The Machines That
Betrayed Their Masters

ZeroNights 2013
SensePost.com

Glenn Wilkinson
@glennzw

@glennzw
•2-y Donskoy proyezd, 7/1, Moscow
•Leninskiy prospekt., 2А, Moscow
•Ulitsa Bakhrushina, 24 строение 1, Moscow
•Rublevskoye...
•Nevsky Prospect, 114, Saint Petersburg
•Prospekt Medikov, St Petersburg
•Ulitsa 8 Marta, 41, Yekaterinburg
•P132, Kaluzhs...
•North 16th Street, Philadelphia, USA
•Captain Cook Drive, Australia
•Trillerpark, 1210 Viena, Austria
•3 Luvianpuistokatu...
•Wingate by Wyndham, Dallas, Texas, USA
•Hotel Strata, California, USA
•Hotel Hacienda, Spain
•Sunrise Diamond Beach Resor...
@glennzw
@glennzw
@glennzw
Machines? Betrayal?
@glennzw
Machines?

@glennzw
Betrayal?

@glennzw
A Device
A Unique Signature
A Link from
Signature to a Human
Snoopy Framework

@glennzw
@glennzw
@glennzw
@glennzw
X
3G

ee
B

XBee
XB

ee

@glennzw
e

Be

X

3G

r
he

t
ne

XB

Et

Et

XBee

he

ee

rn

e

Be

et

X

3G

XBee

XB

ee

@glennzw
@glennzw
A Unique Signature
98:03:ab:32:11:33
Linking the Signature
Linking the Signature

1. Passive Linking
BTHomeHub-AFV1, are you there?
Starbucks, are you there?
Virgin-AFVT, are you there?
Is anyone out there?

98:03:ab:32:11:...
BTBusinessHub-2DF1

Virgin-AFVT

Starbucks

Starbucks

SSID

GPS Lat

GPS Long

Virgin-AFVT

50.507

-0.128

Starbucks
BTB...
BTHomeHub-AFV1, are you there?
Starbucks, are you there?
Virgin-AFVT, are you there?
Is anyone out there?

98:03:ab:32:11:...
Linking the Signature?

2. Active Linking
@glennzw
BTHomeHub-AFV1, are you there?
Starbucks, are you there?
Virgin-AFVT, are you there?
Is anyone out there?

Hey iPhone! It’...
IP= 10.2.0.45
Site= www.facebook.com
username: joe
password: secret
Client001
00:11:22:33:44:55

IP= 10.2.0.45
Site= www.f...
@glennzw
@glennzw
@glennzw
@glennzw
Scenarios
@glennzw
Conference

Unique	
  Devices

Number	
  of	
  
A4endees

Device	
  Per	
  Person

BlackHatVegas2012

4778

6500

0.74

IT...
glenn@sensepost.com
jobs@sensepost.com
http://research.sensepost.com/

@glennzw
Upcoming SlideShare
Loading in …5
×

Glenn Wilkinson - The Machines that Betrayed their Masters

1,120 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,120
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Glenn Wilkinson - The Machines that Betrayed their Masters

  1. 1. The Machines That Betrayed Their Masters ZeroNights 2013
  2. 2. SensePost.com Glenn Wilkinson @glennzw @glennzw
  3. 3. •2-y Donskoy proyezd, 7/1, Moscow •Leninskiy prospekt., 2А, Moscow •Ulitsa Bakhrushina, 24 строение 1, Moscow •Rublevskoye shosse, 44, Moscow •Krylatskaya ulitsa, 23, Moscow •Ulitsa Sushchevskiy Val, 46 строение, Moscow •Ulitsa Krasina, 3, Moscow •Bolshaya Sadovaya ulitsa, Moscow @glennzw
  4. 4. •Nevsky Prospect, 114, Saint Petersburg •Prospekt Medikov, St Petersburg •Ulitsa 8 Marta, 41, Yekaterinburg •P132, Kaluzhskaya @glennzw
  5. 5. •North 16th Street, Philadelphia, USA •Captain Cook Drive, Australia •Trillerpark, 1210 Viena, Austria •3 Luvianpuistokatu, Satakunta, Finland @glennzw
  6. 6. •Wingate by Wyndham, Dallas, Texas, USA •Hotel Strata, California, USA •Hotel Hacienda, Spain •Sunrise Diamond Beach Resort, Egypt •5Footway Inn, Singapore •H2O Hostel Ljubljana, Slovenia @glennzw
  7. 7. @glennzw
  8. 8. @glennzw
  9. 9. @glennzw
  10. 10. Machines? Betrayal?
  11. 11. @glennzw
  12. 12. Machines? @glennzw
  13. 13. Betrayal? @glennzw
  14. 14. A Device
  15. 15. A Unique Signature
  16. 16. A Link from Signature to a Human
  17. 17. Snoopy Framework @glennzw
  18. 18. @glennzw
  19. 19. @glennzw
  20. 20. @glennzw
  21. 21. X 3G ee B XBee XB ee @glennzw
  22. 22. e Be X 3G r he t ne XB Et Et XBee he ee rn e Be et X 3G XBee XB ee @glennzw
  23. 23. @glennzw
  24. 24. A Unique Signature
  25. 25. 98:03:ab:32:11:33
  26. 26. Linking the Signature
  27. 27. Linking the Signature 1. Passive Linking
  28. 28. BTHomeHub-AFV1, are you there? Starbucks, are you there? Virgin-AFVT, are you there? Is anyone out there? 98:03:ab:32:11:33
  29. 29. BTBusinessHub-2DF1 Virgin-AFVT Starbucks Starbucks SSID GPS Lat GPS Long Virgin-AFVT 50.507 -0.128 Starbucks BTBusinessHub-2DF1 50.408 50.601 -0.041 -0.045 Starbucks 50.391 -0.050
  30. 30. BTHomeHub-AFV1, are you there? Starbucks, are you there? Virgin-AFVT, are you there? Is anyone out there? 98:03:ab:32:11:33 @glennzw
  31. 31. Linking the Signature? 2. Active Linking @glennzw
  32. 32. BTHomeHub-AFV1, are you there? Starbucks, are you there? Virgin-AFVT, are you there? Is anyone out there? Hey iPhone! It’s me, Starbucks! 98:03:ab:32:11:33 @glennzw
  33. 33. IP= 10.2.0.45 Site= www.facebook.com username: joe password: secret Client001 00:11:22:33:44:55 IP= 10.2.0.45 Site= www.facebook.com Cookie = supersecretcookie <script src=profiler.jsp> mitmproxy Intertubes sslstrip squid Drone001 Client002 00:22:33:44:55:66 Snoopy Server Traffic Inspector Social Media APIs Client003 11:22:33:44:55:66 Drone002 00:11:22:33:44:55 BTOpenzone VirginMedia-AR45 00:22:33:44:55:66 BTHomeHub-BHA7 Starbucks Client004 44:55:66:77:88:99
  34. 34. @glennzw
  35. 35. @glennzw
  36. 36. @glennzw
  37. 37. @glennzw
  38. 38. Scenarios @glennzw
  39. 39. Conference Unique  Devices Number  of   A4endees Device  Per  Person BlackHatVegas2012 4778 6500 0.74 ITWeb2012 1106 400 2.77 44CON2012 969 350 2.77 BlackHatEU2013 681 607 1.12 Securitay2013 375 100 3.75 BSides2013 208 474 0.44 Hackito2013 309 400 0.77 CERT  Poland2013 598 500 1.2 ZeroNights2013 507 ? @glennzw
  40. 40. glenn@sensepost.com jobs@sensepost.com http://research.sensepost.com/ @glennzw

×