>>Uh, topic of this talk is opt out or deauth trying. It's going to be anti-uh, tracking, bots, radios, and keystroke injection. It's going to be throwing off brick and mortar stores. Um, the ways that they're tracking you. Um, everything from billboards, um down to the the basic uh, analytics and information that Google collects when you do searches and things of that nature. I'll have the slides in one second here. [mic bump] Sweet. I will get this playing here. [chuckles] Ah, there we go. Awesome, now you got some visuals to go along with it. So, as I said my name is Weston Hecker. Feel free to follow me on Twitter. I do a lot uh research during the year and uh I love helping people with projects and just security research in general. I'm going to go into a little bit of detail we’ll make it a little bit quick here. Um, about myself, I’m 32, work for NCR live in North Dakota. Any other North Dakotans? No OK. [laughs] [audience laughs] There's probably six of us >>WAHOO >>ah yea, OK There's one or two of them. Uh, let's look ahead. This is my fourth year in a row speaking at DEFCON, uh, spoke at Hope, um, Black Hat last year, lots of conferences, so I love getting out meeting the community. That's the reason I do these talks is to meet people like you guys. So, and I have been doing uh 12 years pen testing professionally and uh 13 years of research programming. Things along that and uh, I did a lot of ATM car hacks, um several IOT projects going on right now. Uh, reverse engineering malware things like that. Um, I'm going to be doing an uh, cool uh, attack on vehicle the, does anybody have a push button start car? You should definitely come down to the car hacking village. I'm going to demo um, uh, how to stop the relay attacks where pe..it it's a bas- basically people are using software to find radios to actually steal vehicles. So, I'm going to go into how the actual attack works, then I'm going to go into uh, some two factor authentication that I added that's built on a 12 dollar arduino project. So it's very cool. And uh a little bit about this research and what led to it. Uh, so as you can see Microsoft, uh, Window 7, end of life was all announced and uh, I mainly use Linux uh like a majority of the people here probably do, but I am forced uh to use uh, Windows for some applications and I had a quick uh, question I called one of my buddies and I'm sure everybody has that buddy that you call them for that simple about uh, um a some pr- uh some concerns and things like that and they'll uh talk your ear off about chemtrails for the next hour and a half. So, [laughter]. He's a very, very paranoid guy. Um, he's usually right though. Uh, he's uh, added uh validity several times when I've talked to him. So, and he's helped with uh tons of my research especially my uh, cell phone hacking one I did in uh, DEF CON 22. So, which, yeah that's basically I did as research I started uh, installing Windows 10 in most of my machines. And, uh, yea. [chuckles] Explains, uh what systems I've used in the past. Uh how they do in store tracking operating systems uh switching to Windows 10 like I was saying which is kind of scary, scary thought and uh searching search engines spying uh uh Google. I know they track all your analytics. Uh Bing probably does too, but nobody uses it. So [laughter] [laughs] And I'm going to go into actual uh billboard spying. Um there's a couple proto type billboards and I'm pretty sure I fried the one in Minneapolis in 169. Uh, I was doing some research on it. I had permission at that time. So, it's uh something that they want They're actually tracking vehicle TPMS sensors so tire pressure monitor sensors and they're profiling people off of vehicles and the actual advertisements so and yea, yea that's pretty interesting stuff. so, um, uh, just privacy is disappearing so I thought I would do a privacy talk and uh, yea. Explanation of the targeted personalized advertising so I'm going to go through a lot of the advertising um, personalized ads. Um, they're getting really, really creepy. They got really creepy for a while there and then they realized that people were getting creeped out and they kind of backed them off a little bit. Um, behav- behavior advertising cookies, um, I'm going to go into they track you on, basically, what your hobbies, automotive, electronics, travel, where you've been, things like that. Um, collection of non identifiable information, so they tell you that it's a lot of it's metadata but there's been plenty of talks in the past of how to reverse um, metadata. There was actually some medical ones where they had people that had um, diseases and things like that that they were actually to reverse able to reverse those two specific people once there was an actual uh breach. So, yea and uh real time bid information which is one of the buzz words that's out there so basically people are buying us like we're cattle and uh this is basically geared at jacking up every single analytical they use for it and making the data completely useless. And, uh, yea so they have software advertising displays. Um, uh private marketing um, PMP. Uh, basically wasting um, advertiser’s money and yea, there's uh explanation of technology uh tracking online so I'm going to go through some of them. I'm gonna explain how deep and dive in the operating system are and when you try to uh, uh neuter Windows 10 how it fights back. [chuckle] because it is a very, very intrusive operating system. Um, yea it's it's uh what's to be expected when you know they are pushing a lot of those updates and stuff like that. So, how it impacts the users. How it impacts the business. Um, I know that's something where I don't mind if you know they know what my mother's doing on a day to day basis or I'm sure she doesn't either, but when it's your actual employees, um, if anybody is in the sys admin or security uh admin role and uh it makes a lot of these call in services um hard to track, especially when we're trying to see if things are calling out or Trojans or droppers or any kind of malware is calling out and stuff like that. It adds a lot of tr- .unnecessary traffic. And I'm going to go into GPS tracking. I, uh, off of IP addresses, uh so on the whole they'll track what an entire company is doing. If they have one IP address, so. WIFI Beakuer- uh beacon information. So how they uh, actually go through cellular tracking and um, um turn on WIFI for accuracy. Obviously, uh everybody has their WIFI off here, but uh, there's you know, on in the average world when you're walking around the mall it's amazing to me the information they collect . And uh, yea, arts, entertainment this is some of the actual breakdowns of how ads are personalized and uh sales a bit. It's very, very boring stuff. I, I feel, [chuckles] that I don't need to go into much detail on this and I'm sure I've got a lot of you guys have have done a lot of research on actually running ad blockers or black holing advertisements. Um , I recommend that for everybody, not only just for security purposes but even legitimate web pages can have drive by attacks um, there are several exploit kits that um, um have had have drive bys in the past on legitimate web pages, place- pages that I would visit without any hesitation normally. So, and yea. So there are some uh good ways to stop tracking uh right now and I just wanted to uh uh give a plug to some of these they are all open source. Uh They're all free. Um, so they have ad blocker apps. They have um, actual black holes which basically the advertisers don't know that their ads aren't being showed, which is a little more stealthy. Um, Trackmenot is the actual uh hypervisor version that I wrote as a plug in for um, uh, the uh actual program at this IO address. It's pretty amazing it literally crawls the entire web [chuckles] web page that you send it to and it will click all the advertisements. In a safe manner obviously. Uh, but it basically jacks up a lot of it and I actually added a hypervisor version because they banned this plugin on Chrome. So I got it so it's working on Chrome again and it actually does um uh lots of XML injection er um a keystroke injection into the actual browsers themselves so it's something where um it happens at a later where you're not going to trigger a lot of the uh, I'm not a robot and a lot of the security features. So that is something I'm also releasing open source and it'll uh, I'll have a working version for uh VMware, that once it's out of the beta phase here, everyone will be able to download it and if as long as you have VMware workstation or um some of the open source will also work for it. So the OVAs you'll be able to launch them and uh, I'll go into a little bit of uh, other things that I am actually blocking from Microsoft. So, and uh yea. The e- uh- Privacy Badger is a really good EFF loves porting them. Uh, there's paid VPNs uh 4 dollars a month. You can get a decent VPN service. Um some of the free ones, who knows what they did. It's uh, [chuckles] probably worse than uh letting them know your advertising is some of the stuff that those IP addresses were previously used for. So that's something that I would uh definitely recommend that you do your due diligence when you're checking into that stuff so. And it's all a very good start um tackling some of the call homes um doing a uh actual blocker on the hosts files so it blocks a lot of uh Microsoft call home type stuff. Uh, turning off your peer to peer networking um for updates and stuff like that. So and uh what do I have against Ads Weston? That's uh that's what my wife asked me and, uh [chuckle], yea I know it's something that um I don't mind at all. I hate having advertisements. Anytime they offer something like uh, uh youtube red or something like that where it'll they still collect a lot of information but it's something where if I don't have to see an advertisement I will gladly pay for it. I'm not trying to uh, that's the way that the internet is free, I understand that. Um it's all, I will I will gladly pay for a lot of the uh, uh, premium services and anything that's ad free and uh even some of the android stuff it's uh amazing that you can't actually you know turn off a lot of the tracking and it's something that, um, as the more and more they they can snag you with the convenience and then they add some of the more intrusive stuff and that's just been happening over uh the last few years. So, yea and um I'm going to be able to um, um should go into some yea uh disable some of the browsing tracking. They let you know there's cookies. They try to do all these things to let you know uh, what they're doing or make you, make them look like they're more of an accurate and good demonstration of what they're actually doing but uh in a lot of cases, um, it it needs a little bit more intervention and that's why I love that there's uh tools like on these last page here that people can actually go out and do this kind of stuff. So, and yea, so basically drive by attacks, like I was saying even legitimate web pages um, uh, there's a lot of them that even the uh New York Times is one of the bigger ones that comes to mind. Um, that page they uh literally send out Twitter saying that their actual um page is breached, please don't visit it. So, uh yea that was a drive by I believe it was a java or a flash drive by attack. so it was literally just by visiting the page it would uh actually execute some of the code on there. so, uh since the late 90's it's been one form or another in tracking and uh they're um yea their uh deep diving they're getting their analytics more tight and uh it's been used in stores. Uh, the act- actually the brick and mortars I'm sure everybody in 2012 heard about these you know they're tracking everything and the stores that were doing it got a lot of feedback that was negative so they quit doing it and then they tried it again two years later, heh and uh they're right back up to the same old tricks. so that's something where um, in the in store analytics it's no problem at all I have no problem at all if people opt into it, um that's definitely like something if somebody wants to save 10 percent, 10 cents on their gas or something by all means if that's something they accept, I have no problem with at all with that, but it's when um, uh they actually you know start tracking cellular beacons of how many customers walk by, their attention rates, their dwell times in the store and things like that. I'll actually go into some heat mapping analytics and things like that. So, which that's uh, yea I have no problem at all with opt in programs. That's one of the biggest things. so they uh track some of the bluetooth cellular beacons, uh, wifi, uh, infrared and motion sensors, Um, yea, several years they began getting negative press like I said so uh there's been lots of of resistance on all forms of tracking. Apple and a couple of other several manufacturers are doing very, very randomized beacon information which is awesome to see and uh it's definitely been a long time coming for it. So uh, UK and other uh areas in the world been less resistance from what I've seen. I know a lot of uh, um. actual tracking that they have out there is pretty, pretty readily available. So, I'm told it's been turned into meta data and I've already explained about some of the weaknesses in metadata and reversing it and uh this the 45 dollar device that uh everyone single one of you should bring and go to the mall with you every time cause uh, this actually, uh basically what it is it's a huge uh wireless beacon generator and it actually it can generate up to a 150 beacons, um and they can be one of several things. It can either be, um, so it can either be uh, cellular beacon, so they make it look like a customer's walking around they can actually be rogue access points, they can be pretty much anything you can generate cellular with a laptop you can now generate with these and uh I actually have a program called Groundhog's Day where it replays the exact same days worth of traffic so it looks like the same people are walking by and uh, [chuckles], it is a pretty neat neat process and actually jacks up there uh in store analytics, their retention rates, all the heat mapping, uh, cause uh with the more advance version with the actual Raspberry Pi attached to it, you can um actually change where people are dwelling in the store and stuff like that so it's a a really really cool project and a a that's all going to be open source on my key lessons I will release how to actually build one of those. Um, I highly recommend it. They're pretty fun uh if you haven't played with wireless before. So [off microphone statement] Oh, sorry about that, yea thank you. And um metadata is used to change the store lay outs. So, say for example, if uh everybody goes to the front panel they're going to you know start throwing the more high price items there things like that. Um, if they realize everyone is going back to electronics right away they're going to put a lot of the stuff to try to sell to people with on the way there. And more specifically lay lay outs increase sales and make us more along the lines of uh just consumers. So, and using regards programs um yea like I said opt ins I have no problem with that. Uh I did a little research on some of the coupons that are pushed and some of the actual bluetooth tracking. Um, those things are literally built for like the year 2023. They're uh not impossible to break but I uh did not have the time the uh free time this to year to actually start uh dabbling with this. Uh, last year I actually did um some uh ticketed injection but I did the responsible disclosure with it so it's something where I wouldn't yea it wouldn't work anymore so nobody would really care. Heh, for the majority of it so. So they increase how much they >>Move the mike closer. >>Oh, sorry about that. Yea, here we go. And uh yea so basically they can increase how much they charge for certain store areas if people have it in there. So [audience laughing and clapping] Sorry about that guys. Heh, heh. Yea, thanks for the brave soul that told me to a bring it up a little closer so uh. So uh yea it changes the ad placement in the physical and the web because they are tracking across platforms. So, and they have all the collection on the cellular bluetooth beacons so they're collecting all DSN information um they have actual they've weaned away from this one big time because it's uh very very intrusive and um some of them have pretty decent ranges on them so um they're not as um acceptable for as far as if people are going through actual uh communication with them. So, and uh how do you harden the communication best practices? Um, yea that's something I will be going through here in a little bit. So, and uh who knows what TPMS sensors are for vehicles? Yea, there's been lots of really really cool research. Um, uh so they have smart billboards. Uh, they just throw the word smart in front of it and charge people for it but it something where gonna basically be tracking beacons. They'll be able to profile the you know that that guy driving that 2015 Jeep Cherokee or whatever. They'll be able to tell that that person's most likely a white, 32 year old male and they will be able to answe..uh uh get more of the advertisements or they'll be able to uh you know generalize how much they're actually are able to charge for some of the information, be able to track people a lot more and uh in the US uh after 2007 they required it it in a majority of the vehicles except for special pur uh purpose built vehicles. Uh so basically it uses unencrypted RF um 350..um 314 uh majority of it so depending on the actual vendor. Anytime you go over 19 miles per hour it will do a call home feature, so and um I'm going to be actually [mouth sounds] uh demoing the uh in the car hacking village I have a TPMS sensor where you can actually add 3 sets of tires to your vehicle so that's something that Ford owners have not been able to do without going into a dealership all the time. So it's something where you can have your snow tires, racing tires, but I, and your um whatever you know whatever other kind of tire other tires you want. Um and something that um I actually made it so my wife my wife's vehicle every time it starts up it will actually generate a new uh TPMS sensor and it will flash it into her cam bus so it will it's pretty hard to actually track the vehicle and it's just one step further uh hopefully people will adopt those kind of things uh once they start tracking more of that beacon information. So, and uh yeah, that right now that's one of majorities that they're actually testing and I'll be doing the demo of that on an actual car hacking village. So yea and everybody's for the most part I don't need to go into social media. Uh, that is literally just that is pretty much nothing but data collection. Um, there's been several jokes. I love one of the Onion ads where they had Mark Zuckerberg is like an FBI agent and it's uh heh heh yea they got some pretty accurate stuff like that and it's uh abused in the past um it's just they're literally just tracking everything on it and it's it's something that we that they willingly accept to be able to uh you know send cat memes and things like that to each other. So, and uh, reversing the randomness so when I went through an actual pages it was pretty simple. I uh start with a dummy account on a VPS and it would start searching a specific dialogues um of things that I would think that people's personalities. I would think of a friend and then I would think of things that they would search and I would think of that age right now. I would think of my niece and things she would search. What my cousin would search. What my uncle would search. A lot of that stuff, so that's something that where I was kind of looking at what they were reversing and what they were advertising with. So I built out a huge uh spread sheet that is actually gonna be something else I'll also be releasing with these tools. Um and it basically shows that what what what you're profile and how to build a profile cause that's actually what the uh program that I made is you can set yourself to say for example the example I was giving was a 12 year old girl who likes horses and uh you you'll be looking at how to flash um a firmware on it ubertooth one and the next thing you know she your searching if does he like me you know where are the best horse ranches. Things like that. so, You will be able to throw in some pretty random details and it's actually a plug in for uh that amazing program that I was talking about earlier um they they do a very, very good job at random stuff, but uh some of the random stuff that you gets thrown into unlogical bins where they don't even get advertise to or they get very very low resale. So these actually keep you looking like a real person on the web uh because eventually when enough people start using blocking services like that they're going to start actually deep diving into a little bit more into the actual uh details and the software of it. So, and yea back into the old XPDs uh they really didn't store store much information. Huh, huh. and uh yea 1984 style moving into Windows it's literally amazing the uh amount of information they collect and I have been a huge fan of uh doing misinformation type talks like the the one that I actually did was um uh injecting fake credit card numbers for credit card skimming software. So, like it's like it's all about like if I can't have my data, nobody can kind of situation. So, it's like it becomes so useless they won't actually want it anymore and that's kind of the thought in the process behind it. And, yea. An explanation of attacks so blocking the billboard spying um I'm going to go through that with a TPMS sensor and uh explaining the actual main attack surface of the past several monitoring systems. So how brick and mortar stores are spying on people and how web and OS are spying on people, so that will be the next phase of this. And uh some methods of stopping some billboard spying. Since billboards there >>Louder! >>Oh, they're picking up uh this, this microphone. I apologize really here. So, [laughs] so, smart billboards they capture the wireless sensor information. Uh, they capture all but based on the model year of the car, the age range, income range. Uh, if you're if you're driving a brand new Lexus you're most likely not a McDonald's employee and they like to profile it like that and that that's just one more of the things where it dehumanizes a lot of the information. So, and uh passive and opt in programs once again like I said uh people have a lot of applications for tracking through a lot of the extra moldings uh uh public transit systems and stuff like that so and like I was saying uh you can add um a lot of the not not necessity of having to go into a dealership which is really really nice because um uh Ford and Lincoln vehicles is the one that have the tool that I'm working for now and it's nice to actually be able to install um uh like a Groundhogs Day type of situation, so you cycle through. The one that I have that would be more practical is adding a 10 tire TPMS sensors and cycling through them. Uh so that's something where it's not randomly generating them uh because that is a bit more of a lengthy process especially um uh once a week you actually have to do a hard flash uh to actually add some of your TPMS sensors. So, and yea, so what's being collected and then what allow them to uh profile me online that was one of the the biggest things that was uh the collection of the information once I logged it all uh it's something that was it was pretty interesting. Um, what slight changes would uh change in advertisements and things along those natures especially when it's starting to getting into getting into higher profile travel um you can also see where people are spending a lot of the money, uh, for actual click to pay advertisements and stuff like that. So, uh, how do they use it? Uh, who who is it interested to? Who's buying it? Uh, how is the information held against people. They've uh done there's actual FBI portals uh and things like that for you know a lot of this information so they don't have to actually submit warrant er, they have to do warrants and everything like that they have to do the the due process. It's just something that they actually have to uh yea they have to keep it up so. And how's that yea all the information for portals for law enforcement uh one of the biggest ones I have known is the the ones for an actual cellular communications. So, and yea, um. So basically injecting the pulse data, uh, changing your profile um how much information do you have to do to combat your years of of profiling. Um, one of the biggest things I did a couple of years ago was I started like 3 Google accounts and then I switched in between them. Didn't even trick them because of a lot of the information that they picked up they still profiled it as the same person. Um so I'm going to go into a little bit of the profiling changing and actually throwing off some of the lower level analytics and uh who knows what type fisting is? Huh, huh. Yea it's uh like a World War 2 based on when people did the tap the actual morse code and stuff like that It's something where they would have been able to tell where somebody was in Germany based on the actual way that they typed their information and that's one of the actual analytics set up that uh that Windows 10 is collecting so that's part of that hypervisor that I built is it actually collects your all of your keystrokes and actually injects them out and into the operating system or whatever your selected tab is and uh in for and um 38 you can select the stroke per minute depending on how fast you type but it basically pops it out so there's no type fist so it can't tell if it's you using your computer or your wife using your computer and uh there's a couple other uh ways that you could do a lot of this stuff um it can be used for injection of typing um you can do um I'm working on mouse click uh emulation and simulation that's undetectable and things like that, so, it will be a a pretty decent project once it's uh plea..complete so and then we're going to go through through the browser bot and uh how to not get det..detected by search engines and web browser programs that was one of the biggest things uh right away it was uh kept busting me and it just was a little disheartening at first so but yea uh so yea. A lot of the r..um, I'm not a robot uh who who saw that originally they got like how hard can that be to beat, then they try to beat it. Huh, yea it's actually huh a pretty well thought out process um uh so a lot of the it's not just about the clicking it's about the naturalness of how it is clicked so that's something that we're um if you're able to push mouse clicks from a hyper visor um it's a lot more uh accurate in detail and you can tune it a lot better and it also makes it so that everybody can use it you don't have to have low level details of actually how to um program a lot of the stuff so and yea and so yea you can basically um go through the joys of watching your advertisements change first hand. You can throw off your analytics a little bit and um based on your actual advertisements you can reverse that to what they profile you as and as that that's actually pretty creepy uh based on the actual data based information you can actually see that they know that you're, you know, in your mid 30's and you love vehicles and computers or whatever your ser..uh things are. So there's ways to actually go uh the reversing process it's uh it's a pretty decent process if you guys haven't ever mapped anything out like this, um search engines are really really easy to do and it's uh definitely something if you're wanting to get into a data project with some of your friends. So, and yea, basically uh yea. This mal ware can actually be used to uh do bad things. So you could actually uh like a hypervisor like that I was looking at that where somebody could actually use it as frameware. They could make people visit bad web pages things like that so that's one more reason that you're going to want to integrate something that will keep track of what your actual analytics are and what it's actually conveying and you can actually frame somebody uh it could basically damage somebody's life or even worse it could like Nickelback on Facebook. So, [audience laughing] Huh, huh, I just had to bash on Nickelback because they are the worse worse thing to come. but yea, and uh there's basically a um yea yea it's also used um if you want to do some testing for malware a lot of the mal ware looks to see if the virtual machine is used and it's something where you can get some actual um real real world case usage um I know it's something uh without paying you know 50,000 dollars for their uh really expensive BMs that are specifically for bursting mal ware it's something you could make virtual machines look like they have daily usage in them. So it's something where you want to kick a payload off or where it kicks off 3 weeks later or something you would actually be able to do a bit more research on it, so, and yea basically it's the operating systems and a yea. So how I tried to make Windows 10 uh go off the grid, kind of, uh was basically by you know redoing some of the hosts seeing what it's calling out to Um, others have done that in the past others have failed um I failed the first few times I did it um there's actually very good tools um out there for blocking a lot of days they get turned right back on as soon as you run an update though so that's something where uh I'll be posting some of that research and a little bit more about uh deep dive into the operations systems of uh cause I'm sure a lot of you guys are adopting either for your actual users or for your actual self uh switching over to Windows 10 from Windows 7 and uh actually injecting from the hypervisor and how much information the actual uh OS detects before like a lot of the um errors and issues and things like that will actually submit those um and there's uh pretty much anything that was getting sent home to Microsoft I have made a way to send them bulls**t. so it was a pretty fun fun it was a fun project and it was uh I love watching actual responses of it so and uh yea. IP version 6 and how it changes spying on us uh some of the real time communication um that is uh yea some of it for as far as it like breaking um anonymity on the web there's lots of actual information out there for it so yea screen sizer uh screen sizing and browser information that was uh one of my bigger breakthroughs when I was um going through how they were actually uh tracking a lot of uh uh um um details from some of the posts and get requests and things like that so and uh type fisting is something that um yea it's basically uh something Windows 10 they've been uh collecting I don't see any reason that they would need to do that uh aside from per user basis. Um there's some pretty cool uh research on people like being able lock machines if they feel that somebody else is typing at the machine or something like that uh so I've seen a couple of programs like that and a type fisting app would be able to be a pen testing tool for something like that but but yea no so we do the XML and HTML injection uh yea and it's basically a macro based injection so um I add the most simple simple version of it is ghost writer if you want it to literally inject things out of uh uh text file you can do that. Um you can use some of the plug ins for some of the other applications that are out there and uh yea there's like I said it interacts with other programs by um if they're brought to front or if they're a select a window and you can change a lot of the functionality with that um there are some CV plugins that people have um for desktop support uh applications and I'll also be posting and referencing to so um and can Windows stop this and it's easy to use so it something that um I have not seen um Microsoft combat any of the uh actual anti type fisting or any of the hyper visor inner intervention. That's something that where it also does a lot of really really cool stuff like blocking um some of the hid attacks like human interbase stuff like device attacks it blocks like some of the bash bunny attacks uh because it basically hijacks any input um quite literally any input unless it's uh uh pre detected device so and you can uh also have it released so it's a very very cool concept and yea I'm excited to see people's feedback on it and yea be able to grow it and see what other people do and maybe other people can clean up the code. There's a lot better programmers out there than me so and yea basically blocking out the outputs from your phone there's a couple programs out there that um uh are pretty nice that you don't have to actually rip you phone which is amazing because I know several years ago if you wanted to delete uh the foot like the like I know there are some guys that are computer guys and football guys but I have no interest at all in the NFL or Nascar or some of that other stuff they have loaded onto my phones and it's just nice to have be able to have uh yea uh basically it frees ways to get rid of all that information so and um yea so you can generate um also there's um a lot of applications that will read 50 SMS messages a day or they'll read 50 emails and uh they have their end user license agreement or EUA 50 uh where they have the they basically read your emails so they can better tailor uh either your typing or your auto completion. They'll give you a lot of examples like that but it's uh most likely for other uses so yea and airplane mode um working on making uh I have an HGC1 or HGC 10 now and I I did a PRL hack so it actually doesn't attach to uh fake uh fake cell phone towers. and also I'm having a DEFCON mode and I'm sure a couple of other people have the switch on the side of their laptop that they used as DEFCON mode before but yea basically it turns off your radios does not allow you to uh turn off your radios it reminds you a week before to change all your one time passwords call in information so and yea I'm going to go over the actual hardware that I'm going to be demoing here in a second and uh this is actual look into the in store tracking systems. So heat mapping so they track how many people walk by the store and they see how many people actually walk into the store. where the people actually dwell. Um so this device actually I just ordered as many radio 8 O 2 11 compliant things as I could and started slapping them on an arduino and it's a pretty fun project I definately recommend you build them you can build them for around 35 to 45 dollars and uh it basically um..uh there's a collection mode where you can collect the beacon's like I was saying for a Groundhog's Day type attack or you can actually ee edit your own text files and then you can pop in your own beacon information so you can basically have it look like hundreds and you know if you built one bigger than this or you actually got a full blown boards on these ones you could actually build it out to the point where you could have uh 3 to 400 access points so or beacons or whatever those things and uh heat mapping. Uh so there's an actual threshold um so there's basically they attract people there’s classic people tracking awesome OK yes there's classic people tracking and it's going to go through um you know actual infrared. It will count a ticker it's literally just as if somebody is uh tripping an I beam. So I actually built an infrared blocker for that. A heat mapping my actual application when you hook it up to Raspberry Pi you can make it look like people are walking in a circle in a store and it is really really creepy I couldn't use the actual software uh because I would most likely get sued or at least get a cease and desist letter uh but yea it's uh pretty interesting stuff there's um uh older software that is really really fun to see the reactions of it so and yea. I'm going to be uh er..the actual device that's going through here so you can ba.. basically um look at the strange responses from the uh uh the actual system and it will uh do some of the uh re-beaconing and some of the other device reactions so and this is the actual radio that we're going to be demoing here and yea this is a CB based so yea they basically uh you peel the threshold with a really really high powered infrared laser uh you can basically um yea. It basically makes all the uh actual analytics shut down um so after about an hour of this um it had useless data after 3 hours it literally made the entire store black like that . Hah, hah. and it yea it was pretty decent so but yea I'm going to go into the actual demo here um yeah I'm going to actually let it uh lay waste to the actual um software find radio or I got a actual capture of of the wireless packets so I'm going to go through that here in a second so I'm going to go into the actual demonstration and then uh yea. I'm going to do the Groundhog's Day attack and then I'm going to do the dwelling time attack so it's going to jack up all the dwelling time and um on this computer here I will show uh while I'm getting this demo setup I will actually show you uh, which is not that interesting of a demo, but uh I will do that while I actually set up the software finding radio demo so uh and yea. I would just like to give thanks to my work, um my kids, my wife who’s very very patient with me, uh Jesus, my Uncle Staci for giving me my first Zenith easy PC, um DEF CON for having me speak for the fourth year in a row. It's an honor and uh audience for listening to me and especially when I have to bobble a microphone in front of me. I have to I apologize for that and I can't wait to hear the trolls on youtube on that one so.. [laughing] huh,huh hey they already said I sound like Beavis and Butthead on my last talk because I have nervous stuff that comes out but yea follow me on twitter guys and uh definitely uh thanks again audience it’s uh you guys are what make DEF CON and I really do mean that so and yea I’m going to kick off the demo here so [silence] so here we go, oop [microphone sound] let's get this here yea so this one basically is uh uh one of the text implementations of the actual uh Word profile so this one is a plugin for uh this application here which basically uh it will go through and literally troll all the pages. I did not write this program it's something that uh I um am a huge fan of supporting and I definitely want to plug it on something where it literally goes through and clicks on all the advertisements. Um they used a randomness that was something that I saw as a a eventual weakness, but it's something where um you can now actually load your own profile in there and um you can build um sur channel on actual uh yea so that's basically gonna go through here what it actually will track here. Let's see. Yea so you can go through all the settings it's an amazing tool and it's uh very very easy um to actually modify if you guys wanted to start injecting your own profile information. I'm going to be releasing the actual app for that here soon so. Let's see. Yea I'm going to be powering up my radio here and uh yea. I’m going to get my Cali machine going so one second [microphone sound] here we go…. So I’m just going to get airomon running here in a second Here's what an idle DEFCON looks like. Here we go. [off-mic comments] >>OK If you guys want to open up to questions too feel free to approach the microphone [coughing] [tapping sounds] Come on There we go and we huh, huh, huh of course my screen jacks up but I can't actually see it here. Yea we should have uh SSIDs start popping up and uh there's going to be tons of actual beacon information going out right now so so basically this is making uh like I was saying there's the Grounddog's Groundhog's Day scenario where basically it replays the same day so you can actually capture information that’s why it actually has two radios on there uh that are full blown uh dab boards for radios then the actual other smaller antennas get passed off to a delay where they will pop the beacon information that was passed off from the initial radio and uh like I said I will be releasing the actual code for this so and I'm glad my demo didn't blow up and you should see a couple of fake access points popping up here and uh there's tons of beacon information if any of you guys have uh scanner on hand so [inaudible off-mic comment] uh, what's up? >>Hello, Wesley. Nice talk >>Oh, awesome. [laughs] Sweet. Yea I knew as soon as I boot [chuckles], I hope they keep it appropriate uh, huh but no as soon as uh I booted up I should have known people were going to mess with it, but, [laughs], [audience laughs] Anyways, it works really good in stores cause when you walk into a retail store there's’ not usually a hacker waiting with a laptop booted up with Cali on it so hehe [laughter] so but yea I appreciate you guys coming and listening to me talk and uh yea I'm glad the demo worked this year and yeah [clapping] thanks guys [applause]