Tech

Death certificates, safes, weapons and Teslas: DEF CON 23

Starting Friday, infamous hacker conference DEF CON enters its 23rd year with talks that show you how to fake your death, crack a safe, hack a Tesla, mess with Yubikey, and much more.

Written by Violet Blue, Contributor Aug. 5, 2015 at 5:48 a.m. PT

Obstreperous hacker conference DEF CON starts Friday with a schedule packed to the gills and catering to every kind of hacker interest imaginable, and we've got DEF CON 23's cheat sheet ready.

This year's talk lineup is sure to upset someone's sensibilities; the conference features presentations that show how to fake a death, crack a safe, hack a Tesla, mess with Yubikey, and much more.

Black Hat USA

In Las Vegas for its 23rd year, DEF CON's cavalcade of controversy spans four very full days of talks and workshops, expo, panels, Capture the Flag (CTF), Queercon, social engineering contests, a Car Hacking Village, the Internet of Things (hacking) Village, Defcon Kids, Deaf Con, the infamous Wall of Sheep, and much more.

And in a complete surprise this week, DEF CON announced its surprise guest for License to Pwn, panel on the still undefined, virulently debated Wassenaar Arrangement (a global agreement on weapons export controls). To put it lightly, the proposed changes to the agreement have caused deep rifts within the information security community.

This panel's guest is none other than Catherine "Randy" Wheeler, who oversees technology controls for the U.S. Commerce Department's Bureau of Industry and Security -- making this session a pivotal event in the history of this issue.

Keep these links handy:

The DEF CON 23 venue map
DEF CON 23 schedule
DEF CON 23 vendors
DEF CON 23 demo labs (including things like SpeedPhishing Framework (SPF), a new tool for penetration testers that quickly/automatically deploys phishing exercises in minimal time), and a smart watch attack tool.

DEF CON 23 runs August 6-9 (Thurs-Sun) in its huge new location at Paris and Bally's -- although conference hotels rooms at Paris and Bally's sold out in May.

ANNOUNCEMENT: #DEFCON Registration will begin Thursday 6am
- DEF CON (@_defcon_) August 4, 2015

#DEFCON reg line con will be different this year: Last year we had 12 reg stations, this year 30
-- DEF CON (@_defcon_) August 4, 2015

At DEF CON, there is no pre-registration; it's a first-come, first-served, and costs $230 USD cash only at the door.

DEF CON 23: OUR TOP PICKS

There are oodles of great talks; we highly recommend using this short list as a starting point to investigate the full DEF CON 23 schedule.

Thursday

Medical Devices: Pwnage and Honeypots (Scott Erven, Mark Collao; 6pm)

These researchers will release and present six months of medical device honeypot research showing the implications of patient care devices increasing their connectivity. "We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented."

Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey (LosT; 3pm)

A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. LosT/1o57 created and runs the annual Mystery Box Challenge contest at DEF CON. Cryptically, there are no details for this talk, so we think it'll be interesting.

Friday

Bugged Files: Is Your Document Telling on You?(Daniel "unicornFurnace" Crowley, Damon Smith; 10am)

Certain file formats, like Microsoft Word and PDF, have features that allow for outbound requests to be made when the file open; these researchers explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective.

Licensed to Pwn: The Weaponization and Regulation of Security Research (Jim Denaro, Dave Aitel, Matt Blaze, Nate Cardozo, Mara Tam, Catherine "Randy" Wheeler; 11am)

The Wassenaar Arrangement is a contentious topic, and it has galvanized two deeply divided sides of information security research into taking action -- sometimes carefully considered, sometimes vicious -- into action around the complex topic of regulating research. Updates to it in 2013 established an agreement to place previously undesignated "cybersecurity items" under export control. After 18 months and a half-dozen open advisory meetings, the U.S. took security research communities by surprise with its proposed rule -- and we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial cybersecurity, human rights, and national security. This panel's unexpected special guest is Catherine "Randy" Wheeler, with the U.S. Bureau of Industry and Security.

Stagefright: Scary Code in the Heart of Android(Joshua J. Drake; 11am)

The senior director of platform research at Zimperium will provide details on the Stagefright Android framework vulns, which have the potential to impact 950 million Android users.

How to Hack a Tesla Model S (Marc Rogers, Kevin Mahaffey; 2pm)

These researchers will be release several 0day vulnerabilities that will allow hacking a Tesla Model S, both locally and remotely. "Note - only one of the 6 vulnerabilities we will discuss and release has been fixed. ... we are not responsible for any Tesla Model S bricked by over enthusiastic attendees of this talk." See also: Tesla to Attend DefCon Again, Says it Won't Be Running An Official Hacking Competition

I Will Kill You(Chris Rock ; 4:30pm)

Researcher Chris Rock describes how to fake a death (including death certificate), as well as create virtual identities (including birth certificates), and "raise" the identities virtually online.

When IoT attacks: hacking a Linux-powered rifle (Runa A. Sandvik, Michael Auger; 5pm)

If you didn't see this talk at Black Hat on Thursday, Sandvik and Auger will talk about how they reverse-engineered the Networked Tracking Scope from former company TrackingPoint, the company's firmware, and TrackingPoint's three apps. TrackingPoint went bankrupt from lack of sales in Spring, shuttering its business and ceasing orders by May 2015. Sandvik and Auger also plan to discuss "the security and privacy implications of network-connected firearms."

#DEFCON Insider: Be sure to put your smart phones in 'Airplane Mode' when passing through @WiFi_Village @wallofsheep or ye shall be herded!
-- Hacker Women (@HackerWomen) July 25, 2015

Saturday

A Hacker's Guide to Risk(Bruce Potter; 10am)

"When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. (...) This talk will discuss risk, why its important, and the poor job the hacker community has done when it comes to properly assessing risk."

Hacking Smart Safes: On the "Brink" of a Robbery (Dan "AltF4" Petro, Oscar Salazar; 12 noon)

Special Feature

Why business leaders must be security leaders

Why do many boards leave IT security primarily to security technicians, and why can’t techies convince their boards to spend scarce cash on protecting stakeholder information? We offer guidance on how to close the IT security governance gap.

Read now

These researchers found a major flaw in the Brink's CompuSafe and will demonstrate how to crack one open in seconds. "All you need is a USB stick and a large bag to hold all of the cash. We'll discuss how to remotely takeover the safe with full administrator privileges, and show how to enumerate a target list of other major Brink's CompuSafe customers (exposed via configuration files stored right on the safe)."

Sunday

REpsych: Psychological Warfare in Reverse Engineering(Chris Domas; 11am)

"With some carefully crafted assembly, we'll show how to break down a reverse engineer by sending them misleading, intimidating, and demoralizing messages through the control flow graphs of their favorite RE tools - turning their beloved IDA (Hopper, BinNavi, Radare, etc) into unwitting weapons for devastating psychological warfare in reverse engineering."

Attacking Hypervisors Using Firmware and Hardware(Yuriy Bulygin, Mikhail Gorobets, Alexander Matrosov, Oleksandr Bazhaniuk, Andrew Furtak; 1pm)

In a world that is sort of being eaten by hypervisors, this talk is kind of a big deal -- and since four of the presenters are Intel security researchers, apparently Intel has cleared them to talk about this. They will "explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines."