Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DEF CON 19 - hackers get hacked!
From: "-= Glowing Sex =-" <doomxd () gmail com>
Date: Wed, 10 Aug 2011 19:55:00 +1000

android exploit attached to bad html file (alot like the myspace
hacking)...so whats s new... same methods, and same bs...
i just dont see any usefulness to what could be done anytime, and if you
were silly enough to accept ASNY files direct dl at ANY  **COn, expect it
:P~
but the method, is pathetically old, and, hiding behind some lame
android-root, as most of these ppl do... when i see them lever, linux, with
NO html, ill maybe like them abit :P~~

have a nice defbomb ... hehe



meh.. so whats new... hijacking a phone botnet would be fun but, i dont see
why would bother scanning for them.. when, i have and, theyre pretty
useless... well, maybe for android freaks...and, this is simple a root
exploit or, exoploit being levered, thru an LD

On 10 August 2011 19:21, coderman <coderman () gmail com> wrote:

while most were enjoying libations or talks a very interesting event
was taking place at the conference.

we're all familiar with the hostility of WiFi and GSM networks at DEF
CON, however, this year the most hostile network on earth was not
802.11; it was CDMA and 4G!

on Friday some parts of Anon and Lulz made appearance. by early
Saturday morning a weapon was deployed.



some characteristics:

- full active MitM against CDMA and 4G connections from Rio to carriers.

- MitM positioning for remote exploitation to ring0 on Android and PC.

- fall back to userspace only or non-persistent methods when
persistent rootkit unattainable.

- many attack trees and weaponized exploits. escalation from easy pwns
up to specialized techniques and tactics until success is achieved.

- simultaneous attack across CDMA and 4G connections using full power
in these LICENSED bands.

- operated continuously (except for outages :) from early Saturday
until 8am Monday.

- designed with intent: mass exploitation, reconnaissance,
exfiltration, eavesdropping.



how to tell if you met the beast at Rio:

- did you accept an upgrade for Android, Java, or other applications?
(oops)

- did you notice 3G/4G signal anomalies, including full signal yet
poor bandwidth or no link?

- did you notice your Android at full charged plugged in, but dropping
to <50% charge once unplugged?

- did you notice 4G download speeds at quarter of usual, yet uploads
over twice as fast?

- did you notice Android services that immediately respawn when
killed? (Voice Search?)

- does your Android no longer connect to USB debugging yet adbd is alive?

- does your PC have an sshd that cannot be kill -9'd?

- did your Android crash - a hard freeze, and then take a long time to
reboot?

...many other indicators, but for now that's sufficient to express the
point.



if you met the beast, it seemed to have a nearly perfect success rate;
your odds not good.  in fact you probably didn't even notice as it
pilfered bytes off your devices and monitored your conversations.

i have waited over six DEF CONs to meet an adversary of this skill.
i was not disappointed.

did the talks suck this year because the good stuff is under NDA?
clearly a lot of you are selling out...



to those who got pwned, i would be interested in your experiences and
binaries:
 ID 9B65F087 , FP = 1029 E3E0 F22A C73D B2D6  468F 2798 76BB 9B65 F087
 gpg --keyserver pool.sks-keyservers.net --recv-keys 9B65F087
 gpg --keyserver subkeys.pgp.net --recv-keys 9B65F087
 gpg --keyserver pgp.mit.edu --recv-keys 9B65F087

to the beast operators, i hope to see you next year!
 (and get your availability deficiencies and network anomalies worked
out. kind of a shame you spent so much time and money only to have
your kit fall over again and again.  and thanks for the 0days :)


until next year,...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]