The first full day of DEF con was packed with hacking hardware and cars. I got to learn about why your automobile is less secure than you might think, pick some locks, and found out that there are electronic DEF con badges after all. keep reading for all the detail.
theSummit
Thursday night ended with theSummit: a party fundraiser for the EFF. Beers were drank, EFF donations were made, and good times were had. The folks from Codame demoed interactive art installations, and dual Core provided some terrific nerdcore entertainment.
The EFF ran a DC Dialer phone booth that encouraged attendees to call their representatives and request that they support Aaron’s Law. If you’re in the US, you should read more about Aaron’s law and how to contact your representative. The EFF has a good overview here.
The CFAA DC Dialer let attendees make free calls to their representatives.
Hardware Hacking Village
The hardware hacking village was packed today, with many kits being sold and built. The DEF con Darknet project badge was one kit that made its debut here. inspired by [Daniel Suarez]’s book, Daemon, this project encourages conference participants to meet people and learn skills by completing quests. [Smitty] gave me an overview of the board, which uses an ATTiny85 and communicates over IR with other badges.
The Darknet Badge PCB
Pairing badges lets you keep track of people you’ve met. There are also skill quests using the badge. two of these are for assembling the badge itself, one for the through-hole section and one for the optional surface mount section. A lock picking installation called The Rook kept track of what locks you had picked, and transferred the data to your badge. data from the badge can be synced up with the Darknet website to receive experience points. The firmware is almost finalized, and the entire project will be released as open source hardware shortly.
The Rook is an interactive lockpicking challenge that interfaces with the Darknet Badge
DLP 3D Printing
[PacManFan] showed me his creation Workshop 3D printing software. This software is designed to print using UV sensitive ink and a DLP projector. The advantages of this process include high resolution printing and a fixed print time per layer. His software does slicing compatible with G-code, but adds special markers for displaying images on the DLP projector. This allows you to use currently available hardware, such as the RAMPS platform, along with the UV cured resin. The software is written in C#, open source, and available on Github.
Automotive Hacking
[Charlie Miller] and [Chris Valasek] gave a terrific talk about hacking cars. They focused on Toyota and Ford vehicles, and managed to pull of some impressive and dangerous exploits on both (which we previewed a few days back). The hacks assumed that the attacker has access to the Controller area Network bus (CAN bus) inside the car. CAN is used for communication between automotive controllers, and by faking CAN signals you can trick these controllers. From a laptop, they were able to actuate steering, braking, the horn, and disable the brakes.
By reverse engineering the diagnostic tools for these manufacturer’s vehicles, they were able to obtain the Unified Diagnostics services security access keys. using these allows you to perform actions that are related to security and safety, including re-flashing the vehicles controllers with modified firmware. Ford is currently working with them to fix the problems, but Toyota claims they are only concerned with remote attacks, and that these exploits are not a problem.
DEF CON: The Documentary
The DEF con documentary premiered yesterday, and is now available as a torrent. You can grab it here.
Tomorrow I’ll be covering more villages, the contests area, and a talk or two.