So I went to DEFCON last week in Vegas, and it was great fun learning about all the ways software and hardware isn't safe. It's definitely different from SIGGRAPH (well obviously) in that the SIGGRAPH crowd is concerned with high math and creating art, whereas the DEFCON crowd are hackers in the traditional sense of the word. Both are pretty amazing. Hopefully I'll get to go to some convention next year as well.
Two of my favorite talks were about Femtocells and Schlage locks:
(1) 'I can hear you now - Traffic interception and Remote mobile phone cloning' by ISEC Partners on how they got root access to Verizon's Samsung femtocells and wrecked havoc with it. Femtocells are bible-sized cell towers for homes/ small enterprises that were invented to offload 3G connection. If your phone's on that provider and the femtocell's signal is stronger than the base station, your phone will automatically connect to the femtocell without user interaction.
Unfortunately, their security is pretty weak for how potent they are. Getting root access is easy, and your phone also gives its unique ID to the femtocell, which means that if this information is written to another cell, your phone is closed and an attacker could drop calls, get SMSs, listen in on your credit card/ SSN-getting conversations with some marketer. All without physical access to your phone.
Cloning is not the only thing. The femtocell itself can record your calls (one can decode the encrypted speech signals by grep-ping for the codec), capture your SMS packets, and smartphone data is plain text so since data middling is easy an attacker could show your a fake Chase login and get your username/password EASY.
(2) Key duplication for the high security Schlage Locks by the MIT locks club. Schlage locks are extremely resistant to picking because of the extra line of teeth running across the side of the key. So these lock hobbyists turned to key duplication. While manual cutting takes a practiced person with the right tools less than an hour, ordering a 3D printed key is much cheaper and more reliable. They wrote 100-lines of code which makes use of a modeling library such that your just have to note the teeth combination of the key you want to duplicate, feed it to a function, and out pops a 3D model of the key. Since 3D printers have sufficient precision nowadays, and are cheap ($1-3), it's a simple matter of filing an order online and waiting for the resulting model. They found that hard plastic was durable enough to open most Schlage locks.
