0:00:00.000,0:00:18.279
35C3 preroll music
0:00:18.279,0:00:22.850
Herald: And I have one last announcement before[br]we begin this talk. This is a personal
0:00:22.850,0:00:27.850
announcement to whoever slapped this[br]sticker saying "for rectal use only" onto[br]
0:00:27.850,0:00:30.710
my microphone.[br]loud laughing
0:00:30.710,0:00:34.450
Microphones are not supposed to be used[br]this way.
0:00:34.450,0:00:42.440
applause
0:00:42.440,0:00:46.019
Please trust me. I am very familiar with[br]microphones.
0:00:46.019,0:00:51.629
laughing[br]I know how they are supposed to be used.
0:00:51.629,0:00:57.929
However our next speaker is going to tell[br]you about things that are supposed to be
0:00:57.929,0:01:06.340
used this way and about how to secure and[br]protect those things. So please welcome
0:01:06.340,0:01:12.260
the honor and the talk you all came here[br]to see. The Internet of dongs. A round of
0:01:12.260,0:01:21.790
applause.[br]applause
0:01:21.790,0:01:27.000
Okay so hello everyone. My name is Werner.[br]I'm working for a SEC consult as an IT
0:01:27.000,0:01:33.140
security consultant. And besides[br]penetrating all the things at the SEC
0:01:33.140,0:01:38.200
consult's vulnerability lab, I have been[br]studying information security for the last
0:01:38.200,0:01:44.490
five years at the University of Applied[br]Sciences St. Pölten back in Austria and
0:01:44.490,0:01:49.520
about a year ago I was facing a massive[br]challenge. Some people might know this
0:01:49.520,0:01:54.800
challenge This challenge was to select a[br]proper topic for my master's thesis.
0:01:54.800,0:02:01.530
loud laughing[br]You might know there are always those
0:02:01.530,0:02:06.549
predefined topics by the universities.[br]Some of them are quite interesting. They
0:02:06.549,0:02:10.970
are taken - yeah - most of the time quite[br]fast by the other students and you are
0:02:10.970,0:02:15.760
left with the boring topics and I thought[br]to myself, I don't want to stress myself I
0:02:15.760,0:02:21.239
just want to define a topic by myself. And[br]that was the challenge. So the first thing
0:02:21.239,0:02:25.690
I did to get a better overview of the[br]topics was to take a look at the topics my
0:02:25.690,0:02:29.990
colleagues have chosen and created a word[br]cloud out of that. So we have basically
0:02:29.990,0:02:34.510
all the interesting topics there we have[br]bitcoins, we have GDPR, we have cyber
0:02:34.510,0:02:41.460
cyber cyber, we have DevOps management,[br]malware. But some of you might have
0:02:41.460,0:02:46.860
allready noticed it. There is one topic[br]missing at my colleagues thesises which is
0:02:46.860,0:02:53.629
very very important in the year 2018 and[br]that's the Internet of Things. So I guess
0:02:53.629,0:02:57.500
I don't have to explain here at the[br]Congress what the Internet of Things is.
0:02:57.500,0:03:01.900
It's basically the interconnection of all[br]the devices which were analog a few years
0:03:01.900,0:03:09.099
ago, with each other and even worse over[br]the Internet. I thought maybe I can
0:03:09.099,0:03:13.720
combine the knowledge gathered at SEC[br]consult and conduct a penetration test in
0:03:13.720,0:03:18.019
this Internet of Things. The problem here[br]is still there are like millions of
0:03:18.019,0:03:22.019
products and I just have to write one[br]thesis, so I have to select one
0:03:22.019,0:03:27.720
subcategory in this Internet of Things to[br]conduct a penetration test on. Of course
0:03:27.720,0:03:32.689
the first thing which came to my mind[br]where smart home devices we already had a
0:03:32.689,0:03:37.430
lot of interesting talks about smart home[br]devices. There are like smart coffee
0:03:37.430,0:03:45.760
machines, smart lawnmowers, light bulbs,[br]thermometers and stuff like that. But this
0:03:45.760,0:03:50.560
category has two problems. So, first of[br]all there is already a lot of research
0:03:50.560,0:03:56.799
done. And the other problem is the impact.[br]So, I don't want to downplay the
0:03:56.799,0:04:01.390
vulnerabilities which were found there,[br]but when there are vulnerabilities found I
0:04:01.390,0:04:07.570
mean, yeah, if there is a DDoS on your[br]lawnmower you can just go out through your
0:04:07.570,0:04:11.660
garden and mowe the lawn yourself. It's[br]not that big of a deal. So I thought I
0:04:11.660,0:04:18.440
have to select a subcategory where the[br]impact is a little bit more critical. And
0:04:18.440,0:04:25.120
I came up with the following devices. So,[br]for example: Smart dolls. There was this
0:04:25.120,0:04:30.081
doll Kyla. Some of you might know it.[br]Someone found out that it has a built in
0:04:30.081,0:04:35.170
microphone and the data was sent to some[br]dubious service in some dubious countries
0:04:35.170,0:04:38.820
and it was even declared as an illegal[br]telecommunication device. It had to be
0:04:38.820,0:04:43.480
destroyed. Or there is a lot of[br]interesting research at baby monitors. A
0:04:43.480,0:04:47.050
colleague of mine wrote a very interesting[br]blog post, you should take a look at it.
0:04:47.050,0:04:54.190
Or devices which affect our body. So, for[br]example smart pacemakers. They were
0:04:54.190,0:04:58.390
developed by St. Jude Medical, that's the[br]biggest manufacturer of pacemakers in the
0:04:58.390,0:05:04.040
world. And they built a pacemaker which is[br]programmable via Bluetooth. But yeah, they
0:05:04.040,0:05:08.330
forgot authentication, which is quite a[br]big of a problem when everyone is able to
0:05:08.330,0:05:17.100
reprogram your pacemaker. So as we can[br]see, at this categories the impact would
0:05:17.100,0:05:21.720
be quite critical but there is again a lot[br]of research done. So the deadline was
0:05:21.720,0:05:28.010
coming closer and closer. I had to hand in[br]some kind of topic for my master thesis. I
0:05:28.010,0:05:32.010
was doing a lot of brainstorming with[br]myself and then suddenly it came to my
0:05:32.010,0:05:38.000
mind. There is one category out there[br]where the impact would be very critical.
0:05:38.000,0:05:41.990
And there is not a lot of research done[br]and that's the Internet of dildos. So
0:05:41.990,0:05:48.670
that's basically the integration of sex[br]toys into the Internet of Things where we
0:05:48.670,0:05:55.740
interconnect the dildos with each other[br]and over the Internet. But before I'm
0:05:55.740,0:06:01.870
going to show you what I've found in this[br]internet of dildos, we have to talk about
0:06:01.870,0:06:07.250
history, because you might think now[br]that's something new. But that's not true
0:06:07.250,0:06:13.350
because the Internet of dildos as we know[br]it is existing for about 50 to 60 years.
0:06:13.350,0:06:18.120
And as always when there are new[br]inventions or interesting ideas, they
0:06:18.120,0:06:23.510
first appear in movies and that also[br]applies to the Internet of dildos. So,
0:06:23.510,0:06:27.710
those are quite old movies, we have for[br]example Barbarella or Flash Gordon or
0:06:27.710,0:06:34.500
Orgazmo. And in those movies, those are[br]real movies - it's not a joke.
0:06:34.500,0:06:38.530
laughing[br]The Internet of dildos appeared first in
0:06:38.530,0:06:43.730
this movies. So for example at Barbarella[br]the evil guy used a device called the
0:06:43.730,0:06:50.460
Orgasmotron to cause so high levels of[br]arousal in humanity, to kill people. So
0:06:50.460,0:06:54.770
basically the Internet to dildos was in[br]the 60s and 70s a weapon of mass
0:06:54.770,0:06:58.840
destruction[br]loud laughing
0:06:58.840,0:07:08.590
and not the weapon of mass pleasure, as it[br]should be. So a few years later a whole
0:07:08.590,0:07:14.990
research area was formed. This research[br]area is called teledildonics and that's
0:07:14.990,0:07:19.300
also not a joke again.[br]laughing
0:07:19.300,0:07:25.690
And it was first mentioned by Ted Nelson.[br]He is a technical philosopher and he coins
0:07:25.690,0:07:32.360
quite well-known terms like Transclusion,[br]Virtuality and Intertwingularity and
0:07:32.360,0:07:36.020
Teledildonics. And he mentioned this term[br]at first in a book called Computer
0:07:36.020,0:07:41.310
Lib/Dream Machines. Very interesting book[br]by the way. You should read it. And in
0:07:41.310,0:07:48.890
this book he did interviews with people[br]who had yeah innovative and interesting
0:07:48.890,0:07:54.390
ideas for the time but the technology was[br]not just ready yet. He did an interview
0:07:54.390,0:08:00.580
with a guy called How Wachspress and How[br]Wachspress developed a device or had the
0:08:00.580,0:08:05.310
idea for a device called auditac. When you[br]Google for auditac you find quite an
0:08:05.310,0:08:10.730
ancient website called auditac.com. And[br]when you dig a little bit deeper you can
0:08:10.730,0:08:16.160
find out that he's still looking to find a[br]manufacturer to sell his sonic stimulator.
0:08:16.160,0:08:21.410
Sounds already quite interesting and even[br]has a patent and a small graphic for it.
0:08:21.410,0:08:27.070
So it's basically a radio with one input[br]and two outputs. One input of course the
0:08:27.070,0:08:31.610
antenna and the two outputs are one for[br]the headphones and the other output is for
0:08:31.610,0:08:35.659
this sonic stimulator, which is inserted[br]from below in the human life-form.
0:08:35.659,0:08:41.599
laughing[br]You even can find the patent on Google
0:08:41.599,0:08:45.100
Patents and he writes there in his[br]abstract: Random or controlled
0:08:45.100,0:08:49.370
electronically synthesized signals are[br]converted to sound waves that are directly
0:08:49.370,0:08:54.220
coupled to the skin of a life form, yeah[br]such as a human body for example, to
0:08:54.220,0:09:02.149
stimulate the skin or internal portions of[br]the life-form. So as we can see the ideas
0:09:02.149,0:09:07.490
were there, but the technology was just[br]not ready in the 1970s and 1980s, but now
0:09:07.490,0:09:13.069
we're in the year 2018 and we are[br]definitely ready for a penetration testing
0:09:13.069,0:09:19.940
the Internet of dildos. And before I'm[br]going to talk about the test devices and
0:09:19.940,0:09:24.250
the vulnerabilities, I'm going to make a[br]promise now. I will try to keep this as
0:09:24.250,0:09:30.230
serious as possible. I will try to keep[br]the, I will call it the IPM stimulendous
0:09:30.230,0:09:36.589
per minutes as low as possible. Yeah, and[br]now I just want to talk about the test
0:09:36.589,0:09:40.880
devices because those are very important.[br]So I selected three test devices for my
0:09:40.880,0:09:46.019
master's thesis. On the right side we have[br]the - that's not a joke again -
0:09:46.019,0:09:49.280
Vibratissimo Panty Buster. That's the real[br]name.
0:09:49.280,0:09:53.909
laughing[br]In the middle we have the MagicMotion
0:09:53.909,0:10:00.920
Flamingo and on the left side we have the[br]RealLove Lydia. So the devices on the left
0:10:00.920,0:10:05.209
side and in the middle have one thing in[br]common. They are manufactured in China.
0:10:05.209,0:10:10.319
The device in the red right side is[br]manufactured in Germany. So, I have to
0:10:10.319,0:10:14.899
admit I was a little bit biased because I[br]thought I am going to take a look at the
0:10:14.899,0:10:19.719
Chinese devices first, because there will[br]be a lot of low hanging fruits. Question
0:10:19.719,0:10:24.170
to the audience now: Who believes that I[br]found most of the vulnerabilities in the
0:10:24.170,0:10:30.250
Chinese devices? Raise your hand.[br]laughing
0:10:30.250,0:10:37.030
Who believes that have found most of the[br]vulnerabilities in the german device? Who
0:10:37.030,0:10:40.180
believes that have found vulnerabilities[br]everywhere?
0:10:40.180,0:10:44.910
loud laughing[br]Yeah you're basically all right. But when
0:10:44.910,0:10:49.910
I took a look at the German device, I[br]found so many really really critical
0:10:49.910,0:10:54.430
vulnerabilities that I immediately stopped[br]there and wrote my whole thesis about the
0:10:54.430,0:10:58.299
Panty Buster.[br]laughing
0:10:58.299,0:11:03.500
Okay, so the Panty Buster itself is just[br]one product out of a whole product line. I
0:11:03.500,0:11:07.730
just bought the Panty Buster because it[br]was the cheapest one. They are basically
0:11:07.730,0:11:13.310
using all the same backends, the same iOS[br]and Android apps. And yeah, the Panty
0:11:13.310,0:11:19.100
Buster is basically a device which is[br]connected via Bluetooth to a smartphone
0:11:19.100,0:11:23.990
and it can be used for example for long[br]distance relationships. But there is way
0:11:23.990,0:11:29.459
more behind those apps, because there's[br]like a whole social media network built
0:11:29.459,0:11:35.470
in. You can make group chats[br]laughing
0:11:35.470,0:11:40.149
You can create image galleries, you can[br]maintain friends lists.
0:11:40.149,0:11:45.140
loud laughing[br]Yeah, that's real. That's real. It's not a
0:11:45.140,0:11:49.620
joke.[br]applause
0:11:49.620,0:11:56.290
Yeah. And now we're going to analyze this[br]Panty Buster and take it down to the last
0:11:56.290,0:12:01.080
parts. Yeah we're going to analyze the[br]software. I'm going to tell you a little
0:12:01.080,0:12:05.660
bit about the transport layer and the[br]hardware of course. So I'd like to start
0:12:05.660,0:12:09.100
with the software. So, the first[br]vulnerability we have to talk about this
0:12:09.100,0:12:13.320
is so-called information disclosure. So[br]you might think nah boring, just some
0:12:13.320,0:12:18.019
random version numbers. Yeah that's true[br]most of the time information disclosures
0:12:18.019,0:12:24.670
are boring. But in this case it's really[br]critical because I found a so-called
0:12:24.670,0:12:29.779
.DS_STORE file the web root. A .DS_STORE[br]file is basically a meta data file which
0:12:29.779,0:12:35.810
is created by the MacOS finder and it[br]contains a lot of metadata, like files and
0:12:35.810,0:12:40.579
folder names. So when you find such a file[br]in a web root you have basically a side
0:12:40.579,0:12:45.819
channel directory listing. This .DS_STORE[br]file has a proprietary format but as for
0:12:45.819,0:12:52.309
all problems in life, there is a Python[br]module to decode it. Yeah. And I decoded
0:12:52.309,0:12:55.790
that .DS_STORE file and I was presented[br]with the following contents. So it's
0:12:55.790,0:12:59.489
basically a side channel directory listing[br]of the web root. There are a lot of
0:12:59.489,0:13:04.720
interesting files and folders so for[br]example: old page example, I have no idea
0:13:04.720,0:13:09.319
why it's there in the productive[br]environment. There is a database folder
0:13:09.319,0:13:14.170
but the most interesting folder is the[br]config folder. So whenever we get to the
0:13:14.170,0:13:20.339
config folder, there was real directory[br]listing enabled and there was one file in
0:13:20.339,0:13:31.969
there and it was called config.php.inc[br]with the following contents. So basically
0:13:31.969,0:13:38.049
I had now access to the database hostname,[br]the database names usernames and
0:13:38.049,0:13:43.029
passwords. The problem now was that as we[br]can see the database host is just
0:13:43.029,0:13:47.800
localhost, there might be a chance that[br]it's not directly reachable via the
0:13:47.800,0:13:51.570
Internet. And we have to find the so-[br]called exposed administrative interface to
0:13:51.570,0:13:58.339
connect to the database. Yeah of course[br]the first thing I did was to do a
0:13:58.339,0:14:05.499
portscan.[br]laughing
0:14:05.499,0:14:17.450
applause[br]A lot of interesting ports. Sadly no SQL
0:14:17.450,0:14:25.360
ports. But some of you might remember[br]this, let's call it weird brown orange web
0:14:25.360,0:14:32.620
application, called phpMyAdmin and I found[br]a subdomain which contained the phpMyAdmin
0:14:32.620,0:14:36.430
installation and I was able to use those[br]credentials to connect directly to the
0:14:36.430,0:14:52.029
database and get access to all the data.[br]applause
0:14:52.029,0:14:57.100
So I basically had access now to the real[br]life addresses, to messages in clear text
0:14:57.100,0:15:04.639
which were exchanged, images, videos and a[br]lot of other stuff. So, yeah. And what
0:15:04.639,0:15:10.420
hurt me the most was the following slide,[br]because the passwords were stored in clear
0:15:10.420,0:15:20.259
text and that's really not necessary in[br]the 21st century. Okay. So in real life
0:15:20.259,0:15:28.180
about 30 minutes have passed by[br]loud laughing
0:15:28.180,0:15:32.599
and I tried to do a write up as fast as[br]possible and submitted to the german CERT-
0:15:32.599,0:15:38.029
Bund. And yeah a few minutes later, I got[br]a really interesting call from the german
0:15:38.029,0:15:42.209
CERT-Bund. They told me that the already[br]informed the manufacturer and they're
0:15:42.209,0:15:47.649
already trying to fix those problems. So[br]my problem was now that I still had to
0:15:47.649,0:15:53.070
write my master thesis and I just have[br]content for about 30 pages now and I need
0:15:53.070,0:15:57.529
like hundred pages. So I did a little bit[br]of more research and found way more
0:15:57.529,0:16:01.681
vulnerabilities of course. And the next[br]vulnerability I'm going to talk about is
0:16:01.681,0:16:06.749
the so-called insecure Direct Object[br]reference. Sounds cryptic, but it isn't.
0:16:06.749,0:16:11.290
It's basically always a vulnerability[br]which is consisting of two sub problems.
0:16:11.290,0:16:16.569
So the first problem is, when someone[br]uploads resources to a backend those
0:16:16.569,0:16:22.730
resources are most of the time renamed, to[br]like a random string which shouldn't be
0:16:22.730,0:16:28.180
guessable. The first problem would be if[br]it would be guessable. But the second
0:16:28.180,0:16:32.360
thing is, there should be authorization[br]checks in place. So if someone is able to
0:16:32.360,0:16:39.800
guess those unique identifiers, there[br]should still be some like process which
0:16:39.800,0:16:47.670
should check if the user should even be[br]able to download these resources. And in
0:16:47.670,0:16:54.810
this case, yeah, it was just really easy[br]to guess the identifiers and there was no
0:16:54.810,0:17:04.340
authorization whatsoever. And I had to[br]learn this the hard way, literally. There
0:17:04.340,0:17:08.800
is a feature in the smartphone apps,[br]called galleries. So you can create
0:17:08.800,0:17:13.470
galleries, you can set the visibility to[br]no one is able to see it, just your
0:17:13.470,0:17:17.460
friends are able to see it , everyone is[br]able to see it. You can even set a
0:17:17.460,0:17:23.550
password on those galleries. Yeah. And[br]just for a test I created a gallery with a
0:17:23.550,0:17:27.990
few cats and when you request the gallery,[br]you see the following request. It's
0:17:27.990,0:17:34.760
userManager.php blah blah blah username[br]password and some ID. And I thought maybe
0:17:34.760,0:17:39.020
I should change this ID. And I was[br]presented with a dick pic.
0:17:39.020,0:17:43.440
laughing[br]Yeah, the problem behind this is quite
0:17:43.440,0:17:48.330
easy. Everything which is stored on the[br]server is renamed to a global counter. The
0:17:48.330,0:17:53.350
global counter is incremented by one after[br]every upload. And there are no
0:17:53.350,0:17:57.761
authorization checks whatsoever, because[br]the images are just stored in a server, so
0:17:57.761,0:18:02.180
it doesn't matter if you set a password or[br]set the visibility. That's just nonsense
0:18:02.180,0:18:10.340
to do. OK. So the next vulnerability. Yeah[br]I call it improper authentication. To be
0:18:10.340,0:18:16.470
honest it was just a weird authentication.[br]At SEC consult I saw already a lot of
0:18:16.470,0:18:20.750
different ways of implementing[br]authentication. Some are good some are
0:18:20.750,0:18:24.200
bad, but it can be fixed. But in this case[br]it was just weird, I've never seen
0:18:24.200,0:18:29.380
something like that. It's basically like[br]HTTP basic authentication but a little bit
0:18:29.380,0:18:33.220
worse.[br]laughing
0:18:33.220,0:18:37.250
So normally authentication works as[br]follows. You're sending a username and
0:18:37.250,0:18:41.810
password to a server and if this process[br]is successful you get some kind of
0:18:41.810,0:18:46.470
authorization information like a cookie or[br]an API token. You can use this cookie or
0:18:46.470,0:18:53.510
API token to authorize all the other[br]requests. In this case every request
0:18:53.510,0:18:57.420
contains just username and password and[br]clear text to authenticate through
0:18:57.420,0:19:04.520
requests. That's just weird to be honest.[br]And also if your password is compromised,
0:19:04.520,0:19:07.980
it will also mean that you have to change[br]your username because it's part of the
0:19:07.980,0:19:14.370
authentication information. So weird,[br]weird implementation. Okay the next
0:19:14.370,0:19:19.900
vulnerability is called the remote[br]pleasure version 1.0. It's 1.0 because
0:19:19.900,0:19:25.660
there is a 2.0 .[br]laughing
0:19:25.660,0:19:30.670
There is a feature in those apps where you[br]can create remote control links. They can
0:19:30.670,0:19:36.310
be sent via SMS or email and everyone who[br]is in possession of those links can
0:19:36.310,0:19:42.930
directly control the devices. There is no[br]extra confirmation needed. We'll take a
0:19:42.930,0:19:53.180
look at the email now. There is a button[br]in the email called Quick Control and
0:19:53.180,0:20:02.880
there is an ID again. Yeah the thing is[br]it's just a global counter again. And what
0:20:02.880,0:20:06.990
an attacker can do now is download the[br]app, create his own quick control link,
0:20:06.990,0:20:10.990
decrement the ID and pleasure just random[br]strangers on the Internet.
0:20:10.990,0:20:25.310
applause[br]Okay I will show you guys a video now,
0:20:25.310,0:20:31.750
where I'm doing exactly that.[br]laughing
0:20:31.750,0:20:36.010
So when the video is going to start...[br]It's going to start, perfect. On the right
0:20:36.010,0:20:41.420
side we're going to see an attacker device[br]which is just connected to the normal
0:20:41.420,0:20:46.240
mobile network. And the attacker creates[br]his own quick control link and decrements
0:20:46.240,0:20:50.790
the ID. On the left side we can see[br]another smartphone which is connected to
0:20:50.790,0:20:58.840
Wi-Fi, to have Internet access and via[br]Bluetooth, to the smart sex toy. This
0:20:58.840,0:21:05.420
attacker device should now be able to[br]control - yeah, you can see that now, in a
0:21:05.420,0:21:22.860
few seconds. That's just what I explained.[br]silence
0:21:22.860,0:21:26.420
laughing[br]There is no confirmation whatsoever so you
0:21:26.420,0:21:32.540
can directly control all the devices.[br]Okay, I have to stop talking about
0:21:32.540,0:21:37.120
software now. There is a lot more like[br]cross-scripting, HTTPs problems, outdated
0:21:37.120,0:21:41.370
software, but there is not enough time[br]left now so we have to talk about the
0:21:41.370,0:21:45.201
transport layer. Before I'm going to tell[br]you something about the vulnerabilities I
0:21:45.201,0:21:51.990
have identified, I will tell you something[br]about Bluetooth low energy in general, the
0:21:51.990,0:21:57.670
security basics and how authentication and[br]encryption works on a very high level. So
0:21:57.670,0:22:03.460
you can imagine that Bluetooth Low Energy[br]basically works like a web API. So it's
0:22:03.460,0:22:08.080
very high level explanation. You have API[br]endpoints. Those are the service
0:22:08.080,0:22:12.070
characteristics and you have properties[br]where you can read and write to. So for
0:22:12.070,0:22:18.470
example the device name can be read or[br]written to change the device name. There's
0:22:18.470,0:22:22.190
also a lot of other characteristics which[br]will be very important when it comes to
0:22:22.190,0:22:28.220
remote pleasure version 2.0 a little bit[br]later. So that's a very high level
0:22:28.220,0:22:32.300
explanation, i know, but we don't have[br]enough time left. Talking about the
0:22:32.300,0:22:39.010
security basics Bluetooth Low Energy is[br]using AES-CCM that's counter CBC with Mac.
0:22:39.010,0:22:44.581
That's basically considered secure but as[br]we know, security also depends on the key
0:22:44.581,0:22:50.450
material and the key exchange. At[br]Bluetooth Low Energy the key exchanged is
0:22:50.450,0:22:54.200
defined as the pairing methods. For[br]Bluetooth Low Energy we have five pairing
0:22:54.200,0:22:59.650
methods. We have just "No Pairing". So[br]yeah we basically throw packets into the
0:22:59.650,0:23:05.770
air and if a device is nearby it tries to[br]do something with those packets. We have
0:23:05.770,0:23:09.060
"Just Works", we have "Out of Band[br]Pairing", "Passkey" and "Numeric
0:23:09.060,0:23:15.510
Comparison". I don't have to tell you the[br]details now. You all know those. It's
0:23:15.510,0:23:19.370
numeric comparison, where we compare[br]numbers to exchange the key material. You
0:23:19.370,0:23:24.800
have the Passkey, which is yeah like[br]always 0000 or 1234. We have Out of Band
0:23:24.800,0:23:29.720
Pairing, where the key material is[br]exchanged via NFC for example and we have
0:23:29.720,0:23:34.500
just works, that's really secure, where[br]the keys just set to zero and can be of
0:23:34.500,0:23:41.940
course be brute forced with ease, but it[br]just works of course. So out of those five
0:23:41.940,0:23:51.320
methods, what does the audience think the[br]sex toy is using? Is it using no pairing?
0:23:51.320,0:23:59.290
Raise your hands. Is it using any of the[br]other more or less secure methods? Yeah.
0:23:59.290,0:24:03.060
It's using no pairing.[br]laughing
0:24:03.060,0:24:06.790
That means that the Android and iOS apps[br]just throw the packets into the air and if
0:24:06.790,0:24:13.420
a device is nearby, it starts to vibrate[br]laughing
0:24:13.420,0:24:17.250
and that's of course easily exploitable[br]you can just sniff the real traffic and
0:24:17.250,0:24:22.410
repeat it. I did exactly that using a so-[br]called Bluetooth Low Energy sniffer. I
0:24:22.410,0:24:26.580
used a bluefruit device, it works very[br]well and I placed it between the sex toy
0:24:26.580,0:24:32.240
and the smartphone app. I sniffed the[br]traffic using wireshark and I found some
0:24:32.240,0:24:38.970
interesting end points or handles. There[br]is the 1F handle which is like an
0:24:38.970,0:24:45.230
initialization handle and there is the[br]handle 25, where you can send values from
0:24:45.230,0:24:51.930
00 to FF to set the vibration intensity.[br]Yeah and now it's time for a little bit of
0:24:51.930,0:25:02.840
War-dildoing. I wrote a small Python proof[br]of concept which basically scans the air
0:25:02.840,0:25:08.390
for Bluetooth low energy devices. If it[br]finds a device. It tries to or tries to
0:25:08.390,0:25:15.340
find out if it is a sex toy and if yes.[br]Yeah it basically turns it on to 100%, to
0:25:15.340,0:25:18.450
FF.[br]laughing
0:25:18.450,0:25:25.900
So the next thing I want to talk about is[br]not that funny. So please don't laugh now
0:25:25.900,0:25:32.000
because when we released this, a lot of[br]people on Twitter asked "Is this rape?",
0:25:32.000,0:25:39.230
so serious topic. For example the evil[br]attacker is using my War-dildoing script
0:25:39.230,0:25:46.220
in the metro, in the U-Bahn in Vienna. And[br]he would just pleasure random strangers.
0:25:46.220,0:25:52.950
Is this rape? In Austria we have two[br]different things. We have rape and sexual
0:25:52.950,0:25:57.560
assault and they have two preconditions.[br]So that's violence - eh three
0:25:57.560,0:26:02.720
preconditions. We have violence, threats[br]or deprivation of liberty, which is just
0:26:02.720,0:26:07.820
not the case in this scenario. But we have[br]a special paragraph called, phew that's
0:26:07.820,0:26:12.450
really hard to translate that. It's called[br]the Po-Grapsch paragraph. I know that's a
0:26:12.450,0:26:15.960
little bit different in Germany and I'm[br]not a law expert so it just kept the
0:26:15.960,0:26:22.240
Austrian laws which could be verified by[br]tourists. According to this paragraph this
0:26:22.240,0:26:27.460
would be an unwanted sexual act, via a[br]third party object. So it's not rape, but
0:26:27.460,0:26:35.020
it's an unwanted sexual act. Okay. The[br]hardware. Last but not least. The biggest
0:26:35.020,0:26:40.190
problem is that firmware updates are not[br]possible. That was confirmed by the
0:26:40.190,0:26:46.990
manufacturer. The problem here is a lot of[br]vulnerabilities can just be fixed by doing
0:26:46.990,0:26:54.070
firmware updates and the manufacturer came[br]up with the idea, that the end users can
0:26:54.070,0:26:58.520
send in their smart sex toys to do a[br]firmware update and I'm quite sure that
0:26:58.520,0:27:04.550
nobody's sending in their used devices to[br]conduct a firmware update. The other
0:27:04.550,0:27:09.450
problems are debug interfaces. They just[br]forgot to remove it or deactivate their
0:27:09.450,0:27:15.740
serial interfaces on the sex toys. It's[br]just really easy to extract the firmware
0:27:15.740,0:27:21.970
and do a little bit of more research on[br]the firmware. Okay. So you might now think
0:27:21.970,0:27:27.070
I still want to use smart sex toys. What[br]can I do? Yeah the tin foil is not
0:27:27.070,0:27:31.100
working.[br]loud laughing
0:27:31.100,0:27:41.280
applause[br]But there are a lot of interesting open
0:27:41.280,0:27:47.410
source projects out there. So first of all[br]the most famous project is the Internet of
0:27:47.410,0:27:52.310
Dongs project. There is a really[br]interesting person behind that. He's
0:27:52.310,0:27:56.610
called RenderMan. You can find him on[br]Twitter. He invented this project to make
0:27:56.610,0:28:01.240
this whole Internet of Dongs a little bit[br]safer. And he's doing like penetration
0:28:01.240,0:28:06.620
tests and stuff like that and he's even[br]handing out DVS. So that's the equivalent
0:28:06.620,0:28:13.870
to CVS. Then we have buttplug.io and[br]metafetish. They are developing open
0:28:13.870,0:28:18.680
source firmwares for a lot of different[br]sex toys and they're independent from all
0:28:18.680,0:28:22.290
the manufacturers. And there is also[br]something called Onion Dildonics
0:28:22.290,0:28:29.910
laughing[br]which has the goal of rerouting all the
0:28:29.910,0:28:36.400
smart sex toy traffic over the TOR network[br]to make it a little bit more safer.
0:28:36.400,0:28:48.680
applause[br]OK. There is one more thing. I had a lot
0:28:48.680,0:28:57.260
of calls together with the manufacturer[br]and the german CERT-Bund. And one call was
0:28:57.260,0:29:02.180
outstanding because we were discussing the[br]remote pleasure vulnerabilities. And we
0:29:02.180,0:29:07.870
tried to explain the manufacturer that[br]it's not good that you can basically out
0:29:07.870,0:29:13.640
of the box pleasure everyone on the[br]Internet or if you're nearby. We told them
0:29:13.640,0:29:17.220
that it should be at least like an opt in[br]feature, where you can switch on this
0:29:17.220,0:29:24.470
feature in the apps, but the manufacturer[br]said no that's not possible because, at
0:29:24.470,0:29:28.890
least they believed that, most of our[br]customers are in swinger clubs and you
0:29:28.890,0:29:33.230
don't know beforehand who is in the[br]swinger club. So there is just no optin,
0:29:33.230,0:29:39.320
in a swing club, because you're basically[br]always in. Thank you.
0:29:39.320,0:29:56.800
applause[br]Herald Angel: Secretary of Education you
0:29:56.800,0:30:01.100
are now taking questions. We have five[br]microphones two in the front and three in
0:30:01.100,0:30:08.350
the back. So please line up and ask[br]whatever you want. So apparently people on
0:30:08.350,0:30:11.590
Twitter are engaged in a drinking game[br]where they were drinking every time you
0:30:11.590,0:30:14.760
said penetration testing.[br]loud laughing
0:30:14.760,0:30:21.330
applause[br]Herald: In the meantime we have a question
0:30:21.330,0:30:24.880
from microphone number two.[br]Question: Did you come across anything
0:30:24.880,0:30:28.760
with the patent trolls in teledildonics?[br]Answer: I came across what sorry?
0:30:28.760,0:30:34.900
Q: patent trolls. There is a issue with[br]the teledildonics patent and some
0:30:34.900,0:30:40.200
companies have been threatened to go out[br]of business because of frivolous lawsuits.
0:30:40.200,0:30:45.210
A: Yes. Yes there was the I guess it was[br]called the teledildonics appreciation day
0:30:45.210,0:30:50.910
in August because the patent ended. So you[br]can basically use the term wherever you
0:30:50.910,0:30:55.770
want.[br]Herald: Thank you. Microphone number three
0:30:55.770,0:31:01.900
please.[br]Q: So this was very funny obviously. And
0:31:01.900,0:31:08.640
you showed us the really low hanging[br]fruit. On the website in the database you
0:31:08.640,0:31:14.740
would have been able to see the social[br]graph of the users. I don't know if you
0:31:14.740,0:31:19.620
have managed to look at other devices. Can[br]you elaborate a little bit more on
0:31:19.620,0:31:27.430
something that I believe more serious.[br]Which is the profiling of users behavior,
0:31:27.430,0:31:33.720
social networks and so on?[br]A: So of course it didn't take a look of
0:31:33.720,0:31:37.230
all the data because it was so critical in[br]my opinion, that I directly contacted the
0:31:37.230,0:31:42.360
CERT-Bund. So I can't give you any[br]information about the data of course. I
0:31:42.360,0:31:46.090
also took a look at like things like[br]tracking and stuff like that and in this
0:31:46.090,0:31:51.890
case there was not a lot of tracking going[br]on at the german sex toys. But when you
0:31:51.890,0:31:55.570
compared it to the Chinese sex toys, there[br]is way more tracking and stuff like that
0:31:55.570,0:32:01.570
going on. But I didn't took like a[br]detailed look into that.
0:32:01.570,0:32:08.700
Herald: Thank you. Thank you again for[br]the educational and entertaining talk
0:32:08.700,0:32:14.751
and hopefully a lot of rounds of applause.
0:32:14.751,0:32:18.561
applause
0:32:18.561,0:32:24.146
35c3 postroll music
0:32:24.146,0:32:41.000
subtitles created by c3subtitles.de[br]in the year 2019. Join, and help us!