SlideShare a Scribd company logo

World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

Download as PPTX, PDF
Jan Geirnaert
Jan Geirnaert

This is a simple presentation I did towards a non-technical audience as part of a seminar on Cyber Security in Malaysia - Kuala Lumpur. It covers a wide range of specific topics relating to cyber security issues. We are all connected to a huge amount of devices and the attack vector is growing, widening. Building walls and fences is not enough. There is a lack of On The Ground Cyber Security...

Technology
1 of 44
Devices, Connectivity, Signals (RF). 1
Who is Jan Geirnaert? I am from Belgium. My wife is Malaysian Chinese. I live in and work in Malaysia about 10 years. I love to hike and cycle in the jungle. Workwise, I am an IT/web-guy / IT-manager, Digital Marketing consultant, trainer, database-builder, worked in big and small companies, IBM, Belgium Online, local companies etc… I kept moving and learning. https://my.linkedin.com/in/jangeirnaert Security issues always kept happening on the ground (OTG) and online. 10 years ago I climbed mount KK. Arrived early. Did it again in 2016 Arrived at sunset  2
Before we start… A few things. All shown components and devices show are inactive or set to safe mode. Hence no data is collected. I am giving a demonstration of their functions. I don’t sell or import any of these devices. I just want to know how they work for experimentation purposes. I am not affiliated or paid by these manufacturers. I don’t promote the destruction/theft of their electronic/digital property. I am not a spy, private investigator, hacker or covert surveillance operative. All the info you are about to see is available online. Follow the laws and local regulations. If you need a license; Get one (PI). Don’t try any of this at home or in your office. Follow the law & Regulations. Be careful. Don’t make digital “bombs”. You might blow yourself up… Learn self defense instead. 3
This is not death by PowerPoint. I will try to speak English  - this is not an IOT – Internet Of Things Course - this is not a deep technical course - This is not a thesaurus of everything… - Anything not clear, do interrupt immediately - Short questions please. 1 liners… - We have 60 minutes. - Scared of signals? Wear a tin foil hat  4
Connectivity, Signals & Devices, Data. brain actions Communication linkslinks links observations input inputinput Decisions/processing Doubt Uncertainty Fear 5 data information
Data, Information, Usage Comparison to the Concentric Circles Theory (Rogers) / 3 levels of consciousness 1. core self is the set of values and opinions that you keep to yourself. 2. private self is your performance to your closest friends and family. 3. public self is the more superficial version of your identity. Now we compare this to the machine & online world… 6
Security Layers. Data, devices, information, usage. Concentric model used in the security business Data that can be (ab)used when exposed. P&C data Unknown device / signal Unknown entity gets intel A device captures data 7
So many devices.  Huge amount of devices are on the market  IOT >> even more and smaller devices.  What are all they doing? Why are they there? Any data collected?  How to determine if you want those devices in your network or proximity.  There is no time to analyze what they are all doing?  The question is how to disable / identify / control those (un)known devices? 9
20 years ago - quick comparison. Bigger capacity, power & reach comes now in smaller and cheaper format. Easily available. Mobile. Multi-functional. Question: has human behavior/society it’s understanding (laws, enforcement) adjusted enough to the risks that come with progress and any great inventions… How much are we aware of the effects off increased processing power, signal presence on our daily lives, work, companies/organizations… (Bigfoot HDD 2 – 4 GB - 1996)… SanDisk 32GB Etc… 8
Lot’s of devices in use.  GPS (maps, tracking)  Cellphones, Smartphones, Mobile devices  Fixed phones, landlines  Game Consoles  CCTV camera’s, Normal Camera’s  Sound Recording devices, mp3 players  Radio, TV, monitors  Much more high powered sensors detect:  Sound  Vibration  Motion  Heat  Water, humidity  Electricity.  EMP  Dust & Chemical Components  Etc.. Not just FM-radio, TV, Phones Walkie talkies / CB… 10
 Devices that use radio transmitter/receiver on a certain frequency (FCC regulations). Surrounded by all sorts of signals. UHF / VHF Infrared Laser.. Etc… 11
TV’s, Media Centers, Media Players etc..  Many of these devices have become smart and are linked to the internet. (meaning they require a login/identification and are getting data, ID’s.).  Example: if x knows that your tv is on, then x knows you are home + watching this that.  Legal issues: Example Vizio Inc Settles Smart TV Data Gathering Charges for $2.2M. Issue: illegal collection of second-by-second data on consumers -- information such as sex, age, income, marital status, household size, education level, home ownership, and household value -- to sell to third parties, most of which would target the consumers with advertisements http://www.cio- today.com/article/index.php?story_id=021000OCI6XC  Compare the issue to your own company, what data is being collected.  In your own company the Data Protection Act also applies. 12
This is all regulated, “there is no issue”.  Maybe, how about the small DIY boxes? (Arduino based, etc..)  We are unable to trace violations, so why bother?  How to enforce in our own environment?  What are the risks and things happening now?  How expensive is enforcement?  What type of detection equipment is required?  How to adjust internal regulations and contractual agreements?  Legality of monitoring employees & their devices (example activtrak.com, whoisonmywifi.com).  Psychological effect on people of a police state like company culture (more VPN, more hiding, cat & mouse game).  Once you start listening; ask yourself who else is listening?  You collect data. Is it stored safely and encrypted. Can it be hacked?  How about the signals that are not regulated, hidden devices? 13
Frequency Allocation Chart. Radio Spectrum. https://www.ntia.doc.gov/files/ntia/publications/2003-allochrt.pdf 14
Listening devices then  Era: 2nd world war, cold war 1970 18
Hidden Listening Devices Source: http://spymuseum.com/great-seal-bug/ • The Great Seal Bug (also known as the Thing) - Moscow, 1945 • a listening device was implanted within a copy of the Great Seal as a plaque to the United States Ambassador to the Soviet Union W. Averell Harriman. • contained a listening device that was hidden in holes drilled under the beak of the eagle in the plaque. - powered on remotely by an electromagnet energy source making it very difficult to detect. - microphone hidden inside was passive and was only activated when the Soviets decided to turn it on. - did so from a van parked outside of the ambassador’s house in which they ultra-high frequency beams at the house. - Activated, the microphone would transmit any conversations coming from within range of the bug. When they turned the beams off, the bug was virtually undetectable. 16
History is repeating itself Today: some users will be fearful of data theft and surveillance, hence they might buy into detection & jamming systems if affordable and useful. Growth of Cyber Security companies, professional hackers, etc.. Since internet kicked into higher gear, after the 1990- ties. Correlates with uncertainty, visible violence in society/public life, (cyber) terrorism, political climate… An Example of new market: the preppers + gadgets 19
Now we are in a new type of cold war.  Be prepared.  This not is an alternate fact/reality. “they” are trying to make us live in fear so we buy into certain products & services. Or vote for Donald Trump (example).  Action: do a simulation of a total breakdown of your infrastructure and see how your company/organization would re-vive it’s core processes. Simulate a crash (on paper and in reality).  Establish contingency strategy and recovery procedures.  Imagine how much it will really cost to go offline during an attack and what will be permanently lost or damaged? 17
Listening Projects now  Example: PRISM (NSA) UTAH Data Centre http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet 20
Example of simple listening device  http://www.bug-transmitter.com/  Simplier version Locally in KL: Pudu Market Voyager 3 FM Bug UHF Transmitter - Uses 9Volt battery (25 hours life) - Special battery: 400+ hours - size: 32mm x 15mm - +800mr transmission range in the open using a car FM radio - 90mr upto 500mr using handheld FM radio - Frequency: 88Mhz – 112Mhz - longer range if in line of sight - link to a UHF walkie talkie (5km) Listening Bugs are getting smaller 2 – 3 cm DEMO AUDIO BUG 21
More Camera Spy gear… Demo Ghost Simple Detection device Basically anything that runs on 12 or 5 volts / 2 amps can contains video, sound bugs. 22
Credit-cards with NFC or RFID chips  Visa PayWave,MasterCard PayPass, American Express ExpressPay and Discover Zip.  Problem with RFID cards (unless inside a protective cover) is that they can be read or copied from a few inches with a portable RFID / NFC reader  DIY NFC/RFID Reader https://youtu.be/oVByBK6LJHY https://youtu.be/w_vYuLyfw3E 23 Visa payWave is a form of chip card technology. Like chip cards, it uses an advanced computer chip embedded in the card's plastic to perform secure transactions https://usa.visa.com/pay-with-visa/featured.../visa-paywave.html
Heat Signature on Keypads / ATM. Thermal Imaging Device / FLIR http://www.flir.com/flirone/ios-android/ https://www.consumeraffairs.com/news/thermal-imaging-devices-can-steal-your-pins-and-passcodes-090214.html https://youtu.be/8Vc-69M-UWk 24
Digital Warfare - Norske Attack Map  Global Attack Map of know attacks.  But what is happening in your own network?  Who is ‘attacking’ who?  What is there to get?  How to manage this? http://map.norsecorp.com 25
War Driving Scans while moving Records automatically Maps Wi-Fi Access Points GPS-based (LAT/LON) Data mapped on Google Earth / Maps. See also apps that show Telecom Towers 26
Packet Sniffer, Mac Address listing, IP Matrix  Know that your packets, passwords, messages can be captured easily if not encrypted.  Not in the scope of this presentation http://www.colasoft.com/ 27
So how about DEFCON Indicator for your own local system?  How many devices in the network now (FING, WhoIsOnMyWifi.com etc..)  How about a “simple” indicator instead of looking at the processes and analytical expert software (comes later, done by security IT people).  How much total Gigabytes are going out / in now?  Connected Devices Display (how many devices in your network plus how many radio’s around you.  Example: why would there be 100 radio signals in your office when you have only 50 staffs. Make an inventory of the function & location of these devices. 28
DEFCON Alert Levels – Find the rat(holes).. Make sure to be aware Make a real system Not just a policy Mind the GAP Hire the right people Find the rat Catch the thief Find the spy Get real! 28
Signal Jammers High Power 12 Antenna Jammer that blocks WiFi / GPS / VHF UHF LoJack RF 315/433 / 3G 4G  Useful for boardrooms, to keep the room signal free.  What if disgruntled workers jam your signal?  During communications failure hijacking might happen.  What other alternative means of communications you have? 29
Drone Signal Jammer  Scenario: drone invades your territory. How do you take it down?  Market: Police / Enforcement / Security Companies. Drone Jammer 6 Channels Total Output 90W GPS WIFI Backpack Signal Blocker Up To 200 Meters 30 show
Get a Signal Detection Device 31
Military Jammer Version (SWAT) Issue: What if the bad guys use this to block out communications? How to detect jamming? How are your procedures & Staffs equipped to deal with attacks? How disturbing can a miniature version of this type of device be? 32
More devices available at very low cost >> more wide spread usage.  Many business opportunities arise here  Many privacy and security issues also  Anybody can buy this anywhere (eg. Lazada)  Gearbest.com, banggood.com aliexpress.com…  >> more reason to use detection agents. 33
Wi-Fi Jammer – smaller. 3.5usd https://www.youtube.com/watch?v=oQQhBdCQOTM Cheap Wi-Fi 'Jammer' Device | NodeMCU https://github.com/spacehuhn/esp8266_deauther http://seytonic.com/2017/02/03/nodemcu-links/ 34 Imagine Starbucks without Wi-Fi…
ESP8266 Wi-Fi  3 – 5 usd (original or China copy)  Easy to program via Arduino IDE software.  https://github.com/esp8266/arduino 35
Very Small & Powerful Anonymous Bluetooth, Wi-Fi can be programmed into anything. Untraceable. 36
EMP – Fry or Jam the radios… Source: http://www.instructables.com/id/Destroy-Any-Device-With-EMP-Jammer/ An Electromagnetic pulse jammer could be a nuisance and even dangerous around medical equipment. Issue: how do you know if these devices are present? 37
Wi-Fi Tin Can Directional Antenna. Demo material Issue: - big problem since easy to make: - Difficult to trace - Attacker can be far away Counter-measures: - Hide SSID - Don’t expose wifi to roadside - Special window-blinds / maze to keep beams out - Etc. 39
Hack Rifle. Wi-Fi Rifle. The Wi-Fi card is an Alfa AWUS 036H. The gun itself is an airsoft rifle. Cheaper than a real assault rifle body and much lighter. 40
How to detect these signals? (indoor device example)  Frequency Counters & Scanners >> detect and determine the signal. 41
Apps.  Glint Finder (show demo)  Electro magnetic field detector  Fing Network scanner  Spy Monitor (what is connected from where)  No root Firewall (block access in/out) 42
Simple Things work, start today.  Indicator that shows how many devices are live (tx/rx) in your area, building, office or home  Simple display that security staff can understand  Low cost bug detectors that indicate the presence of 10Mhz to 6000 Mhz frequency 43
What to take away from all this?  Implement simple solutions NOW to detect radio devices.  Use jammers and blockers to enforce on the spot  Adjust procedures & policies.  Start listing risks and make an inventory of your weak spots  Do a total breakdown simulation. Test emergency response systems.  imagine the disastrous effect of sound recording of p&c meetings leaking out on social media (PR disaster)  imagine the difficulties in legal affairs if the “enemy” has recorded conversations or is listening in to current conversations  Your points…. 44
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

Recommended

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
MIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPMIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPDevanshu Shrivastava
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for grannyChris Roberts
 
Chapter4 issues with ict2016
Chapter4 issues with ict2016Chapter4 issues with ict2016
Chapter4 issues with ict2016asiara
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in societyAnjan Mahanta
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSmart Assessment
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-SonsinoTen realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsinowebdagene
 

Recommended

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
MIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPMIFARE IC Soultion From NXP
MIFARE IC Soultion From NXPDevanshu Shrivastava
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for grannyChris Roberts
 
Chapter4 issues with ict2016
Chapter4 issues with ict2016Chapter4 issues with ict2016
Chapter4 issues with ict2016asiara
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in societyAnjan Mahanta
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSmart Assessment
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-SonsinoTen realities of the internet of things - ​Alexandra Deschamps-Sonsino
Ten realities of the internet of things - ​Alexandra Deschamps-Sonsinowebdagene
 
Security
SecuritySecurity
SecurityBob Cherry
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapalibuildersreviews
 
Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
 
Uganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensicsUganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensicsMustapha Mugisa
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)smkengkilili2011
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
Security in 10 slides
Security in 10 slidesSecurity in 10 slides
Security in 10 slidesAndre Debilloez
 
Internet of Things to make a sale
Internet of Things to make a saleInternet of Things to make a sale
Internet of Things to make a saleAshish Jhalani
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
iPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementiPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementCisco Mobility
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizikaNMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizikaNew Media Inspiration
 
Architecture of Internet of Things
Architecture of Internet of ThingsArchitecture of Internet of Things
Architecture of Internet of ThingsRahul Atri
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityVitor Domingos
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon Bob Snyder
 
Future Of Internet Presentation
Future Of Internet PresentationFuture Of Internet Presentation
Future Of Internet Presentationguestf0bdc63
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

More Related Content

Similar to World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapalibuildersreviews
 
Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
 
Uganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensicsUganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensicsMustapha Mugisa
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)smkengkilili2011
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)Caston Thomas
 
Internet of Things to make a sale
Internet of Things to make a saleInternet of Things to make a sale
Internet of Things to make a saleAshish Jhalani
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
iPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementiPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementCisco Mobility
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyFabrizio Gramuglio
 
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizikaNMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizikaNew Media Inspiration
 
Architecture of Internet of Things
Architecture of Internet of ThingsArchitecture of Internet of Things
Architecture of Internet of ThingsRahul Atri
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityVitor Domingos
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyHamisi Kibonde
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon Bob Snyder
 
Future Of Internet Presentation
Future Of Internet PresentationFuture Of Internet Presentation
Future Of Internet Presentationguestf0bdc63
 

Similar to World of Signals - Devices - Connectivity - Signals - RF - Cyber Security. (20)

Security
SecuritySecurity
Security
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
 
Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web Designinng
 
Uganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensicsUganda lawsociety v2digitalforensics
Uganda lawsociety v2digitalforensics
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)
 
New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)New challenges to secure the IoT (with notes)
New challenges to secure the IoT (with notes)
 
Security in 10 slides
Security in 10 slidesSecurity in 10 slides
Security in 10 slides
 
Internet of Things to make a sale
Internet of Things to make a saleInternet of Things to make a sale
Internet of Things to make a sale
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 
iPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and ManagementiPads on your network? Take Control with Unified Policy and Management
iPads on your network? Take Control with Unified Policy and Management
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
 
What's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacyWhat's digital profiling and its impact on your privacy
What's digital profiling and its impact on your privacy
 
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizikaNMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
NMI15 Filip Chytrý – Internet věcí a jeho potenciální bezpečnostní rizika
 
Architecture of Internet of Things
Architecture of Internet of ThingsArchitecture of Internet of Things
Architecture of Internet of Things
 
Confraria Security & IT - Mobile Security
Confraria Security & IT - Mobile SecurityConfraria Security & IT - Mobile Security
Confraria Security & IT - Mobile Security
 
Edith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the SocietyEdith Turuka: Cyber-Security, An Eye Opener to the Society
Edith Turuka: Cyber-Security, An Eye Opener to the Society
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon
 
Future Of Internet Presentation
Future Of Internet PresentationFuture Of Internet Presentation
Future Of Internet Presentation
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

  • 2. Who is Jan Geirnaert? I am from Belgium. My wife is Malaysian Chinese. I live in and work in Malaysia about 10 years. I love to hike and cycle in the jungle. Workwise, I am an IT/web-guy / IT-manager, Digital Marketing consultant, trainer, database-builder, worked in big and small companies, IBM, Belgium Online, local companies etc… I kept moving and learning. https://my.linkedin.com/in/jangeirnaert Security issues always kept happening on the ground (OTG) and online. 10 years ago I climbed mount KK. Arrived early. Did it again in 2016 Arrived at sunset  2
  • 3. Before we start… A few things. All shown components and devices show are inactive or set to safe mode. Hence no data is collected. I am giving a demonstration of their functions. I don’t sell or import any of these devices. I just want to know how they work for experimentation purposes. I am not affiliated or paid by these manufacturers. I don’t promote the destruction/theft of their electronic/digital property. I am not a spy, private investigator, hacker or covert surveillance operative. All the info you are about to see is available online. Follow the laws and local regulations. If you need a license; Get one (PI). Don’t try any of this at home or in your office. Follow the law & Regulations. Be careful. Don’t make digital “bombs”. You might blow yourself up… Learn self defense instead. 3
  • 4. This is not death by PowerPoint. I will try to speak English  - this is not an IOT – Internet Of Things Course - this is not a deep technical course - This is not a thesaurus of everything… - Anything not clear, do interrupt immediately - Short questions please. 1 liners… - We have 60 minutes. - Scared of signals? Wear a tin foil hat  4
  • 5. Connectivity, Signals & Devices, Data. brain actions Communication linkslinks links observations input inputinput Decisions/processing Doubt Uncertainty Fear 5 data information
  • 6. Data, Information, Usage Comparison to the Concentric Circles Theory (Rogers) / 3 levels of consciousness 1. core self is the set of values and opinions that you keep to yourself. 2. private self is your performance to your closest friends and family. 3. public self is the more superficial version of your identity. Now we compare this to the machine & online world… 6
  • 7. Security Layers. Data, devices, information, usage. Concentric model used in the security business Data that can be (ab)used when exposed. P&C data Unknown device / signal Unknown entity gets intel A device captures data 7
  • 8. So many devices.  Huge amount of devices are on the market  IOT >> even more and smaller devices.  What are all they doing? Why are they there? Any data collected?  How to determine if you want those devices in your network or proximity.  There is no time to analyze what they are all doing?  The question is how to disable / identify / control those (un)known devices? 9
  • 9. 20 years ago - quick comparison. Bigger capacity, power & reach comes now in smaller and cheaper format. Easily available. Mobile. Multi-functional. Question: has human behavior/society it’s understanding (laws, enforcement) adjusted enough to the risks that come with progress and any great inventions… How much are we aware of the effects off increased processing power, signal presence on our daily lives, work, companies/organizations… (Bigfoot HDD 2 – 4 GB - 1996)… SanDisk 32GB Etc… 8
  • 10. Lot’s of devices in use.  GPS (maps, tracking)  Cellphones, Smartphones, Mobile devices  Fixed phones, landlines  Game Consoles  CCTV camera’s, Normal Camera’s  Sound Recording devices, mp3 players  Radio, TV, monitors  Much more high powered sensors detect:  Sound  Vibration  Motion  Heat  Water, humidity  Electricity.  EMP  Dust & Chemical Components  Etc.. Not just FM-radio, TV, Phones Walkie talkies / CB… 10
  • 11.  Devices that use radio transmitter/receiver on a certain frequency (FCC regulations). Surrounded by all sorts of signals. UHF / VHF Infrared Laser.. Etc… 11
  • 12. TV’s, Media Centers, Media Players etc..  Many of these devices have become smart and are linked to the internet. (meaning they require a login/identification and are getting data, ID’s.).  Example: if x knows that your tv is on, then x knows you are home + watching this that.  Legal issues: Example Vizio Inc Settles Smart TV Data Gathering Charges for $2.2M. Issue: illegal collection of second-by-second data on consumers -- information such as sex, age, income, marital status, household size, education level, home ownership, and household value -- to sell to third parties, most of which would target the consumers with advertisements http://www.cio- today.com/article/index.php?story_id=021000OCI6XC  Compare the issue to your own company, what data is being collected.  In your own company the Data Protection Act also applies. 12
  • 13. This is all regulated, “there is no issue”.  Maybe, how about the small DIY boxes? (Arduino based, etc..)  We are unable to trace violations, so why bother?  How to enforce in our own environment?  What are the risks and things happening now?  How expensive is enforcement?  What type of detection equipment is required?  How to adjust internal regulations and contractual agreements?  Legality of monitoring employees & their devices (example activtrak.com, whoisonmywifi.com).  Psychological effect on people of a police state like company culture (more VPN, more hiding, cat & mouse game).  Once you start listening; ask yourself who else is listening?  You collect data. Is it stored safely and encrypted. Can it be hacked?  How about the signals that are not regulated, hidden devices? 13
  • 14. Frequency Allocation Chart. Radio Spectrum. https://www.ntia.doc.gov/files/ntia/publications/2003-allochrt.pdf 14
  • 15. Listening devices then  Era: 2nd world war, cold war 1970 18
  • 16. Hidden Listening Devices Source: http://spymuseum.com/great-seal-bug/ • The Great Seal Bug (also known as the Thing) - Moscow, 1945 • a listening device was implanted within a copy of the Great Seal as a plaque to the United States Ambassador to the Soviet Union W. Averell Harriman. • contained a listening device that was hidden in holes drilled under the beak of the eagle in the plaque. - powered on remotely by an electromagnet energy source making it very difficult to detect. - microphone hidden inside was passive and was only activated when the Soviets decided to turn it on. - did so from a van parked outside of the ambassador’s house in which they ultra-high frequency beams at the house. - Activated, the microphone would transmit any conversations coming from within range of the bug. When they turned the beams off, the bug was virtually undetectable. 16
  • 17. History is repeating itself Today: some users will be fearful of data theft and surveillance, hence they might buy into detection & jamming systems if affordable and useful. Growth of Cyber Security companies, professional hackers, etc.. Since internet kicked into higher gear, after the 1990- ties. Correlates with uncertainty, visible violence in society/public life, (cyber) terrorism, political climate… An Example of new market: the preppers + gadgets 19
  • 18. Now we are in a new type of cold war.  Be prepared.  This not is an alternate fact/reality. “they” are trying to make us live in fear so we buy into certain products & services. Or vote for Donald Trump (example).  Action: do a simulation of a total breakdown of your infrastructure and see how your company/organization would re-vive it’s core processes. Simulate a crash (on paper and in reality).  Establish contingency strategy and recovery procedures.  Imagine how much it will really cost to go offline during an attack and what will be permanently lost or damaged? 17
  • 19. Listening Projects now  Example: PRISM (NSA) UTAH Data Centre http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet 20
  • 20. Example of simple listening device  http://www.bug-transmitter.com/  Simplier version Locally in KL: Pudu Market Voyager 3 FM Bug UHF Transmitter - Uses 9Volt battery (25 hours life) - Special battery: 400+ hours - size: 32mm x 15mm - +800mr transmission range in the open using a car FM radio - 90mr upto 500mr using handheld FM radio - Frequency: 88Mhz – 112Mhz - longer range if in line of sight - link to a UHF walkie talkie (5km) Listening Bugs are getting smaller 2 – 3 cm DEMO AUDIO BUG 21
  • 21. More Camera Spy gear… Demo Ghost Simple Detection device Basically anything that runs on 12 or 5 volts / 2 amps can contains video, sound bugs. 22
  • 22. Credit-cards with NFC or RFID chips  Visa PayWave,MasterCard PayPass, American Express ExpressPay and Discover Zip.  Problem with RFID cards (unless inside a protective cover) is that they can be read or copied from a few inches with a portable RFID / NFC reader  DIY NFC/RFID Reader https://youtu.be/oVByBK6LJHY https://youtu.be/w_vYuLyfw3E 23 Visa payWave is a form of chip card technology. Like chip cards, it uses an advanced computer chip embedded in the card's plastic to perform secure transactions https://usa.visa.com/pay-with-visa/featured.../visa-paywave.html
  • 23. Heat Signature on Keypads / ATM. Thermal Imaging Device / FLIR http://www.flir.com/flirone/ios-android/ https://www.consumeraffairs.com/news/thermal-imaging-devices-can-steal-your-pins-and-passcodes-090214.html https://youtu.be/8Vc-69M-UWk 24
  • 24. Digital Warfare - Norske Attack Map  Global Attack Map of know attacks.  But what is happening in your own network?  Who is ‘attacking’ who?  What is there to get?  How to manage this? http://map.norsecorp.com 25
  • 25. War Driving Scans while moving Records automatically Maps Wi-Fi Access Points GPS-based (LAT/LON) Data mapped on Google Earth / Maps. See also apps that show Telecom Towers 26
  • 26. Packet Sniffer, Mac Address listing, IP Matrix  Know that your packets, passwords, messages can be captured easily if not encrypted.  Not in the scope of this presentation http://www.colasoft.com/ 27
  • 27. So how about DEFCON Indicator for your own local system?  How many devices in the network now (FING, WhoIsOnMyWifi.com etc..)  How about a “simple” indicator instead of looking at the processes and analytical expert software (comes later, done by security IT people).  How much total Gigabytes are going out / in now?  Connected Devices Display (how many devices in your network plus how many radio’s around you.  Example: why would there be 100 radio signals in your office when you have only 50 staffs. Make an inventory of the function & location of these devices. 28
  • 28. DEFCON Alert Levels – Find the rat(holes).. Make sure to be aware Make a real system Not just a policy Mind the GAP Hire the right people Find the rat Catch the thief Find the spy Get real! 28
  • 29. Signal Jammers High Power 12 Antenna Jammer that blocks WiFi / GPS / VHF UHF LoJack RF 315/433 / 3G 4G  Useful for boardrooms, to keep the room signal free.  What if disgruntled workers jam your signal?  During communications failure hijacking might happen.  What other alternative means of communications you have? 29
  • 30. Drone Signal Jammer  Scenario: drone invades your territory. How do you take it down?  Market: Police / Enforcement / Security Companies. Drone Jammer 6 Channels Total Output 90W GPS WIFI Backpack Signal Blocker Up To 200 Meters 30 show
  • 31. Get a Signal Detection Device 31
  • 32. Military Jammer Version (SWAT) Issue: What if the bad guys use this to block out communications? How to detect jamming? How are your procedures & Staffs equipped to deal with attacks? How disturbing can a miniature version of this type of device be? 32
  • 33. More devices available at very low cost >> more wide spread usage.  Many business opportunities arise here  Many privacy and security issues also  Anybody can buy this anywhere (eg. Lazada)  Gearbest.com, banggood.com aliexpress.com…  >> more reason to use detection agents. 33
  • 34. Wi-Fi Jammer – smaller. 3.5usd https://www.youtube.com/watch?v=oQQhBdCQOTM Cheap Wi-Fi 'Jammer' Device | NodeMCU https://github.com/spacehuhn/esp8266_deauther http://seytonic.com/2017/02/03/nodemcu-links/ 34 Imagine Starbucks without Wi-Fi…
  • 35. ESP8266 Wi-Fi  3 – 5 usd (original or China copy)  Easy to program via Arduino IDE software.  https://github.com/esp8266/arduino 35
  • 36. Very Small & Powerful Anonymous Bluetooth, Wi-Fi can be programmed into anything. Untraceable. 36
  • 37. EMP – Fry or Jam the radios… Source: http://www.instructables.com/id/Destroy-Any-Device-With-EMP-Jammer/ An Electromagnetic pulse jammer could be a nuisance and even dangerous around medical equipment. Issue: how do you know if these devices are present? 37
  • 38. Wi-Fi Tin Can Directional Antenna. Demo material Issue: - big problem since easy to make: - Difficult to trace - Attacker can be far away Counter-measures: - Hide SSID - Don’t expose wifi to roadside - Special window-blinds / maze to keep beams out - Etc. 39
  • 39. Hack Rifle. Wi-Fi Rifle. The Wi-Fi card is an Alfa AWUS 036H. The gun itself is an airsoft rifle. Cheaper than a real assault rifle body and much lighter. 40
  • 40. How to detect these signals? (indoor device example)  Frequency Counters & Scanners >> detect and determine the signal. 41
  • 41. Apps.  Glint Finder (show demo)  Electro magnetic field detector  Fing Network scanner  Spy Monitor (what is connected from where)  No root Firewall (block access in/out) 42
  • 42. Simple Things work, start today.  Indicator that shows how many devices are live (tx/rx) in your area, building, office or home  Simple display that security staff can understand  Low cost bug detectors that indicate the presence of 10Mhz to 6000 Mhz frequency 43
  • 43. What to take away from all this?  Implement simple solutions NOW to detect radio devices.  Use jammers and blockers to enforce on the spot  Adjust procedures & policies.  Start listing risks and make an inventory of your weak spots  Do a total breakdown simulation. Test emergency response systems.  imagine the disastrous effect of sound recording of p&c meetings leaking out on social media (PR disaster)  imagine the difficulties in legal affairs if the “enemy” has recorded conversations or is listening in to current conversations  Your points…. 44