I havenât been to one, but people go to hacking / security conferences without electronics that arenât burners or part honeypot? I mean, itâs one thing to bring important stuff to a tech conference, but most everyone at one of these is a bit paranoid for good reason and are security experts.
Man, what a fucked-up thing tech has become. Nobody would worry about his car getting stolen at a locksmithsâ conference.
My thought is that it seems more like a lockpickerâs conference, and people are carrying around a bunch of exposed locks with information lockpicking on the inside. Also, pranks are apparently a popular part of the culture. As a nobody, Iâd be more worried my car would have its horn replaced with a Rickrolled horn. With a bit of planning, it would not be hard to do a factory reset and sell something on eBay âLike newâ.
It sounds like âhoneypotâ is exactly whatâs going on here.
There are always âquestionableâ people in audiences at hacker cons. A few are probably feds. The rest are just guys sending invisible rays into the heads of speakers, who then get paranoid about âthose people.â
No actual evidence that any of these folks were nefarious (though his phone did get hacked in an unrelated to the panel thing since it didnât happen there).
Or you can actually know what youâre doing and you probably wonât get hacked.
Some people bring burners. Other people, say, turn off their wifi and bluetooth and never let anyone touch their laptops but them.
As an addendum, Iâve gone to every Blackhat and DEFCON for six years and was at Hope-X. None of my stuff has ever been hacked or damagedâŚ
âŚthat you know of.
I could say the same of you. Given my work, it would be pretty obvious if I was hacked.
So why do all your posts say âReport This Man To Homeland Security If Seen On The Internetâ below them?
Edit: Oh, wait, do you not see that?
That sounds kind of like stuck hardware buttons, to be honest. The same key combo that does a screenshot might do something like reset the phone to a non-rooted state if held during power up or reset.
You are absolutely right. The only thing Iâm sure of is that Iâm not absolutely sure.
Iâm just shocked that his password is actually âhunter2â.
No way man⌠a certain key combination will boot into bootloader mode, but no android phone do anything without you selecting options in the bootloader menu.
@PhasmaFelis like others pointed out, itâs mostly for the lulz and because they can. If youâre this kind of guy (someone working on WL stuff or anything to do with people whoâve been jailed) then you should operate with an expectation that someone from a TLA will try to hack your stuff. I am also somewhat surprised that he took his everyday driver, if he actually did. A phone with a freshly flashed ROM that you know is clean would be the best option IMO - even better than a dumbphone because dumbphones have exploits that you arenât able to patch or mitigate.
O.o
He seems to be aware of cyanogenmodâs hack-ability and the dangers of being rooted, but then admits heâs running an old version of cyanogenmod⌠you know⌠the ones that were updated because of security holes? Sheesh.
After all, even rooted CyanogenMod phones are easy targets for hacking.
âMy phoneâthe battery is still outâwas running an old version of CyanogenMod, seven or nine, canât remember, and Iâm working on getting someone to write-block and image it so we can crowd-source forensics into it.â
Willing to bet it was hacked by someone noticing that heâd left one or another service on (wifi, BT, hellâUSB dongle) and did what hackers do to such devicesâgot into it for the lulz.
Of course, I tl;drâed the article, so itâs possible he took every precaution and The Man really is out to get him.
And yeah, daily driver to the HOPE X conference? What could possibly go wrong?
So, I can tell you a couple of things about this situation.
- The guy claims that he never put this phone on the wifi at HOPEx
- He claims that he didnât âclick anythingâ
- I lost 2+ hours of my Sunday evening to trying to connect with this guy so that I could fix his phone, but he didnât follow my directions, come meet me in Brooklyn, or contact me on the phone number that I gave him. (You can see a portion of the events on my Twitter account at http://twitter.com/lishevita and scroll back to Sunday the 20th of July.) In the end he said that someone else was going to help him, but then he posted his report from HOPEx making it clear that he didnât get any such help afterall.
Me? Iâm a little annoyed because a) he wasted a chunk of my time when I could have been hanging out with my friends for nothing and b) it seems like he was more after attention than actually getting anything fixed.
When I gave him my phone number he said that he couldnât call me because he didnât have a working phone. What about borrowing a friendâs phone? What about using a PAYPHONE? (Itâs New York, I saw some pay phones in the hotel lobby even!) There was no logical reason he couldnât call me.
When I told him on Twitter that I would not be able to decrypt his PGP email because I was on my phone, not my laptop, and that he should CALL ME at the number I sent him, he ignored me. He sent me PGP encrypted email anyway.
I would have loved to meet up with him and grab an image of his phone for later forensics AND reflash his phone with a clean copy of Cyanogenmod. In fact, I prepared two USBs for that purpose that I was going to give to him to keep after the grand adventure was over. (I didnât want any USBs that touched his devices to then touch my own, if you know what I mean.)
If he wanted help, he would have gotten it that night. He was clearly setting himself up for publicity, not actual help.
This topic was automatically closed after 5 days. New replies are no longer allowed.
