>> The basic topic of my talk is the bruner phone DDoS. It was a two dollar a day experiment with on of the Verizon plans that I, uh, found, so.. It makes about 70 calls per minute depending on the actual towers that it’s on, so.. And the I I have it migrating, and I'll go through that pretty quick here so. Okay, who am I? And what is this talk about? I don't like this part. It's a little bit about me, I've done pen testing for ten years. I went through geoscience in geophysics. Got tons of certs. Nobody cares.   ‑ ‑   ‑ ‑ Reservation buzzing. About nine years of pen testing as I said. Tons of compliance. Tools of the trade, I'm going to go over some actual devices that are really nice compared to a rubber ducky. So, creation of call bombing. That's what I'm going to go over with here. And I'm going to do a demonstration here and here's the  ‑ ‑ does anybody use rubber duckies on any sort of pen testing audits or things like that? Anybody play around with ten (indiscernible) 3.0? Yeah. If you combine the two in an iPhone SXISHGS do have plans if you guys want to use one. And all it tacks is a HAET gun. It works a lot better than the plastic USB. This is an R[F]D badger. It's a (indiscernible) center to it. When they move in the chair, right now it beeps. Every time they scan their card. It's not cog knee toe, but it definitely gets the job done. Okay, right at security convention, I'm just going to go over these quickly also. Denial service is when legitimate services of any kind are denied to people sending false or over flow of information. Telephone denial service is  ‑ ‑ I haven't seen as much of it on the wild as I thought I would. Especially the incidents we've seen throughout the years and a lot of the activism type stuff. And basically calls up, there's a [P]RI. A lot of people don't have telephone service for the most part anymore. Most of it's getting switched (indiscernible) and computerized services. That's something that is definitely in the wake now that's it's more on the internet. Instances of [T] dots that I have seen in the wild is bank fraud. Present theft. For example if my card was being used in Texas at some gas station of some choice, Wells Fargo will actually try to call me. And the current reasons I've seen that is they actually TDOS people's phones on some of the (indiscernible) port parts. Let's see, bank transfer mule scams, that's going on in LA and California a lot. Where they tie up the phone [lines on the call center for the actual banks. And unintentional spooked caller ID scamming. That's one of the biggest ones. That's the reason I'm here is because a couple years back, I came across using three calls in the morning right before I moveed to Minneapolis. It was a new phone number so I was assumed it was a call of the previous owner put themselves in some sort of system, but when I called back, it had a spoofed caller ID. So there was this old man in I think Delaware that was getting probably, close to a hundred forty calls a day. I did call him later in the even and he said he was changing his number. There are government facilities  ‑ ‑   ‑ ‑ that are getting tons of actual illegitimate calls and it's tieing up their lines of service. So political motivated act VICHL. I have seen a little bit about it in the wild and I hear about it in the news all the time. Here's the current methods of TDOS. The caller ID redirections. That's one that I'm going to go over in some brief detail. There's actual mall ware on phones. ‑ ‑   ‑ ‑ umm, the most of the methods right now. (Audio stopped.) That are being used are actually hijacked [P]RI and (indiscernible) services. Provided sip services. So script loaded. That's the last one I'm going to go over actually, it basically loads phone numbers into pregenerated web pages, and it's pretty decent. And as far as actually. (Audio stopped.) Very little work. So the first one I'm going to go over is the caller ID reflection attack. There's spoof caller IDs, apps on the phone that is call the servers, things like that. I'm sure everyone's got a blocked number or a friend that's messing with you one day. Basically, with this one [P]RI server you can make 23 calls second to people. You can cycle through lists depending on what the actual software running on your computer would be, and it would IE tie into a soft phone situation. And call literally hundreds of people and they'll call whoever the spoof caller ID person. And they'll believe that's the actual person who called them. A lot of them won't, I don't call back a number if they don't leave a voice mail. And (indiscernible) TDOS for you. So what this does is an actual script that hold several thousand  ‑ ‑ I think it was 46 or 4800 actual Realtor web pages. (Indiscernible) captions. (Indiscernible) V[S][P] exact of the lot of the same stuff in them. Very easy to generate. You put the information into your text fields and as you can see, right here, it'll actually put a name, phone number, things like that. So, that's one of the instances of getting TDOS in. And here's a list of the header. They're a little bit larger. So people can see it. And yeah, like I was saying about 76 of the web pages out there have  ‑ ‑ they use pretty much the same template or a pretty close version of the actual. And I just wrote a box of the web pages searching for key words. Anything with millions numbers. That's why I chose Realtors. It's specific to them so. So yeah, bot nets are infected smart phones. There are a couple out there. This is just kind of natural. The next is smart devices. So, if there is an increase on the (indiscernible) phones you all know. That's one of the risk, we gladly take. I want to go into now how I weaponized the OAM cell phone. The prepaid cell phone we're talking about is actually a Sam sung U 365. I'm sure everyone at some point in their life has actually owned one of them. They're very common phone. So if they're running the brew 3.1 operating system digital service. It's a really, really nice phone, I think they cost about $eight for Verizon, and you can buy them for $12. And the actual chips that's in it, that's one of the reasons I was able to do the exploit. Most of the smart phones out there have application processes. These have one single 100 mega hertz processer. And the actual attack would work on any value chip set. So any of the U[S]C 6050 and 6055. So. Here's a little bit of personal research I've got here. So yeah. Yeah so, they have other nefarious uses aside from [T] dots. And D dots. And there were three security features that were built into the the device. And umm, the developer editions of these models support American unlocked. Feature sets and I think thises like that. So what I basically did is wrote custom firmware for the device. And I will talk about the way I was able to bypass and get sort of a pseudodoe signature at least the device (indiscernible) movement. And loading the actual recompiled operating system. Because every single phone vendor has their own operating system. So I wrote my own, not my own, it was a modified version of grew. And I will go into detail for that in a little bit. So yeah once again, there's no application process sorries, is anybody in the room looking at getting into cell phone hacking? And don't? This is the perfect phone for doing it. I know you can buy these things in bulk for $8 a piece. And the (indiscernible) have [P][S][N] numbers you cannot activate with regular service. But if you guys wanted try them out, you can get locked ones. That's a Verizon account or burner phone for maybe about six months or a year, you can pull them in the normal [line of service. It was written in C++. We got any C++ guys in the house? Anybody program that? Okay, awesome. That definitely, if you feel right at home, so, and umm, that's very like I said, it was very, very easy. I have no experience. I've root add couple phones, but it was always else's tool and I was interested in. So you guys will be able to pick up one of these phones and start dabbling, it's amazing. I thought it had to be in a table. Something to get that little gap over or something like that. So that's what it took. I think it took like 15, 1620 people in a whole community to break some of the other phones out there. So that's what I'm saying. This is an amazing phone if you want to get into cell phone hacking. And there's actual features that are built into it. When I saw it was I ringer, I thought it was an iPhone type deal. But it's definitely not. It's an actual, the way it boot it is actual ringtones in the computer, (indiscernible) the actual phone. Sorry about that. I'm able to actually interact with the (indiscernible) speaker. So that's, it's the way they had them built. They had them built for a lot of extra stuff for a lot of expansion. And ways you can push  ‑ ‑ for example, if you want to save your battery time, you push to a screen that doesn't exist. And the screen doesn't light up during calls.   ‑ ‑ justideling though, this phone is amazingly FIFRNLT I've literally left one set of my DEF CON talks and speeches I was at before, and it's been going for seven days and the battery still has three bars. Very, very efficient phone. And it's  ‑ ‑ I'll show you some ways to (indiscernible) to it. Where you can get it to go through an entire five‑ day cycle. You buy these phones for 12 to $14, and it comes with $10 prepared. And $2 a day for unlimited calling. That plan in itself is pretty amazing. Yup, and clam type phones. Everybody familiar with those. They have some features where they can tell if the clam is open. And the developer, an OE edition operators on it, the type one I [compiled, you're able to bypass anything. Imagine everything on that phone and you can for the most part interact with it. When the phone is actually closed, I did run into some problems, the ones that have extra screens you can push it into and things like that. Yeah, became a lot simpler. I would go to sleep and be thinking about it. Like ringtone. Because that's how the actual payloads are developed. You can develop your own, which are basically mall form ringtone packets. It's not something they would have to rewrite. There's a lot that you can interact with. Mall form ringtone generator. And you can actually load them in that way also, so. And here's a modified executable was the way that I actually loaded the actual firmware into the phone. And the certificate expired in I think it was 2012. So a certificate from 2006 to 2012. This phone's been out for quite a few years. So yes, basically the expiration process is the way I was able to load what looked like would have been vendor sign specific. All I had to do  ‑ ‑ it was a simple work around, I can't go into too much detail I guess. I haven't heard about from call come on it. So this error is exploited by modify executable. It'll open up a couple of the other interfaces, the way I recompile it had loader of the firmware, with any valid certificate. So quite literally  ‑ ‑   ‑ ‑ it was made to be easy. For you know, quite literally anybody can just. (Audio stopped.) Takes about eight‑ minute, the first time I've been loading the last few ideas, they were right around that eight‑ minute range. So. It allows for one second, the entire full attack surface of the computer. So  ‑ ‑ or the actual phone. So, and it's amazing. You can enter, you can actually do a lot of the bluetooth functionality that I'm totally excited to have some time again when I get home. I thought of a couple things and people have talked to me about some things that would be really, really nice to have as a payload on this phone. So yup as you can see, the driver device information are now supported by expired certificates. And that's the main reason (inaudible) by pass. And that's what I'm saying A community on the focal, keep these types of things up and not use. It was a value chip set. From what I could see, a hard time to get people to develop applications for it. That was one of the reasons I was able to get quite literally any information out there. You know, I did sign up for a couple things here and there, but as far as I was able to find most of the stuff online. So. And as you can see, it expired in 2012. And yeah. I did, like I said, the work around was a modified. Executable and it was on the Sam sung side. So it was very, very out dated. And there was no bad on their part. I wouldn't  ‑ ‑ this phone is very, very  ‑ ‑ they don't make them a lot of money off of them. So I would understand from their aspects so. But umm, yeah, with a simple host files work around with custom filed executable. So. You can quite literally modify everything on machine level with some of the drivers and just the way it was blocked. It was extremely simple. I couldn't believe how simple it was actually for, I'm not much for cell phone acting. I've never been part of any communities and I developed a couple apps here and there. But it was very, very minute back in the day. And here's one of the favorite parts of the phone. One of the feature sets (indiscernible) roaming. And basically what it'll do is pull down (indiscernible) towers. So you guys we'll triangulate your your house. You can lock it and do a random stand off on three of the tours. So for the most part, it would be impossible to triANG late depending on how randomly (indiscernible). That's also the vulnerabilities where it's able to  ‑ ‑ the way it was able to interact with the towers, I was able to make 70 calls a minute. So there's no no reason at all why it should be able to make 70 call AS minute. That's another thing, the GPS functionality was very easy to turn off. I found out it doesn't turn on fully until you make a 911 emergency call. It looks like some kind of interaction with towers on regular basis. But the GPS information I was getting was very far off. So, as you can develop applications for the attack platform by (indiscernible) software written on the phone. You can try it out. I've wrecked several of these devices. And one OFLT actual ways I wrote one of my ringtone packet's was, one of them was, that would be cool to be able to break the phone. By putting the ringtone in there. And I'll go over that one in a bit so. But I'm saying, you can try them out, (indiscernible) 65 them. And yeah. It's pretty amazing to be able to play with them before you get them loaded on the actual system. Okay, so now you have an unlocked platform. What now? And umm, that's what I'm saying, the attack platform is full control of the devices on the phones. And this is some of the payloads that I actually did. The call bombs was obviously one of them. Some of them are default ring tones left in there. I sent my number on a number of another phone that I want to actually have, do the  ‑ ‑ it'll call whatever number in the text message 70 time AS minute until the battery dies in the phone. That's an extreme amount of calls in a short amount of time and practically untraceable. And the other one was if I ended the five‑ day cycle, I set an alarm. So it'll actually break the phone. And if somebody was a little bit better and had a little bit more time in programming stuff like that, it would probably turn off the flash types scenarios on the phone. So there'd be ways to make it unrecoverable. So you do have full access to the actual phone and all the devices and interfaces on the phone. Everybody know what a cheese box is? Cheese box is what bookies used to use. Where people would call in and would anonymousize their phone number on the back. It wrote a ringtone packet which helped me to deliver the ring tones. They bluetooth to one another. And able to pass the phone call through. So I call in one number or have friends call in one number, and after a random am amount of time, you could put 155  seconds on  ‑ ‑   ‑ ‑ be on different towers. You could have two phones but be on separate towers. So it would make it entirely anonymous. I know there are services that do form forwarding and proxying. And things like that. But this would be something you could set it up in 1520  minutes at your house. I could think of many reasons  ‑ ‑ this is one of the ones that. (Audio stopped.) And maybe back in the day they used it for, I'm sure people would have other reasons for doing it. But there's other reasons (indiscernible) iPhone numbers and things like that. So this goes to show here, you can connect up to three devices so you could have random call out numbers even. And basically I was trying to do a commanding control thing with an actual smart phone. I didn't have time to complete it. And let's see. Call time is passed. Okay. And that's basically, like I said, an untraceable proxy. Yup, this is another one that I think a lot of people would have interest with, a lot of people are familiar with war demand back in the day where they would be able to find modem numbers. This one's basically for finding voice mailboxes. You can turn the U 365 platform into an actual crawling platform where you could go through entire phone (indiscernible). Or do actual voice mailboxes and businesses. And it'll (indiscernible) [P]C. It'll pull  ‑ ‑ it'll pull twice so it get AS voice mail. And then on the third one, it'll actually record the voice mail with an actual program I wrote for my computer. And the on the next page you'll see, you can  ‑ ‑ it comes up to 900 ringtones, or 900 of the actual numbers that you called. So you can put ranges in. The portion of the script on the bottom is for that one, stuff installed wrong, I apologize for that. It was just comment stuff. I know the original version looked like an Nigerian e‑ mail F. You guys look on your disks, if you wanted a updated slide presentation, feel free to e‑ mail me. And basically, the program that I added two things, it would horde MP3 to crawl mailboxes anonymously. And the second one is for actually programming the phone I attached to five of these to my computer at once. And just hit the go button. And it gave me California prefaxed phone numbersment once in a while, this kind of thing would be easily mitigated by people actually changing the options once in a while not just so people can just SPAM through them. So. Yup, and umm, here's the prepaid cell phone and in its glory. I just love it when I have a cellular USB attached to it. There's actually low energy mode where I can (indiscernible) have the thing calling. A little over 30 calls a minute. Stably with a USB charger. And just toss it into a lamp fixture. Anyway, that's like a public facility. It stayed stably charged  ‑ ‑ I tried it out with the, what was it? A 60 or something like that. And it went about a day and a half still. I was very impressed. That USB cellular charger was $6. I didn't know they've gotten it cheeper. I would have bought it a lot earlier. With these phone, with the way I write my ringtone packets, there's a couple options like you compile them or do really energy efficient. And you could do so much time basically where you could just pseudoturn the phone off. That was another ringtone packets that that I generated. And like I said, these are anonymous purchases I bought. They wouldn't let me buy more than two of them per day for some reason. (Laughing) I don't know if they called and that was (indiscernible) fulfilled (inaudible). So. They wouldn't let me buy more than two of them a day. They're basically untraceable  ‑ ‑ I just love the idea of the pure REL (inaudible). When I perfected it finally, pulling it down and actuallying jumping through random towers, it was, I don't know, it's a very good  ‑ ‑ it would be nice for even something like this or you could do tower locking. I showed up  ‑ ‑ I've been in L LASHGS since the first. I've DN  ‑ ‑ there's son of (indiscernible) cells and fake cell towers in the hotels. This is one of the only conferences I would expect (indiscernible) deal of that kind of stuff. Total investment for a five die DDOS. ‑ ‑   ‑ ‑ unget grandfathered D[S][N]. (Indiscernible) 65 still (inaudible) pulse. The $2 a day plan. These things are cheep. It has a newer version of brew, it's 1.151. Which is pretty close to the same, it has an updated certificate. This would have to be other methods found. This is an amazing hand set to be able to play with if you're getting into cell phone hacking. And the phone being turned (indiscernible) monitor. And like I said, the firmware push, it's just using a special U[S]B cable. You don't need to crack it open and do a bunch of other stuff do it. It's quite literally where anybody can practically do it. So, that's when it becomes scary. You know, it's one thing like, how many people in here if they wanted to could hijack [P]RRI lines and ZIP code? Yeah. That's what I'm saying. How many people in here can go spend $12 at their favorite box stores? There would be a larger majority I would imagine. And that's when stuff gets scary. That's why I want to bring this to people's attention. I know there's like advanced methods out there. They're not that advanced once you understand and experience with those systems. But, it's just something I would not like to have with some of the DDOS methods. It's something where, it brings it a little more real world, a little more personal. It's one thing when your web page dose down, but another when your coal manager gets locked up on a situation. It's just on a different level. It's something where  ‑ ‑ I've worked on mitigation method where is there's a plug in for pall manager and pall manager express. Where it'll have a cap show up on the actual DWAS and system, and you know, their time a caller ID information that's plugged in, it'll send a challenge. So it's something that people will be able to load into the actual pole manager software. And another one is an an DRAD app. Like third time challenges. Something I know eventually will be used in the wild more. Yeah, it's near that kind of stuff. It's something that a lot of people, I think a lot of people aren't focussing on it as much as they should be. I've been seeing how much it's used in some of the bank (indiscernible)s and stuff so. So I was going to do a full blown demonstration of the TDOS, but there's something really weird about the cell phone towers that I was picking up in the hotel. (Laughing) so umm, that is the reason that I could not do my demonstrations to the fullest extent. And umm, yeah. It was amazing 'cause as I was actually booting it up, two of my phones didn't kick on to the actual tower. So as you can see at the beginning here, I had two phones kicked on, and it peeked it up and  ‑ ‑ it'd be running for probably about five, 15  minutes something like that. And then I had a little bit of peaks when I went from the four phone. When I went from the eight phone to the ten phone, it locked the BM one. It wasn't one gig running some older operating system. This thing was beefy. I think it was eight and change. For a life calling operating system, that is amazingly grade actually. But you put it  ‑ ‑ could have been an actual, like, think of the scenarios where you could actually crash a call center. Some of the biggest ones I think about is blocking a 911 emergency system. I could quite lit literally, I wouldn't do the call 911. The one that's a 911 basically translated into, and it could literally take down, I live in a smaller state, there's 600 something thousand people. It's growing a little bit with the oil boom, but it literally could take down 15 of these phones. That's scary. That could deny service  ‑ ‑ if used in conjunction with other federal agencies would be entirely wrapped up. They'd be looking for hints. If it was used in conjunction with some sort of terrorist attack, it would be unimaginable. And that's what I'm saying  ‑ ‑ as far as skill set goes, if somebody was to release this kind of (indiscernible) tool to the wild, it would be  ‑ ‑ like somebody could get fired from a pizza delivery place and for an hour later deny service for ten days for $10. That is just. (Audio stopped.) Crazy. And yeah, pretty much any organization, a person is disliked, it's just, stores during holiday seasons. There's lots of IRS around tax system. That would actually do financial damage to the actual infrastructure of the United States. And it's amazing how like a cheep, a little good phone, cheep phones, but (indiscernible) over the last few months and. I'm sad to see it go. Because they literally came out with the gusto free where they (indiscernible) into the mainstream. And I'm going to open it up to questions a little bit. And I'm going to do some talking if you don't like questions. I always like to give thanks to my wife and family and big guy for giving me computer (inaudible). And Tim for final (indiscernible)s and spellings. But I'd like to open it up for questions if anybody has questions. Do you have any mitigation (inaudible) perspective. >> Yup, I have an actual  ‑ ‑   ‑ ‑ call manager. SPS (indiscernible) specific right now. But that's just the world I came from. But it actually has, the third time it come calls in, it has its own (indiscernible) phone. Where it picks up and challenges you with the cap cha. There's 15 cap chas I developed at this point. Does that answer your question? >> Yes thanks. >> We should talk. >> Awesome. >> I actually spoke yesterday in sky talks on common  ‑ ‑   ‑ ‑ I guess the only TDOS scenario you didn't cover, which by the way your coverage of how they're generating this was excellent. I saw a couple I hadn't seen before. But the one scheme that's used is actually extortion. So they'll get somebody's information, you know, usually like loan that they're behind on or maybe some sort of criminal history and call them at work and say hay, you got to pay us 50 bucks or we're going to let your employer know. And they will just, you know, say the best thing we can do is take down your place of work. >> Yup. Exactly. Yeah. I'll be out in the chain smoking area after this talk. So. Anybody else have any other questions? Quite literally any question questions. >> Sure, have you looked into any of the newer smart phones (indiscernible) phones? >> (Audio stopped.) The reason I went for this platform because of this deep dollars. I have no problem leaving ten of them in a library charging. That's scary with the platform. Even if it was my older android phone, I finally got my two‑ year (indiscernible) phone or whatever. I would feel bad leaving one of those devices in places where so much information is kept. That's why I did it on the smaller platform. It's literally a burner phone. It is very, very DIZ posable that's what I love about it. It's energy efficient. 15  days idle. That's with the actual  ‑ ‑ if it wasn't doing phone DO[S]. That answer your question. >> I was actually thinking about looking at the newer ones. The smart phones. >> That would be very, very awesome. Rooted phones are pretty hard core out there. Pretty much it's understand lying on some of the operating systems is a basic LINUX description. That would be amazing to see what that could grow into. So thank you. >> Have you tried connecting the towers on on and off as fast as possible? >> I have actually. That's one of the ways when I do a couple [T]RL[S]s, (indiscernible) roaming. I haven't lost the 12  hours OERSZ  ‑ ‑ (inaudible) phone up when I do the full 15 for some reason. I've tried connecting and disconnecting to powers and pulling off of other towers and hopping mid tower. So. Does that answer your question? >> I was just wondering if you melted a cell phone tower (inaudible). >> If I melted? What do you mean? >> Well like (indiscernible) idle active or negotiate with the tower (inaudible) disconnect. >> It takes a little bit long especially on these devices to do something to the tower that would be harmful. But that would be awesome. But yeah, you guy KS get one of these phones. >> (Inaudible) use more phones. >> (Laughing) . >> Mine's actually (inaudible) kind of (inaudible). Why is there nothing in the background? SDP why is Verizon hay not 70 calls in two minutes what the hell? >> I would love to talk to Verizon about that. Because it was lopping towers and (inaudible) actually I know for the most part the towers aren't talking to each other. Or they're not talking the way they should. Is what I mean. >> Is there something like can Verizon eventually audit why are we seeing 10,000  percent more calls on these four towers. >> That's the exact reason I did this. To get it out there, that could of stuff shouldn't be possible. Especially  ‑ ‑   ‑ ‑ even if they want to designate burner phones, this phone in general, there's no legitimate reason for it. And that's what I'm saying we're  ‑ ‑ that's kind of the point I wanted to bring it out. There are things, there are very easy ways we can begin with. They could limit the amount of calls with the burner phones. >> (Inaudible) they do none of that. >> Yeah. I have  ‑ ‑ >> I am so surprised. (Laughing) . >> Yeah no, they're doing a good job of other things, but it seems like something  ‑ ‑ I would like to see what they would be able to do with it. So yeah. Does that answer your question? >> Yeah. Really well. Thanks. >> Does anybody have any questions? Quite literally no dumb questions. So. There's a gentleman in the back here. >> Have you tried this with text message? >> Yes I actually did fully unlock the [S]M[S] functionality. I didn't do any text bombing because I think there's [S]M[S] service is easy to do it with. But this would be entirely anonymous. It's a very cheep [S]M[S] gait way if you want to hack into a computer and send text messages for any reason. This thing is not only an attack platform, but quite anything you want to do on a phone. A couple of these you can do load balancing. And pretty interesting. I would love to see what the community could do with it. Does that answer your question? >> Absolutely. >> Awesome. What was your question sir. >> Have you looked at whether or not this can deal with a tower? >> Yeah that that's kind of what my next step was. But I don't know a good legal way I could do it without (inaudible) issues. (Inaudible). The company I do work for for a an engineering (inaudible). Actual stuff. I would like to disclaim on that also, this was done all on my free time. My work had nothing to do with it. Aside from, you know, having I guess a job. What's your question ma'am? >> So it seems more, I don't know useful, I guess, to tacking a call center. But I'm just curious like did you weaponize this against your home phone line or your cell? Just to like  ‑ ‑ what does it look like from the receiving end? Did would I get 70 empty voice mails from you or what would happen? >> About the seventh or eighth call, the your phone would deauthenticate from the tower. And literally, you would pretty much get calls for the next quite literally until the battery died in the other phone. I'm positive (inaudible). It just rings. It quite literally just rings. And then it has a computer behind it. A lot of it is getting through the actual cell. I didn't go to the point where I would block anything up. I wanted to keep this legal. Because I do have a job to keep and stuff. That's a good idea. Like I was say, the cell phone was the one that through me off and sometimes when it was (indiscernible) in towers, it would quit sending calling ID info. I would love to dive into it because  ‑ ‑   ‑ ‑ does that answer your question? Thank you. >> I have a question, how is anonymity achieved? Purchasing on Ebay or walking into a store. >> Anonymity on my part? I have literally bought most of them. The ones I was tinkering with, I didn't pay a homeless man. I'm not that paranoid. I didn't pay cash for them, but I didn't  ‑ ‑ (inaudible). No, I just wanted pick them up. I don't know why they do a two (inaudible). One of my HOER research materials I came up with. >> (Inaudible) walking into Wal‑ Mart and purchasing phones (inaudible). >> Yup. They have a couple, a bit of the information outside (inaudible). So you could, they could tell what Wal‑ Mart it was bought at. That's what I'm saying, I'm sure there'll be a web page (indiscernible) buy (inaudible) does that answer your question? Yup. Okay. What's your question? >> You mentioned a little bit about the inaccuracy of GPS. How inaccurate was it? >> I think it was 6070  feet from the actual  ‑ ‑ unless my phone was off too, but it looked like it was quite literally pretty  ‑ ‑ (Audio stopped.) You would have been able to tell the building someone called 911 from or where their truck went in the river or whatever that situation. But (inaudible) lock. You can change the functionality of, I think it was a star 228 function. There's another star functioning and you could adapt to them. They have a like a little bit more interaction with the system than the actual deviced did. That's what Amy sighing, you could reactually plug in, you know, your actual  ‑ ‑ you could lock in a location to the exact same GPS. As long as it's within the URL. I did find some  ‑ ‑ I tried to spoof Montana or everything like that where I went pretty far away. There were some towers I couldn't authenticate to. Does that answer your question? >> Sure. >> Sure. >> Could you DOS a net work (inaudible). >> You're talking within (indiscernible) cell DOS a net work? >> Yeah. >> I guess in what way would it be generating traffic. >> Yeah. >> On the (indiscernible) cell. Yeah, you could white list it out with the phones. You could have 50 phones and nobody else would be able to talk to (indiscernible) cell. You could do it with 25 phones actuallies. I think it handles fender cells a little bit different, that's why I couldn't do the demonstration of it crashing. (Indiscernible) [P][S]A (indiscernible). The 23 times five. Over 200 phone numbers. So yeah. Definitely. Does that answer your question? >> Yeah. >> Does anybody else have any other questions? Sweet. Awesome. I have  ‑ ‑ I hope I'm doing good on time. I want to thank you you guys for coming to see me speak. I don't want this gentleman to kick me off stage so. (Applause.)