nsa playset bridging the airgap without radios speaker bio
play

NSA Playset: Bridging the Airgap without Radios Speaker Bio - PowerPoint PPT Presentation

Nov 14, 2022 •249 likes •736 views

NSA Playset: Bridging the Airgap without Radios Speaker Bio @r00tkillah Michael Leibowitz Day job in product security Froots around with electronics The views expressed.. NOT MY EMPLOYERS! ANT Catalog ANT Catalog NSA Playset:

  1. NSA Playset: Bridging the Airgap without Radios

  2. Speaker Bio @r00tkillah Michael Leibowitz ● Day job in product security ● Froots around with electronics ● The views expressed.. NOT MY EMPLOYERS!

  3. ANT Catalog

  4. ANT Catalog

  6. NSA Playset: CHUCKWAGON

  7. Meet LoPan

  8. But what about 6LowPan?

  9. Traditional topologies don’t work

  10. LoPan devices communicate in short bursts to preserve their energy

  11. With limited range and spread

  12. How can they express themselves? ? ? ! ? ? ?

  13. How can they express themselves? ? ? ! ! ! ?

  14. With 6 Lo Pans, you need to bridge different mediums to spread ? Jack Burton?! ? ?

  15. With 6 Lo Pans, you need to bridge different ! mediums to spread ? ? ?

  16. With 6 Lo Pans, you need to bridge different mediums to spread ! ? ?

  17. With 6 Lo Pans, you need to bridge different mediums to spread ! ? ?

  18. With 6 Lo Pans, you need to bridge different mediums to spread ! ? !

  19. With 6 Lo Pans, you need to bridge different mediums to spread ! ? !

  20. With 6 Lo Pans, you need to bridge different mediums to spread ! ! !

  21. And then one Lo Pan can bridge the message to Jack ! ! Shut Up, Mr. Burton !

  22. IoT: Smart Shirts

  23. Thinking Cap/Internet of Hats

  24. Radio Hostile Environments

  25. Basic Theory of Operation Hacks Victim Hacker

  26. Advanced Usage Tubes

  27. VGA Pinout

  28. What Your Mother Didn’t Tell You About VGA DDC PROM

  29. I2C SDA HOST ddc Malicious (master) prom Implant SCL (slave) (either)

  30. Basics of CIR

  31. UART

  32. CIR & UART

  33. The Zero Hour

  34. Packet Format struct __attribute__ ((__packed__)) IRFrame { uint16_t source; uint16_t destination; int type: 4; int hops: 4; uint8_t payload[BLOB_SIZE]; uint16_t crc; }

  35. Eating Garbage

  36. Meshing int hops: 4; if (!forme() && hops < 15) { hops++; send(); }

  37. Playsetable HW Platform Requirements: ● small ● cheap ● easy ● fun

  38. Playsettable SW Platform

  39. Arduino?!

  40. HW details

  41. More HW

  42. Easy to Play With

  43. Ready for Implantation

  44. faraday cage

  45. Long Distance

  46. Demo

  47. Thanks! @joefitz, @laplinker, all teh playset peeps

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? ()

Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? ()

Tools of the NSA Playset Ruxcon 2014 Joe FitzPatrick Mike Ryan What is the NSA Playset? () nsaplayset.org 3D NSA Playset Price Sheet CONGAFLOCK - &lt;$1 A Retroreflector, which is a passive device that reflects differently when a

786 views • 49 slides
Full Duplex Radios Daniel J. Steffey Source Full Duplex Radios* ACM SIGCOMM 2013 Dinesh

Full Duplex Radios Daniel J. Steffey Source Full Duplex Radios* ACM SIGCOMM 2013 Dinesh

Full Duplex Radios Daniel J. Steffey Source Full Duplex Radios* ACM SIGCOMM 2013 Dinesh Bharadia Emily McMilin Sachin Katti *All source information and graphics/charts 2 Problem It is generally not possible for radios to receive and

705 views • 28 slides
COGNITIVE RADIOS WITH GENETIC ALGORITHMS: INTELLIGENT CONTROL OF SOFTWARE DEFINED RADIOS Thomas

COGNITIVE RADIOS WITH GENETIC ALGORITHMS: INTELLIGENT CONTROL OF SOFTWARE DEFINED RADIOS Thomas

COGNITIVE RADIOS WITH GENETIC ALGORITHMS: INTELLIGENT CONTROL OF SOFTWARE DEFINED RADIOS Thomas W. Rondeau, Bin Le, Christian J. Rieser, Charles W. Bostian Center for Wireless Telecommunications (CWT) Virginia Tech Blacksburg, VA, 24061 1

307 views • 20 slides
Logiciels libres et web radios Indice : cest la merde... Augier Full Mdias Inc. (

Logiciels libres et web radios Indice : cest la merde... Augier Full Mdias Inc. (

1 Enregistrement et traitement du son Logiciel Matriel 2 Automation 3 Diffusion et live Logiciels libres et web radios Indice : cest la merde... Augier Full Mdias Inc. ( www.FullMediasInc.fr ) Full Radios ( www.full-radios.fr ) 23

976 views • 56 slides
Trail Talk Presentation by Don Reeves Radios Roundtable Discussion Radios Roundtable Discussion

Trail Talk Presentation by Don Reeves Radios Roundtable Discussion Radios Roundtable Discussion

Trail Talk Presentation by Don Reeves Radios Roundtable Discussion Radios Roundtable Discussion By Don Reeves A Primer on UTV/ATV Radios An Introduction to Communication Options Don Reeves any misstatements herein are mine, and mine

703 views • 22 slides
Power Adapters Power Adapters speaker will move the wrong direction. speaker will move the wrong

Power Adapters Power Adapters speaker will move the wrong direction. speaker will move the wrong

Power Adapters 1 Power Adapters 2 Introductory Question Introductory Question If you install a pocket radios batteries If you install a pocket radios batteries backward, it wont work because its backward, it wont work because

259 views • 5 slides
Digital Radios for Field Headquarters Operations Board of Directors May 21, 2014 FHQ

Digital Radios for Field Headquarters Operations Board of Directors May 21, 2014 FHQ

I No Digital Radios for Field Headquarters Operations Board of Directors May 21, 2014 FHQ Communications 1985 Use of truck-mounted radios with antenna on administration building 2009 Use of Nextel push- to-talk phones 2012 Use

244 views • 7 slides
SDR Radios: One Hams Perspective Jon Longtin KB8LFP Overview Brief introduction of

SDR Radios: One Hams Perspective Jon Longtin KB8LFP Overview Brief introduction of

SDR Radios: One Hams Perspective Jon Longtin KB8LFP Overview Brief introduction of myself SDR radios an overview Adding an SDR to your shack Overview of SDRPlay RSP1A (my SRD radio) Capabilities and specs Software

435 views • 30 slides
MERA: WHEN SECONDS SAVE LIVES Next Gen Project Oversight Committee Monday, 03/19/2018 Puzzle

MERA: WHEN SECONDS SAVE LIVES Next Gen Project Oversight Committee Monday, 03/19/2018 Puzzle

MERA: WHEN SECONDS SAVE LIVES Next Gen Project Oversight Committee Monday, 03/19/2018 Puzzle Pieces Vehicle Installs Mobile Portable Radios Radios Gen I Program Experience Radios 3 OPTIONS Financial Equip Impacts Discount

325 views • 16 slides
Ral Torrego Ikerlan-IK4 rtorrego@ikerlan.es INDEX Introduction Software Defined Radios

Ral Torrego Ikerlan-IK4 rtorrego@ikerlan.es INDEX Introduction Software Defined Radios

OQPSK COGNITIVE MODULATOR FULLY FPGA-IMPLEMENTED VIA DYNAMIC PARTIAL RECONFIGURATION AND RAPID PROTOTYPING TOOLS Ral Torrego Ikerlan-IK4 rtorrego@ikerlan.es INDEX Introduction Software Defined Radios / Cognitive Radios Rapid

733 views • 16 slides
Full Duplex Radios Dinesh Bharadia, Emily McMilin, Sachin Katti Stanford University 8/14/13 1

Full Duplex Radios Dinesh Bharadia, Emily McMilin, Sachin Katti Stanford University 8/14/13 1

Full Duplex Radios Dinesh Bharadia, Emily McMilin, Sachin Katti Stanford University 8/14/13 1 It is generally not possible for radios to receive and transmit on the same frequency band because of the interference that results. - Andrea

984 views • 34 slides
Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see

COLE POLYTECHNIQUE FDRALE DE LAUSANNE Bridging Bridging Jean-Yves Le Boudec Fall 2009 1 1 Algorhyme I think that I shall never see a graph more lovely than a tree. h l l th t A tree whose crucial property is loop-free

564 views • 45 slides
THE MTP8000Ex SERIES TETRA ATEX RADIOS WORK SAFER. WORK SMARTER. WORK ANYWHERE. INSTRINSIC

THE MTP8000Ex SERIES TETRA ATEX RADIOS WORK SAFER. WORK SMARTER. WORK ANYWHERE. INSTRINSIC

THE MTP8000Ex SERIES TETRA ATEX RADIOS WORK SAFER. WORK SMARTER. WORK ANYWHERE. INSTRINSIC SAFETY HISTORY 20+ YEARS INSTRINSIC SAFETY 120,000+ RADIOS SOLD MILLIONS OF USAGE HOURS MARKET LEADING MTP850Ex ATEX MARKETS OIL &amp; GAS

467 views • 31 slides
Research on Race Bridging for 2020 Ben Bolender Assistant Division Chief Population Estimates

Research on Race Bridging for 2020 Ben Bolender Assistant Division Chief Population Estimates

Research on Race Bridging for 2020 Ben Bolender Assistant Division Chief Population Estimates and Projections Population Association of America April, 2018 1 Overview 1. Race bridging and reverse bridging 2. Bridging and imputation 3. Why

519 views • 29 slides
Bridging the Gap on Breaches: What Makes the Difference? Sponsored By: Bridging the Gap on

Bridging the Gap on Breaches: What Makes the Difference? Sponsored By: Bridging the Gap on

Bridging the Gap on Breaches: What Makes the Difference? Sponsored By: Bridging the Gap on Breaches: What Makes the Difference? Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of

423 views • 21 slides
Residential Bridging Residential Bridging (rate control; 2006Mar06) (rate control; 2006Mar06)

Residential Bridging Residential Bridging (rate control; 2006Mar06) (rate control; 2006Mar06)

Residential Bridging Residential Bridging (rate control; 2006Mar06) (rate control; 2006Mar06) Maintained by David V James IEEE 802.3 RE Study Group March 2006 1 Denver Credit is due to many others, whose reviews and comments drove this

408 views • 18 slides
Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security

Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer (and Network) Security - Spring 2007 - Professor Jaeger 1

777 views • 22 slides
Bridging the air-gap Out of sight, (but not) out of mind Nemanja Nikodijevic

Bridging the air-gap Out of sight, (but not) out of mind Nemanja Nikodijevic

Bridging the air-gap Out of sight, (but not) out of mind Nemanja Nikodijevic &lt;nemanja@micropsi-industries.com&gt; Agenda Motivation Attack scenario Famous examples Academic research Future attack vectors Nemanja Nikodijevic

595 views • 33 slides
Agent Language for communication between humans and computer agents Find and Share Your self

Agent Language for communication between humans and computer agents Find and Share Your self

Agent Language for communication between humans and computer agents Find and Share Your self with Peer AIGENTS.COM KONT-2015, Anton Kolonin, Aigents Group 1 Internet of Things Agents everywhere Human User KONT-2015, Anton

1k views • 17 slides
Order-Based and Continuous Modal Logics George Metcalfe Mathematical Institute University of

Order-Based and Continuous Modal Logics George Metcalfe Mathematical Institute University of

Order-Based and Continuous Modal Logics George Metcalfe Mathematical Institute University of Bern Joint research with Xavier Caicedo, Denisa Diaconescu, Ricardo Rodr guez, Jonas Rogger, and Laura Schn uriger SYSMICS 2016, Barcelona,

723 views • 71 slides
Network Security Network design Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap

Network Security Network design Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap

Network Security Network design Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) 2 Risk Expanding the classical definition of risk: Risk = Threat x Exposure x

1.5k views • 43 slides
DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991

DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991

DOLPHIN ATTACK GUOMING ZHANG, CHEN YAN PRESENTED BY JACOB BEDNARD WAYNE STATE UNIVERSITY CSC6991 Overview Soundwaves and Digital Signal Processing (DSP) Attack Methodology Defense Mechanisms Demonstration Videos Soundwaves and

657 views • 33 slides
Magnetics Design 3.1 Important magnetic equations 3.2 Magnetic losses 3.3 Transformer 3.3.1

Magnetics Design 3.1 Important magnetic equations 3.2 Magnetic losses 3.3 Transformer 3.3.1

Prof. S. Ben-Yaakov , DC-DC Converters [3- 1] Magnetics Design 3.1 Important magnetic equations 3.2 Magnetic losses 3.3 Transformer 3.3.1 Ideal transformer (voltages and currents) 3.3.2 Equivalent circuit of transformer (coupling,

463 views • 24 slides
Rock muon rate at ND Chris Marshall Lawrence Berkeley National Laboratory CERN ND workshop 22

Rock muon rate at ND Chris Marshall Lawrence Berkeley National Laboratory CERN ND workshop 22

Rock muon rate at ND Chris Marshall Lawrence Berkeley National Laboratory CERN ND workshop 22 January, 2017 Rock muons 100s m of rock between decay pipe and detector hall Muons from neutrino interactions in rock will overlap with

501 views • 17 slides

More recommend