Tips To Survive Hacker Week In Las Vegas
If you are coming to attend DEFCON, BSidesLV or the Black Hat Conference, always be alert and prepared. Thousands of hackers will be around, it's like swimming in the kiddie pool with sharks. During the last week of July or first week of August, it is usually "Hacker Week" in Las Vegas. It is summer, the city is full of tourists and people just getting out and enjoying the attractions on the "strip". Unsuspectingly not knowing that there are "hackers" all around at this time of the year. There is no need to spread fear, but more about awareness. These are some things to watch out for during the most "dangerous" week in Vegas. Common sense is mostly needed of course and these tips might help.
It starts at the parking lot
Watch out for "SARA", she may be a beauty but looks can be deceiving. SARA is the "Signal Amplification Relay Attack". The signal from a car key fob can be intercepted without the car owner being aware. The signal is then copied to a special device that will then use that signal to break into the owner's car. This exploit seems easy enough to carry out, but it only affects certain car models. Here are some car models affected:
https://www.forbes.com/sites/thomasbrewster/2016/03/21/audi-bmw-ford-thief-car-hacking/#2cccd9514f1e
Best defense against this is to shield the key fob with a special pouch called an anti-theft Faraday Cage (like wrapping it in foil). Most car key fobs are now protected by encrypted signals which will foil any attempt to copy the signal unless your car model is on the list of vulnerable cars. Another way is to attend the conferences by bus, taxi or ride sharing service. That way you don't have to worry about paid parking or even finding a spot to park at.
Watch or lock your valuables in your hotel room, always
So you check into your hotel room. First thing to do is use the hotel provided safe or vault if there is one available inside the room. Put all personal belongings you will not bring with you inside the safe. Avoid the "Evil Maid" exploit, which can actually happen. If you have plenty of personal items of value, this can attract thieves, not just hackers. For mobile and electronic devices, best to keep them or store in a safe place with a pad lock. If your devices contain sensitive information, use tracking on them like with Apple's Find My iPhone app. Another way to prevent information theft is encrypting your storage device. It is best to use strong passwords on these devices too in order to prevent easy access should they end up in the wrong hands.
If you don't need to use your smartphone, shut it off
You may have heard stories of an Android or iOS smartphone getting hacked. It is possible when the smartphone uses WiFi. During hacker week, hundreds of WiFi access points will be available, but some will be for malicious purposes. How to spot them, well, it is suspicious if the access point is not encrypted and there is no password to join. Some WiFi access points will pretend to be legit by using a common name. Problem is if your devices, smartphone or laptop are set to automatically connect to the network they may just access that rogue WiFi access point.
Another new trick discovered is the "IMSI Catcher". This is a fake cellular tower that gathers IMSI signals from smartphones and other connected devices. If your IMSI information is compromised, this allows hackers to eavesdrop on your calls and capture data coming from your smartphone.
If you are not on a call or checking important things on your smartphone, just put it in airplane mode. This shuts off all access to your smartphone, lessening the attack vectors. The NFC, bluetooth, LTE and WiFi are all disabled. This means your smartphone will not be accessible to others. To make sure it is probably best to just turn it off.
Use a VPN or Tor when browsing
So you got the guest WiFi access from the legit conference organizers, assuming that they are. Who knows though, right? It is best to use a VPN or Tor browser to hide your tracks. If your WiFi access goes through a rogue system, they can track all your whereabouts like websites you visit and even attempt to capture your encrypted data traffic and brute force it to get your data. The benefits of a VPN is that you are going through a more private network which is not only encrypted but hides where you are going.
Keep an eye out for "social engineers"
These are not friendly "White Hats" who come in peace to greet you. These are more likely "Black Hats" who will work on your emotions to get what they want ... which is your information. They may be after identity, valuables or digital data. One of the oldest tricks in the book is someone pretending that their smartphone battery died and they will ask to borrow your phone to make an emergency call. Couldn't they just go to the hotel lobby to do that? The person could use your phone for more devious purposes. Other times it is fake brand ambassadors who may try to phish information. Be careful about signing forms that ask for really personal information, like social security. Why would they need your social for a 3 day room special package offer? Those are the questions to ask. So don't be too kind a stranger if you can help it.
Pity the fool who leaves their stuff laying around
There is no excuse for leaving a laptop unattended while going to the rest room. This gives hackers an opportunity to get on your system directly. They can also plant malware by sticking a thumb drive into your USB port. Even worse a bad actor can use a USB Killer to destroy your laptop's USB port. If not, then they can open your unprotected screen and browse your documents while you are away. If you do plan to go to the rest room quickly, then lock your screen and make sure it is password protected. The most obvious reason why to not leave your laptop is because someone can just walk up and steal it. It is best to use the kensington lock if available to chain your laptop to a table or chair. Take your laptop with you always.
Cashless is not a good idea
Using an ATM in hacker infested territory may not be a good idea. As precaution, bring cash. Some credit cards also emit an RFID signal. Keep cards using a shielded wallet or use an unorthodox trick like wrapping your wallet with aluminum foil. This helps to prevent RFID signals from leaking which hackers can intercept and use. It won't look stylish, though you can start the trend, but it does help to block signals. Wrapping a smartphone with foil also works, but it is probably best to just shut it off.
Finally, avoid the Wall Of Sheep, AMAP
If your e-mail gets posted on the "Wall of Sheep", "congratulations".
Disclaimer: This information is given as reference only. Always do your own research to verify facts.
Uncomplicated article. I learned a lot of interesting and cognitive. I'm screwed up with you, I'll be glad to reciprocal subscription))
Congratulations @vtce! You have received a personal award!
1 Year on Steemit
Click on the badge to view your Board of Honor.
Do not miss the last post from @steemitboard: