e hardwareTecnologia
1 de 48
I CAN TRACK YOU THEY CAN TRACK YOU EVERYBODY CAN TRACK YOU
whoami Miguel Mota Veiga – 29 years old; – Infosec “Pro” since 2006; ● @Dognædis; ● Pen Testing, Security Audits, Forensic Analysis, Malware Analysis, Incident Handling, System Administration, Perl... ● Financial & IT, Telco, Government, Defense; – Security/Privacy Lover; – Three “...er”s guy: ● Traveller, Backpacker, Geocacher;
What we'll talking about...
What this presentation is about ● How Mobile Devices can leak information; ● How an adversary can exploit it; ● How people can track you; ● Metrics and Results;
What this presentation is **NOT** ● Evidence on the court (hopefully); ● Mobile Phone Tracking 101; ● A cry out to do illegal stuff;
Warning Any actions and or activities related to the material contained within this presentation is solely your responsibility. The misuse of this information, can result in criminal charges brought against the person(s) in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the information contained. This presentation contains materials that can be potentially damaging or dangerous. If you do not fully understand something, then DON'T DO IT! Refer to the laws in your country before using, or in any other way utilizing these materials. These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here.
2004 - 2014
● 3.5 millions; ● >50% per year; ● 40% of the mobile phone users; Smartphones by numbers (2013)
Smartphones by numbers (2013) Roaming: ~23% SMS: ~90% Internet: ~45% Email: ~33% Banking: ~5% Social Network: ~30%
Smartphones by numbers (2013) Sex – Male : 55% – Female : 45% Age – 10/14 : 8% – 15/24 : 25% – 25/34 : 25% – 35/44 : 20% – 45/54 : 12% – 55/64 : 7% – >64 : 3% Social Class – Low/Low Middle : 44% – Middle : 31% – High/Middle High : 25% Region – Lisbon : 23% – Oporto : 12% – Litoral North : 17% – Litoral Center : 15% – South : 10% – Islandss : 5%
“Just because something is publicly accessible does not mean that people want it to be publicized”- “Making Sense of Privacy and Publicity“
Let's talk... There have been plenty of initiatives from numerous governments to legalize the monitoring of citizens Internet based communications. Several private organizations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. I will show how can be done (using IEEE 802.11).
Wifi
Wifi As per the RFC5418 documentation (i.e. not down to individual vendors) client devices send out 'probe requests' looking for networks that the devices have previously connected to (and the user chose to save).
A device
A Unique Signature 9C:20:7B:8E:F7:E7
A Link to a Person 9C:20:7B:8E:F7:E7
Wifi tracking ● iOS : Saves the last 3 connected essid, and leak it out; ● Android : Depend on vendors / versions; ● Windows Phone : Don't have any data;
Examples Mac: 10:68:3F:79:XX:XX, ESSID: HOMEnetwork,ZON-03B0,MEO-983B37,MEO_CASA1,AndroidAP,PT- WIFI,NSN-BYOD,FreeWiFiCentroVascodaGama,Cabovisao-FCF5,CasaZero Mac: 50:46:5D:1B:XX:XX, ESSID: ZON-D7C0,Thomson274A16,SAPO-ZL71193,Thomson4E835C,ZON- 7A9C,MEO-6A9F51,MEO-08D1E6,MEO-45CBBD,ZON-6520 Mac: D0:51:62:E6:XX:XX, ESSID: MEO-8E8341,PROFESSORES,ZON-7760,PROFESSORES3
ESSID? ● People tend to connect to networks that they can trust; – Home, Workplace, Restaurants, Bars; ● They tend to be unique – Thomson-<random>, MEO-<random> etc. (ignore Zon-FON, PTWIFI or any public wifi networks); ● ESSID + GPS data = Profit (Google Maps, Google Street View);
Analysis "Hmm, you've previously connected to mcdonalds_wifi, and elCheapoAirlines_wifi - you must be an average Joe" vs "Hmm, you've previously connected to "BA_firstclass, ExpensiveRestaurant_wifi, etc - you must be a high roller".
Examples
“You already have zero privacy. Get over it.” - Scott G. McNealy CEO of Sun Microsystems
ESSID
ESSID
ESSID
ESSID
ESSID ● Cheap laptop (250€); – OpenSource Apps; ● Kismet and Airodump supports GPSd; ● GPS dongle (30€); ● Bag (20€); ● Hiking shoes/boots (30€);
Mac Address Mac Address are unique. If we match it to a person, then GAME OVER. – List of ESSID and information about is geolocation; – Can determine if he's at range; – Deploy drones and stalk him.
Architecture - Passive ● Linux; ● Kismet / Airodump-ng; ● GPSd; ● MySQL;
Attacks ● Evil Twin Attack; – Create a rogue AP with an known ESSID of your target; ● Man In The Middle; ● Data Interception; – Social Networks, Email, any kind of identifier; ● Code Injection; – Malicious code; ● Tactical Exploitation; – List of contacts, SMS, etc.
Evil twin
Evil Twin “...Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications....” - Wikipedia
Architecture - Aggressive ● DHCP Server; ● Bind; ● Squid; ● Airodump-ng; ● Beef / (Kar)Metasploit / sslstrip; ● Mysql Database; ● Drone(s) – Laptops, Android, Raspberry Pi
“We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.” - Eric Schmidt
Usage ● Collecting anonymized statistics; ● Identify and follow criminals; ● Track a single individual; ● Track us all;
Architecture
Metrics ● Several devices probes were collect at: – Lisbon Airport; – Traffic Jams; – Subway Stations; – Malls; – Tourist Spots; ● 1200-1500 unique devices per hour;
Metrics ● 8790 unique devices; ● 2296 leak at least 1 ESSID; – ~26% of the Smartphone Universe; ● 706* vulnerable to the Evil Twin Attack – ~8% of the Smartphone Universe; – * Only counted the most common Open ESSID, this number should be more high...
Protect Yourself "I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time;"
Protect yourself ● Turn off your Wifi; ● Erase all the saved ESSID; ● Randomize your Mac Address;
Finish ● This is not new; ● Something quite similar was made by SensePost in London in 2013; ● Some drones/raspberrypi were deployed on several main streets/places; ● Check out the Snoopy Framework;
Future(?) ● Any Wireless technology that can be used to identify “any” citizen: – Bluetooth; – Wifi; – GSM; – GPS; – NFC; – RFID;
Future(?) HEX l2_data_out_B:296 Format Bbis (RR, MM or CC) 000: d6 a7 b5 cf 29 6f 38 ff - ea 55 55 bc e2 b8 80 d6 001: 83 59 cf 2d ef 38 d7 ea - 55 55 bc e2 b9 40 d0 73 002: 38 e2 ac f1 69 d5 61 e3 - 8f c3 78 80 0: d6 1------- Direction: To originating site 0: d6 -101---- 5 TransactionID 0: d6 ----0110 Radio Resouce Management 1: a7 0-100111 RRpagingResponse 1: a7 -x------ Send sequence number: 1 (...) 6: 38 ----1--- SoLSA Capability: supported 6: 38 ------0- A5/3 not available 6: 38 -------0 A5/2: not available 8: ea -----010 Type of identity: IMEI 9: 55 -------- ID(254/odd): E5555CB2E8B086D3895FCD2FE837DAE5555CB2E9B040D37832ECA1F965D163EF83C8 708
Demo
Demo
Demo
Thank you for your time! Any QUESTIONS? miguelmotaveiga@gmail.com

Recomendados

Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Leonard Moustacchis
 
MyTraQ android data sheet
MyTraQ android data sheetMyTraQ android data sheet
MyTraQ android data sheetLloyd Brink
 
Surfing Safe on the Road
Surfing Safe on the RoadSurfing Safe on the Road
Surfing Safe on the RoadF-Secure Corporation
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraVanshit Malhotra
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...TransUnion
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudTransUnion
 
Cyber Warfare - Milan 2015
Cyber Warfare - Milan 2015Cyber Warfare - Milan 2015
Cyber Warfare - Milan 2015Marco Pozzato
 
Ecurity city pa solution
Ecurity city pa solutionEcurity city pa solution
Ecurity city pa solutionGuangzhou DSPPA Audio Co., Ltd.
 

Recomendados

Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Leonard Moustacchis
 
MyTraQ android data sheet
MyTraQ android data sheetMyTraQ android data sheet
MyTraQ android data sheetLloyd Brink
 
Surfing Safe on the Road
Surfing Safe on the RoadSurfing Safe on the Road
Surfing Safe on the RoadF-Secure Corporation
 
Cyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraCyber Raksha - by Vanshit Malhotra
Cyber Raksha - by Vanshit MalhotraVanshit Malhotra
 
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...
The Mobile Device: The New Center of the Fraud Prevention Universe with Aite ...TransUnion
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudTransUnion
 
Cyber Warfare - Milan 2015
Cyber Warfare - Milan 2015Cyber Warfare - Milan 2015
Cyber Warfare - Milan 2015Marco Pozzato
 
Ecurity city pa solution
Ecurity city pa solutionEcurity city pa solution
Ecurity city pa solutionGuangzhou DSPPA Audio Co., Ltd.
 
Facebook Cheat Sheet
Facebook Cheat Sheet Facebook Cheat Sheet
Facebook Cheat Sheet Christy Kunjumon
 
Top 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media StrategyTop 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media StrategyLive And Social
 
Captiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social MediaCaptiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social MediaVishal Gurbuxani
 
Wrangle the tech!
Wrangle the tech!Wrangle the tech!
Wrangle the tech!Christine Illichmann
 
13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook 13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook Social Samosa
 
The Complete Guide to Facebook Analytics
The Complete Guide to Facebook AnalyticsThe Complete Guide to Facebook Analytics
The Complete Guide to Facebook AnalyticsMohamed Mahdy
 
Creating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve PerformanceCreating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve PerformanceNicole Sullivan
 
14 Really Useful Websites
14 Really Useful Websites14 Really Useful Websites
14 Really Useful WebsitesBrightCarbon
 
Content With Intent
Content With IntentContent With Intent
Content With IntentOgilvy Consulting
 
Teaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of TomorrowTeaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of TomorrowMike Crabb
 
Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"Tom D'Amico
 
199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing Tools199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing ToolsWishpond
 
50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect You50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect YouApteligent
 
Object Oriented CSS
Object Oriented CSSObject Oriented CSS
Object Oriented CSSNicole Sullivan
 
Bad SEO Habits Meetup
Bad SEO Habits MeetupBad SEO Habits Meetup
Bad SEO Habits MeetupSemrush
 
The Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'SheaThe Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'SheaFuture Insights
 
TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014Haiku Deck
 
7 Must-try Marketing Strategies for 2017
7 Must-try Marketing Strategies for 20177 Must-try Marketing Strategies for 2017
7 Must-try Marketing Strategies for 2017Internet Marketing Software - WordStream
 
91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any Need91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any NeedBuffer
 
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...HubSpot
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 

Mais conteúdo relacionado

Destaque

Top 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media StrategyTop 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media StrategyLive And Social
 
Captiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social MediaCaptiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social MediaVishal Gurbuxani
 
13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook 13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook Social Samosa
 
The Complete Guide to Facebook Analytics
The Complete Guide to Facebook AnalyticsThe Complete Guide to Facebook Analytics
The Complete Guide to Facebook AnalyticsMohamed Mahdy
 
Creating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve PerformanceCreating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve PerformanceNicole Sullivan
 
14 Really Useful Websites
14 Really Useful Websites14 Really Useful Websites
14 Really Useful WebsitesBrightCarbon
 
Teaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of TomorrowTeaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of TomorrowMike Crabb
 
Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"Tom D'Amico
 
199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing Tools199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing ToolsWishpond
 
50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect You50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect YouApteligent
 
Bad SEO Habits Meetup
Bad SEO Habits MeetupBad SEO Habits Meetup
Bad SEO Habits MeetupSemrush
 
The Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'SheaThe Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'SheaFuture Insights
 
TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014Haiku Deck
 
91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any Need91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any NeedBuffer
 
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...HubSpot
 

Destaque (20)

Facebook Cheat Sheet
Facebook Cheat Sheet Facebook Cheat Sheet
Facebook Cheat Sheet
 
Top 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media StrategyTop 10 Google Chrome Extensions for Your Social Media Strategy
Top 10 Google Chrome Extensions for Your Social Media Strategy
 
Captiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social MediaCaptiv8 Top 25 Tips for Social Media
Captiv8 Top 25 Tips for Social Media
 
Wrangle the tech!
Wrangle the tech!Wrangle the tech!
Wrangle the tech!
 
13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook 13 Eye-popping facts about Facebook
13 Eye-popping facts about Facebook
 
The Complete Guide to Facebook Analytics
The Complete Guide to Facebook AnalyticsThe Complete Guide to Facebook Analytics
The Complete Guide to Facebook Analytics
 
Creating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve PerformanceCreating Living Style Guides to Improve Performance
Creating Living Style Guides to Improve Performance
 
14 Really Useful Websites
14 Really Useful Websites14 Really Useful Websites
14 Really Useful Websites
 
Content With Intent
Content With IntentContent With Intent
Content With Intent
 
Teaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of TomorrowTeaching Cloud to the Programmers of Tomorrow
Teaching Cloud to the Programmers of Tomorrow
 
Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"Google Tips and Tricks - "I didn't know I could do that in Google!"
Google Tips and Tricks - "I didn't know I could do that in Google!"
 
199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing Tools199 Social Media and Content Marketing Tools
199 Social Media and Content Marketing Tools
 
50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect You50 Connected Devices - How Mobile and the Internet of Things Will Affect You
50 Connected Devices - How Mobile and the Internet of Things Will Affect You
 
Object Oriented CSS
Object Oriented CSSObject Oriented CSS
Object Oriented CSS
 
Bad SEO Habits Meetup
Bad SEO Habits MeetupBad SEO Habits Meetup
Bad SEO Habits Meetup
 
The Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'SheaThe Human Body in the IoT. Tim Cannon + Ryan O'Shea
The Human Body in the IoT. Tim Cannon + Ryan O'Shea
 
TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014TIME's 50 Best Websites of 2014
TIME's 50 Best Websites of 2014
 
7 Must-try Marketing Strategies for 2017
7 Must-try Marketing Strategies for 20177 Must-try Marketing Strategies for 2017
7 Must-try Marketing Strategies for 2017
 
91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any Need91 Free Twitter Tools and Apps to Fit Any Need
91 Free Twitter Tools and Apps to Fit Any Need
 
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
20 Facebook, Twitter, Linkedin & Pinterest Features You Didn't Know Existed (...
 

Semelhante a ICTY Codebits 2014

Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.Jan Geirnaert
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere10x Nation
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationChristopher Mohritz
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison
 
How the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for BusinessHow the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for Business10x Nation
 
Internet of things - what is really happening
Internet of things - what is really happeningInternet of things - what is really happening
Internet of things - what is really happeningThor Henning Hetland
 
Is there such a thing as the internet of things !
Is there such a thing as the internet of things !Is there such a thing as the internet of things !
Is there such a thing as the internet of things !Pierre Metivier
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
Witness Angel Initiative (PyConFr 2019)
Witness Angel Initiative (PyConFr 2019)Witness Angel Initiative (PyConFr 2019)
Witness Angel Initiative (PyConFr 2019)Pascal Chambon
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Ethics in development of Information Technology
Ethics in development of Information TechnologyEthics in development of Information Technology
Ethics in development of Information TechnologyAnKit Mhatre
 
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Joerg Blumtritt
 
Internet of Things.pptx
Internet of Things.pptxInternet of Things.pptx
Internet of Things.pptxNabhanNajeeb1
 
Risk Factory: Let's Get Physical
Risk Factory: Let's Get PhysicalRisk Factory: Let's Get Physical
Risk Factory: Let's Get PhysicalRisk Crew
 
Exploring the Opportunities of Internet of Things (IoT)
Exploring the Opportunities of Internet of Things (IoT)Exploring the Opportunities of Internet of Things (IoT)
Exploring the Opportunities of Internet of Things (IoT)Christopher Mohritz
 
Digital Footprint in our world
Digital Footprint in our worldDigital Footprint in our world
Digital Footprint in our worldJustino Lourenço
 

Semelhante a ICTY Codebits 2014 (20)

Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect Information
 
Simon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 finalSimon Harrison RWE - Chain of Things 010616 final
Simon Harrison RWE - Chain of Things 010616 final
 
How the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for BusinessHow the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for Business
 
Internet of things - what is really happening
Internet of things - what is really happeningInternet of things - what is really happening
Internet of things - what is really happening
 
Is there such a thing as the internet of things !
Is there such a thing as the internet of things !Is there such a thing as the internet of things !
Is there such a thing as the internet of things !
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptx
 
Witness Angel Initiative (PyConFr 2019)
Witness Angel Initiative (PyConFr 2019)Witness Angel Initiative (PyConFr 2019)
Witness Angel Initiative (PyConFr 2019)
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility Forensics
 
Ethics in development of Information Technology
Ethics in development of Information TechnologyEthics in development of Information Technology
Ethics in development of Information Technology
 
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
 
Internet of Things.pptx
Internet of Things.pptxInternet of Things.pptx
Internet of Things.pptx
 
Risk Factory: Let's Get Physical
Risk Factory: Let's Get PhysicalRisk Factory: Let's Get Physical
Risk Factory: Let's Get Physical
 
Exploring the Opportunities of Internet of Things (IoT)
Exploring the Opportunities of Internet of Things (IoT)Exploring the Opportunities of Internet of Things (IoT)
Exploring the Opportunities of Internet of Things (IoT)
 
Digital Footprint in our world
Digital Footprint in our worldDigital Footprint in our world
Digital Footprint in our world
 
Social Networking 2050
Social Networking 2050Social Networking 2050
Social Networking 2050
 

Último

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 

Último (20)

Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 

ICTY Codebits 2014

  • 1. I CAN TRACK YOU THEY CAN TRACK YOU EVERYBODY CAN TRACK YOU
  • 2. whoami Miguel Mota Veiga – 29 years old; – Infosec “Pro” since 2006; ● @Dognædis; ● Pen Testing, Security Audits, Forensic Analysis, Malware Analysis, Incident Handling, System Administration, Perl... ● Financial & IT, Telco, Government, Defense; – Security/Privacy Lover; – Three “...er”s guy: ● Traveller, Backpacker, Geocacher;
  • 4. What this presentation is about ● How Mobile Devices can leak information; ● How an adversary can exploit it; ● How people can track you; ● Metrics and Results;
  • 5. What this presentation is **NOT** ● Evidence on the court (hopefully); ● Mobile Phone Tracking 101; ● A cry out to do illegal stuff;
  • 6. Warning Any actions and or activities related to the material contained within this presentation is solely your responsibility. The misuse of this information, can result in criminal charges brought against the person(s) in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the information contained. This presentation contains materials that can be potentially damaging or dangerous. If you do not fully understand something, then DON'T DO IT! Refer to the laws in your country before using, or in any other way utilizing these materials. These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here.
  • 8. ● 3.5 millions; ● >50% per year; ● 40% of the mobile phone users; Smartphones by numbers (2013)
  • 9. Smartphones by numbers (2013) Roaming: ~23% SMS: ~90% Internet: ~45% Email: ~33% Banking: ~5% Social Network: ~30%
  • 10. Smartphones by numbers (2013) Sex – Male : 55% – Female : 45% Age – 10/14 : 8% – 15/24 : 25% – 25/34 : 25% – 35/44 : 20% – 45/54 : 12% – 55/64 : 7% – >64 : 3% Social Class – Low/Low Middle : 44% – Middle : 31% – High/Middle High : 25% Region – Lisbon : 23% – Oporto : 12% – Litoral North : 17% – Litoral Center : 15% – South : 10% – Islandss : 5%
  • 11. “Just because something is publicly accessible does not mean that people want it to be publicized”- “Making Sense of Privacy and Publicity“
  • 12. Let's talk... There have been plenty of initiatives from numerous governments to legalize the monitoring of citizens Internet based communications. Several private organizations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. I will show how can be done (using IEEE 802.11).
  • 13. Wifi
  • 14. Wifi As per the RFC5418 documentation (i.e. not down to individual vendors) client devices send out 'probe requests' looking for networks that the devices have previously connected to (and the user chose to save).
  • 17. A Link to a Person 9C:20:7B:8E:F7:E7
  • 18. Wifi tracking ● iOS : Saves the last 3 connected essid, and leak it out; ● Android : Depend on vendors / versions; ● Windows Phone : Don't have any data;
  • 19. Examples Mac: 10:68:3F:79:XX:XX, ESSID: HOMEnetwork,ZON-03B0,MEO-983B37,MEO_CASA1,AndroidAP,PT- WIFI,NSN-BYOD,FreeWiFiCentroVascodaGama,Cabovisao-FCF5,CasaZero Mac: 50:46:5D:1B:XX:XX, ESSID: ZON-D7C0,Thomson274A16,SAPO-ZL71193,Thomson4E835C,ZON- 7A9C,MEO-6A9F51,MEO-08D1E6,MEO-45CBBD,ZON-6520 Mac: D0:51:62:E6:XX:XX, ESSID: MEO-8E8341,PROFESSORES,ZON-7760,PROFESSORES3
  • 20. ESSID? ● People tend to connect to networks that they can trust; – Home, Workplace, Restaurants, Bars; ● They tend to be unique – Thomson-<random>, MEO-<random> etc. (ignore Zon-FON, PTWIFI or any public wifi networks); ● ESSID + GPS data = Profit (Google Maps, Google Street View);
  • 21. Analysis "Hmm, you've previously connected to mcdonalds_wifi, and elCheapoAirlines_wifi - you must be an average Joe" vs "Hmm, you've previously connected to "BA_firstclass, ExpensiveRestaurant_wifi, etc - you must be a high roller".
  • 23. “You already have zero privacy. Get over it.” - Scott G. McNealy CEO of Sun Microsystems
  • 24. ESSID
  • 25. ESSID
  • 26. ESSID
  • 27. ESSID
  • 28. ESSID ● Cheap laptop (250€); – OpenSource Apps; ● Kismet and Airodump supports GPSd; ● GPS dongle (30€); ● Bag (20€); ● Hiking shoes/boots (30€);
  • 29. Mac Address Mac Address are unique. If we match it to a person, then GAME OVER. – List of ESSID and information about is geolocation; – Can determine if he's at range; – Deploy drones and stalk him.
  • 30. Architecture - Passive ● Linux; ● Kismet / Airodump-ng; ● GPSd; ● MySQL;
  • 31. Attacks ● Evil Twin Attack; – Create a rogue AP with an known ESSID of your target; ● Man In The Middle; ● Data Interception; – Social Networks, Email, any kind of identifier; ● Code Injection; – Malicious code; ● Tactical Exploitation; – List of contacts, SMS, etc.
  • 33. Evil Twin “...Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications....” - Wikipedia
  • 34. Architecture - Aggressive ● DHCP Server; ● Bind; ● Squid; ● Airodump-ng; ● Beef / (Kar)Metasploit / sslstrip; ● Mysql Database; ● Drone(s) – Laptops, Android, Raspberry Pi
  • 35. “We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.” - Eric Schmidt
  • 36. Usage ● Collecting anonymized statistics; ● Identify and follow criminals; ● Track a single individual; ● Track us all;
  • 38. Metrics ● Several devices probes were collect at: – Lisbon Airport; – Traffic Jams; – Subway Stations; – Malls; – Tourist Spots; ● 1200-1500 unique devices per hour;
  • 39. Metrics ● 8790 unique devices; ● 2296 leak at least 1 ESSID; – ~26% of the Smartphone Universe; ● 706* vulnerable to the Evil Twin Attack – ~8% of the Smartphone Universe; – * Only counted the most common Open ESSID, this number should be more high...
  • 40. Protect Yourself "I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time;"
  • 41. Protect yourself ● Turn off your Wifi; ● Erase all the saved ESSID; ● Randomize your Mac Address;
  • 42. Finish ● This is not new; ● Something quite similar was made by SensePost in London in 2013; ● Some drones/raspberrypi were deployed on several main streets/places; ● Check out the Snoopy Framework;
  • 43. Future(?) ● Any Wireless technology that can be used to identify “any” citizen: – Bluetooth; – Wifi; – GSM; – GPS; – NFC; – RFID;
  • 44. Future(?) HEX l2_data_out_B:296 Format Bbis (RR, MM or CC) 000: d6 a7 b5 cf 29 6f 38 ff - ea 55 55 bc e2 b8 80 d6 001: 83 59 cf 2d ef 38 d7 ea - 55 55 bc e2 b9 40 d0 73 002: 38 e2 ac f1 69 d5 61 e3 - 8f c3 78 80 0: d6 1------- Direction: To originating site 0: d6 -101---- 5 TransactionID 0: d6 ----0110 Radio Resouce Management 1: a7 0-100111 RRpagingResponse 1: a7 -x------ Send sequence number: 1 (...) 6: 38 ----1--- SoLSA Capability: supported 6: 38 ------0- A5/3 not available 6: 38 -------0 A5/2: not available 8: ea -----010 Type of identity: IMEI 9: 55 -------- ID(254/odd): E5555CB2E8B086D3895FCD2FE837DAE5555CB2E9B040D37832ECA1F965D163EF83C8 708
  • 45. Demo
  • 46. Demo
  • 47. Demo
  • 48. Thank you for your time! Any QUESTIONS? miguelmotaveiga@gmail.com