Monday, June 9, 2014

Part 2: Exploiting the Emergency Alert System

Click HERE for Part#1

The tools…

So…while broadcasters spend millions on equipment, special antennas, and so forth to broadcast on licensed frequencies, the advent of Software Defined Radio (SDR) makes it possible to transmit/receive on any frequency you want relatively inexpensively.  Initially, SDR were used for lab/testing purposes to keep costs low researchers, manufacturers, developers, and education.

There are a variety of SDR on the market and even though power output is low it is easily boosted.  I've primarily used Ettus Research USRP series devices, though there are some cool projects out there if you Google (it all depends on your price range).   We now have the means, I've hinted at the method…

The exploit...

I hate to be cryptic and otherwise a bit of a tease, but I'm waiting to hear back on some CFP's where I might "reveal" this incredibly obvious set of vulnerabilities.  If I don't get accepted (and its highly likely that I won't) I'll update this blog post with all the pertinent details around the end of this month. So stand by my non-existent readers!

UPDATE!!

Read more »

BSidesLV 2014 Abstract

Allow myself to encrypt…myself!

At BSides LV 2013, I shared a dream…of a day when all-the-things would be endowed with…with huge…encryption! YES!  BIG ENCRYPTION! Where NSA is spelled with F & U! Of a future where I can share my data without sacrificing ownership, confidentiality, or anything else.  Where my memes and social awkwardness will be appreciated! Um…seriously though, we played “fantasy defense-in-depth”, sacrificed an “admin dude” dressed like the black knight, and generally shocked the world that the internet isn’t a safe place.

Wait…ok…now seriously, we explored why the “escalation of weaponry” means defense is futile; why the networks of the future, pervasive ubiquity, and other unknowns won’t fit into a secure perimeter; that we need to protect data over devices; that if we can’t control how our data is transmitted, processed, or stored we need to figure out how to protect it!


Can we create data resilient to attack even when the host it resides on is compromised? How do we not lose availability or the ability to share & collaborate with others? We were on the trail last year, but now we think we have a solution & can’t wait to show you! Fast forward 1 year & we have possibly the first open source destined & patent protected comprehensive framework for data protection. It’s a big idea with big challenges destined for failure without your input and expertise so come join the conga line to crazy town!

Make it out to BSidesLV 2014!  Hope to see you there!

Read more »