What I saw at #30c3

The original post comes from the author’s blog at http://h4ck.go.ddamn.it/.

This year’s CCC congress, 30c3, took place at the Congress Center Hamburg from the 27th to the 30th of December. From a pragmatic perspective, it was the occasion to draw 111MWh of electrical power, for the NOC to get 20 abuse phone calls as well as 653 abuse letters and of course to play with 1.4km of yellow tubes of the Seidenstrasse vacuum-cleaner messaging system (demo).

30c3 came with its bunch of historical moments. To pick a few, Annie Machon (@AnnieMachon), ex MI5 whistleblower, came on stage to tell us about herself and her vision of the USA’s intelligence strategy of the last decade (The four wars). Also, Sarah Harrison, the British journalist who was with Snowden in Hong Kong hold a talk (incomplete) with Jacob Appelbaum (@ioerror) and Julian Assange (@wikileaks). Finally Jacob Appelbaum presented us in “To protect and infect part 2” the last Snowden revelations about the NSA TAO entity and its catalog of  advanced exploits of any kind just before the international press.

The technical side has not been at rest. In the mobile world, Karsten Nohl from srlabs.de blew us again with his talk “mobile network attack evolution” by demonstrating remote OS-stealth java software installation on SIM cards, the release of several opensource tools (simtester, gsmmap-apk) as well as a new version of https://gsmmap.org/, a collaborative website presenting a by-country security status of the mobile networks.  On the same topic,  Ralf Philipp Weinmann (@esizkur) explained in his talk “Baseband exploitation in 2013” that Qualcomm baseband chipsets, representing 97% of the LTE market, can be pwnd and thus make you mobile phone a nice, stealth technical mole with transparent access to the mic, the camera, the GPS,… To continue on the exploitation track, Patrick Stewin (@patrickx27) demonstrated in “persistent, stealthy, remote-controlled dedicated hardware malware” how to own the Intel AMT platform to gain direct, stealth access to DMA and then either generate / intercept network traffic in an invisible way for the host and get high privilege access to the host OS. Another brilliant talk by bunnie (@bunniestudios) and Sean Cross (@xobs) “The exploration and exploitation of an SD Memory card” where they demonstrated how they were able to talk to SD card controllers which opens crazy exploitation possibilities. Stephen A. Ridley (@s7ephen) talked about his way through embedded exploitation in “Hardware attacks, advanced ARM exploitation and Android hacking“. On a more offensive fashion, @botherder and @headhntr told about their brilliant analysis of the finspy governmental spyware, the way they discovered about it, analyzed it and uncovered the C&C servers around the world in “To protect and infect“.

On the fun side, Felix Domke (@tmbinc) presented his journey into extending his car with python with the bluetooth equipment as well as the CAN bus in “Script your car!“. Piotr Esden Tempski (@esden) presented the history of civil “Drones” as well as all the necessary information on today’s hardware and software to start in the field.

Last but not least, J. Alex Halderman (@jhalderm) presented in a brilliant talk “Fast Internet-wide scanning and its security applications” his wire speed port scanner Zmap. He talked about the encountered problematic and associated  solutions. Several applications resulting of scans he made were also presented among which the discovery of Tor bridges, the detection of service disruption after natural hazard (Sandy hurricane), and the gathering of public SSH keys on the planet to find oddities.

I had the chance to participate in quite some other talks going from hardware bitcoin wallets to OPSEC propositions to combat NSA global surveillance, FSF tricks on vulnerability disclosure, white box cryptographyFrenchies ISP providing neutral Internet access, and organized crime in Brazil stealing ATM with USB keys.

Happy listening!


30c3 main homepage :https://events.ccc.de/congress/2013/wiki/Main_Page

the schedule: http://events.ccc.de/congress/2013/Fahrplan/

list of talks: https://events.ccc.de/congress/2013/wiki/Static:Schedule#Fahrplan_Events

all the recordings: http://media.ccc.de/browse/congress/2013/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s