For the best user experience please upgrade your browser
Loading Events

Events

DEF CON – 28 Safe Mode

August 6 - August 9

The Internet, United Kingdom

DEF CON 2020

Discord: https://discord.com/invite/defcon

Twitch: https://www.twitch.tv/defconorg

YouTube: https://www.youtube.com/user/DEFCONConference

Access to talks, panels etc., (from https://defcon.org/html/defcon-safemode/dc-safemode-speakers.html):

DEF CON official presentations will be pre-recorded, each full day of talks will be pre-released online at midnight PDT (GMT-7) the day they are scheduled for, as a torrent on media.defcon.org and on our official YouTube. The dates and times below are special live streamed Q&A sessions for each talk, as well as additional fireside lounges and panels. These sessions will be streamed on Twitch at https://www.twitch.tv/defconorg. All discussions and attendee to speaker participation will be on the DEF CON Safe Mode Discord Server at: https://discord.com/channels/708208267699945503/733079621402099732

Beyond Root: Custom Firmware for Embedded Mobile Chipsets

Chris Wade
Sunday August 9
14:30-15:00 PST / 22:30-23:00 GMT+1

https://www.defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Wade

Rooting a smartphone is often considered the ultimate method to allow a user to take complete control of their device. Despite this, many smartphones contain hardware which is closed off to any modification. This talk aims to show how this hardware can be reverse engineered in order to bypass its protections and further expand its functionality.

Using proprietary NFC Controllers as an example, we will cover analysis of the protocols used by the chips, how the firmware protections could be broken, and how custom firmware could be developed and deployed to the phone with no hardware modifications.

This will include methodologies for analysing weaknesses in firmware update protocols, leveraging the Unicorn CPU Emulator to bypass debugging restrictions, and techniques for reverse engineering the hardware capabilities of an unknown chip in order to implement custom features. This will end with demonstration of a smartphone with passive NFC sniffing capabilities and expanded tag emulation functionality.

Hack The Sea

Speed 2: The Poseidon Adventure – When Cruise Ships Go Wrong

Andrew Tierney
Saturday August 8
10:00-10:30 PST / 18:00-18:30 GMT+1

https://hackthesea.org/schedule-2020/

Aerospace Village

Introduction to ACARS

Alex Lomas
Saturday August 8
13:30-14:00 PST / 21:30-22:00 GMT+1

https://aerospacevillage.org/def-con-28-schedule/

We’ll go through what ACARS is, its roots in Telex, through to how it’s implemented and used in modern airline operations today over VHF, HF, and SATCOM.

We’ll talk about how to setup your own ACARS receiver using an RTL-SDR and do a live demo of capturing real ACARS transmissions and attempt to decode what those messages are about. Then we’ll take a thought experiment on how potentially malicious transmissions could be made to affect the aircraft.

There will also be a discussion around how ACARS is used in modern CPDLC air traffic to pilot data links, instead of voice communications and how these could be vulnerable, and a brief look at SELCAL which reduces the need for pilots to monitor the radio.

Lastly we’ll look at the future of ACARS over IP and how this will integrate with modern e-enabled aircraft.

ILS and TCAS Spoofing Demonstration

Alex Lomas & Ken Munro
Saturday August 8
15:00-15:30 PST / 23:00-23:30 GMT+1

https://aerospacevillage.org/def-con-28-schedule/

We’ll be looking at what Traffic Alert & Collision Avoidance System or TCAS means for air traffic collision avoidance, and its role in alerting pilots to avoid conflicting traffic.

Using our flight simulator we tested a set of scenarios where we configured fake or ghost aircraft that the various systems were forced to react to, and give the pilot the appropriate resolution advisories.

We’ll show how we experimented with multiple configurations of fake aircraft, iterating through different ‘stacks’ of fake airplanes to determine how to make TCAS respond in a way to cause the victim plane to move in a direction of our choice.

Following this we’ll discuss the likely human responses and how these are aided by ancillary systems and ground control interactions, as well as the future of avoidance systems and the possibility of spoofing ACAS-X through ADB-S upon which it is dependant.

747 Walkthrough from a Hacker’s Perspective

Alex Lomas & Ken Munro
Sunday August 9
10:30-11:00 PST / 18:30-19:00 GMT+1

https://aerospacevillage.org/def-con-28-schedule/

COVID-19 has caused a significant downturn in the aviation sector. This is devastating for jobs and the wider economy, but it has created opportunities for security research. Access to avionics and airframes is usually very difficult or prohibitively expensive, restricted to outdated components from eBay or rare ‘lucky finds’.

Airplanes are being laid up or stored at an alarming rate. Many airfields and salvagers that would not normally handle storage have been pressed into service to handle the spillover.

As a result, we have had access to a number of airframes and have been able to conduct security research in to the various components, whilst staying with the limits of rules governing what can be done on equipment that may one day be able to fly again.

This presentation is a 101 introduction to airplane security, in the format of a video tour of the cockpit, avionics bays, and passenger spaces to highlight and explain the various technologies and systems running at any given time.

We’ll look closely at aircraft domain segregation and the hugely important role it plays in securing the whole entity. No, you can’t hack the airplane from the IFE, but that isn’t to say security is perfect.

Alex and Ken are both GA pilots with a keen interest in aviation security. They are both members of the Boeing Cyber Technical Council.

Hackers and ISACs – panel

Ken Munro
Saturday August 8
10:00-11:00 PST / 18:00-19:00 GMT+1

https://aerospacevillage.org/def-con-28-schedule/

Panel hosted by Pete Cooper with:
Jeff Troy (A-ISAC)
Erin Millar (S-ISAC)
Matthew Gaffney (BSSI UK)
Ken Munro (Pen Test Partners)

Across the aerospace sector, good faith research has a key role in highlighting both risks and vulnerabilities but it hasn’t always been welcomed with open arms. ISACs are often seen as a key point of contact for researchers and hackers doing this work but how best do we create relationships across hackers and ISACs to learn the lessons of the past and build the trust that we need?

Details

Start:
August 6
End:
August 9
Website:
https://www.defcon.org/html/defcon-safemode/dc-safemode-index.html

Venue

The Internet
The Internet, MK18 2LB United Kingdom + Google Map