We’re back from another great Shmoocon weekend in DC with some very interesting lessons learned. For those of you who haven’t heard us talk about it before, Shmoocon is a yearly information security convention helded in Washington, D.C. Hermetic has been attending for 4 years now, bringing back as much knowledge to the area as we can and this year was no exception.
There were some great talks hosted by some of the best minds in infosec and we always leave with our minds blown. We’re hoping to bring some of that back and apply it to small business to keep our customers just that much safer. Here are a few of the lessons we’ve learned this weekend.
1. Turn off wireless radios when you’re in a room with a few hundred hackers.
Con attendance or not, it’s a great idea to keep wireless technologies flipped off when you’re in unfamiliar territory. While we aren’t 100% sure just yet, it’s possible that more than one of our devices was compromised over the weekend due to accidentally forgetting to turn off WiFi, Bluetooth and/or 3G data roaming. We’re looking forward to running forensics on the Android devices in question, but it’s definitely not a good feeling to have to wipe your devices when you’re unsure if you’ve just been owned.
You may not realize it, but even leaving your wireless radios on can leave vulnerabilities open on your mobile devices that could lead to potential compromise. And as we’ve always mentioned, whenever a system has been compromised, it can’t be relatively trusted again until it’s been formatted and had a fresh OS installation performed.
When you leave your wireless radios on, your phone, laptop, tablet, etc. is basically sitting in your luggage or pants pocket shouting out “Hey! I’m looking for my home or office router! Are any of you my home or office router?!” until something responds affirmatively, allowing you to connect. There are certain methods of tricking those devices into connecting to false access points by saying “Yeah, man, I’m totally your home network – here’s an IP address” and allowing it to connect. From there, it’s just a matter of knowing a few Android or iOS vulnerabilities to gain access to the device and go to town.
It’s always a good idea to leave your mobile device wireless radios off when traveling, even if just to save some juice. Be sure to keep them off when they aren’t in use at public hotspots (you know what… just don’t use public hotspots at all) and only connect your devices to access points you know are safe.
More coming soon!