2015 - Stephen Fisher Davies - Exploring android smartlocksk

also just welcome to the last order today I think it's about half an hour and we're all feeling other little bit worn out there can I just stare just a really good if everyone could come to lead their closing remarks because we do you know want to get feedback my kind of thing also we've got a couple of fair a couple of called prizes to give out that people don't understand me since we were so I just had to introduce even though to exploding get android's small scoring explode exploits left Mississippi I wish like this way through paypal more fun good afternoon everybody thank you very much for saying I appreciate you fully had a very very long day very well since

I mean let me get up six in the morning five in the morning before in the morning oh very much as a thank you i can tell you probably fighting soil some of this up as quickly as i can but keep it interesting all the same so first of all welcome to be sign so there's a little bit late in the day but I would do it anybody welcome anybody yet so we'll come with that my name is Steven fish Davis I work at scitech consultant i just opened up the newport branch in wales so i'm going to look newest senior digital friends and consultants we work on computers and mobile phones doing jtag chip off analysis including

detailed forensic analysis of computers for both the private sector and law enforcement agencies so saitek has been running since 1978 so quite an established company but i'm very new to the firm but i thought coming give the talk because i find this sort of interesting hopefully some of you guys find it interesting and just a quick short hands if i could is anybody here from this off digital forensics arena as it mainly cybercrime there's a few people in the room it's not so much for cybercrime this talk it is more digital forensics but as i said i'll try to keep it interested in the nest because it's nice to see sort of where testing is

going and if anybody here can sort of further improve this testing it would be greatly appreciate it as well because i had to call this exploring small box not exploiting smart locks because i thought oh yeah android smart it's going to be such an easy project to do i'm gonna be able to crack it straight away give everybody an amazing solution and we're going to be able to get around smart works very very easily but that wasn't the case unfortunately i'm just going to go through all the painstaking testing that I went through so many of you have to because it wasn't the most moving in the world but it was important that the last I feel so I what a smart box first

or so in Android lollipop 5.0 Android introduced a service called google trust agents so in your phone you might not realize that smart boxing get enabled but if you were to go through settings security interest agents in a lollipop they've got enabled a smart lock feature and you took that you will they get a new setting in the settings security and smart locks and this is what I'm going to be talking about today okay so smart locks can be used to unlock a phone either in the proximity to a place a device or a person's face so first of all I can go through the most important part of this and I know it it's just going to be on

the first slide but the most important thing you need to learn about smart boxes they look absolutely no difference to a phone that doesn't have a lock at all so if I just quickly flip over to my phone to go to the document camera you can see here I've got my Android wear device paired up with the side of my problem so we unlock the device here even seen just at the bottom there there's an unlocked block so the way I kind of remember this now if you slide up I'm going to be getting yourself a nice piece 68 of the year if you end up tapping the lock you're going to be getting a very nice 1545 because that me

invokes a lock so bad news if anybody is trying to look into small it you know if anybody sees is a mobile phone it really is as simple as that unlock the thumb and slide you're in you're getting your bonus at the end of the year if you get in and you tap on the lock that's no no rien put the smart block so it's very very easy for somebody who's inexperienced and doesn't recognize the stock to relocate on the phone so while that's one of the most important things I was going to sort of show really is well just do not tap this to not have it always slide so if anybody takes anything from it today we're going to go

back to the PC don't tap on this slide okay don't stop just slide right so when you first go into setup your smart locks you can see here I've got a few menus I'm going to stand back a little bit so you can see it's a bit more friendly soon as you straight away now going into the smartlock menu it says screen up ass word so my phone with a little unorthodox in it is not that my phone doesn't have a small is that I so it doesn't have a lock you can see straight away there I am passcode on my phone so that should be the first thing that comes to your mind settings

security passwords do their other passcode unless it has the word none at the top you're looking at up devices using the smart look or something very similar so again down the bottom go into the spotlight menu there there's no easy way to have a look at what's not locked somebody has from the phone menus alone so as you can see when I tip tap the smartlock menu the first thing I'm greeted with is either my smart my passcode for my phone or my swype code so you can't go in there and look at it you have to do it manually yourself ok on to the next slide so I'll go through the place aux first of all so when

lollipop was first introduced the only way that you can set something to a location without going into google maps and you can either set your phone to none not in the proximity of your home or your work location they were the only two available there's been a recent update where anybody can geofence any area they they want so is everyone familiar with the concept of geo fencing hmm so quite recently over the past few years Apple and Google have been very helpful they keeping an eye on everybody stones say when you're on the internet you have an established 3g connection even if you are connected to a Wi-Fi network it's uploading those Wi-Fi SIDS so the system

ID and mac addresses to music and those addresses are being used this or crowd-sourced way so that if you walk into an area so I go here I'm suddenly walk into starbucks Newport my phone knows that even without an established GPS connection that I'm in newport which is really handy because that means you can save a lot of power and still get an idea of where you're going so if you want to send a tweet for example and then you want to type a location on to that even very easily just send or having a lovely time in center parcs today without having to establish your gsm or your 3g connection your phone will have a look around and look for

crowd-sourced connections and it'll be able to work out where you are just from your Wi-Fi signal so great for users but it also enables this month or future to be possible so I go on to the next slide you can see there with a trusted place as home the first time i use it i'm going to be reminded by the wall just jack you know last night when you're having a few beers and you thought that you're smart up is a really really good idea you come home now I've turned your lock screen off so this is very helpful for in for forensic exam because the first if somebody foolishly accidentally enables the smartlock they're going to be reminded this is

what just happened on your phone I'm going to give you a bit of a reminder to say your phones are locking whenever you come home now are you sure you want this to happen so unfortunately accidental locks aren't going to happen quite so often as we'd like so the second type of block which I've gone on to is a device lock so with the device locked you can either do this with an NFC connection or a Bluetooth connection so my phone here you can see when I'm unlocking it is I can't do that can I post all back if I go to the doc can hear you see my phone is no case at unlocked so again you've

got the most unlocked symbol there you see that open padlock but as soon as I turn off my SmartWatch so if I go to settings go down power off my watch you can see just how quickly one of these logs will invoke shutting down and immediately there's lots of Bluetooth connection and I now no longer have a lock on my phone so this is very very quick and a very media action and this also works really need the proximity of the device so I've set this on my phone so whenever I'm near my phone I don't want to be bothered by my lock screen because I know it's on my wrist I walk more than thought it's ten meters away

from i watch is going to kick in immediately so forensic considerations for this is for the in particular or if you're in information security for them I'm sure that all of your phones in your third whether Android iOS blackberry whatever it might be all of your phones are going to be locked by some sort powerful encryption so even if we were to do a JTAG analysis on these phones if we went to do a chip off analysis on these phones or we're going to get is a lovely copy of all the encrypted data so why would we throw away the opportunity to seize the key to the safe so a lot of people are seizing all our phones these

days but they're not seizing the devices that might be powering them up and other considerations you can make as well are not that I'd recommend doing this but if you were really clever you could pair this to innovative medical device you want to be damn sure that it's got a good battery on it if you're going to be blue tooth pairing this to your pacemaker or insulin delivery system but that is something you can do as well is anyone familiar with PT le that bluetooth low energy technology so meaty le is a small token device no bigger than a two pegs piece for me the thickness of about two pound coins at the most and BTW le there's a really

good paper written by alex lest i believe the guys Davis and he has written a research study on on BTW i am their uses so the idea with bt le this is going to start really entering the mainstream whereby if you're a virgin galactic customer let's say you're probably quite a premium to have your card every year so they're going to try and sim these voices down in bed BTW le incident so that when you walk into the flight down for the day your PT ally device is picked up by the airport it is admitting an ID that airport knows that you're there and then you receive a text message that says what Wi-Fi password is for the day from the lounge

so you could technically hide a bluetooth low energy device in your ceiling you could have it in the wall you could have it in your television anything at all you can pick that and whenever you're in close proximity to it your formal or not so one of the biggest examples I've seen for this and I've seen at least three people now and this is I come through a lot of people's cars trying this is that if you were investigating the criminal you have the right warrants etc you could potentially take day from take it to their car fire up the ignition bluetooth on the cartoons on their phone unlocks see you've got our strong 256 AES encrypted

Android device that all you need to do is take it to their car turn the key in the ignition and it'll decrypt itself for you why would we not want to do that why would we not why would we throw away the key to the safe and I've seen people in quite senior places that you wouldn't think would have this sort of thing enabled but again the first time you want a smile back the first thing you're welcome with is would you like to pay your advice to whether this be your car whether it be or 0 to 360 or another it's going to say hey it's not up to a great idea what if you have this device

onto your smart bomb and originally I have an advocate sensible idea that would just straight up drop into your protective devices interested devices so the first thing you go any oh yeah why not go on smart life banging it hit trust of it and i've taken this people's cars and I've shown them that their phones doing this and they had absolutely no idea that they've been setting it but I think we will call quite smart this because people would have been like my code isn't working anymore turns off everytime I go into the car now when you go to a vehicle or to a Bluetooth device the first time you've added you have to confirm your password

now to add it to one of those trusted devices so no longer will we be able to just sort of sneak up some of these car to the room to go on and add it to a trusted advice you also need their passcode everyone with me so far everyone's still awake thank you very much ok so and again the first thing that you unlock it you're going to get this sickness reminder here so you've just connected to this I'm just going to let you know the first time you use this device you told me last time I connect to this device you should rip my lock screen off so again uses the set this in

avert only when they're from or than they think it's a really good idea they're going to get that reminder the next time they do in their country speaker on the next time they go to the car or whatever one of the things you should be really aware of if you're looking for a Bluetooth devices Android wear is a really big thing that was really picking up this all Android way disconnect that should be screening out to you there's something missing I need to go an extra device is that's so saying there's a key to the safe I don't know if it's there and one of the really big things I don't know again unless you

forensically analyzed the mobile phone you wouldn't necessarily know this for forensic examiners we need a DB access a degree is the bread and butter for all of our forensics involving Android it is short for an Android debug bridge enables us a connection into the phone to push files profiles so basically examinations will push in an agent into the phone which acts as a Trojan and that will then open a back door to the phone speaking download your life contacts calls internet history and a various menagerie of other things but one of the biggest things we need to use at the minute ecor pkng are short for a backup manager and we can use that to pull an entire

backup of your home so that includes appdata apks in key K cash all enabled with Android debug mode and who wore very very very lovingly haven't bought anything with a smartlock there's absolutely no restrictions through popping into the menus and enabling anything good so if you've got something with a smartlock going with a deep evil plug it into your computer pair it with your computer and even if the code me kicks in at a later stage you're going to have unlimited and relinquished access to that device on all the versions of Android you could potentially privilege escalate or you could and pull a copy of their lock code you could turn the opcode not again this

does differ from hence at the handset but I think you'll all agree a really useful feature that happen it's quite surprising really the Google enable smart locks but left the ability to enable a DB on so i thought i was really useful so right so everybody so been thinking about if you can't get into these marks and what good how do you know if they're on because I was saying to get into the smartlock men you need to enter the person's passcode but the only indication we have that they grow smart code at the moment a smartlock story is if you go into settings security and their pass really set something other than none but if you

can enable a TV that is a really useful command you can run which is easy shell doses so if I sort of zoom in here again I'm going to stand back a lot bit that you can see written down here is a little help line so the something that I'm not really mentioned as a lot without growing locks is there they're not infinite so if you imagine every time you activate the phone the smartlock is like a very slowly dripping away sand timer and after four hours of no activity on the phone no matter whether it's a location along a proximity not to a bloom to his device it's going to click shut after four

hours you are off the screen it opens up again you start sending the text message it opens up again unlock the screen any sort of user interaction with fungal or pause that block to keep on building up so we've got two options here we can either preserve the battery of the phone because some time is going to be a sorry preserve the battery of the external device like the Bluetooth device keep it charged keep the phone going but with something like Android wear device like the Moto 360 does anybody have a charger for this in there are other than people who who have watch probably Knox this is quite a niche device it uses or QR

charging but it likes to be in the dock so you need to either separate the two devices from each other big enough will freeze the lock or you have to keep the device alive and keep keep tapping at least once every three hours 59 minutes to ensure that it stays alive so using what we now know about smallpox you can see in log eight there can everybody see that I know it's a a bit big so in long eight at 18 25 12 prank trust agent Google trust agent location trusted that's me arriving home after a long game work so if you're trying to do a murder investigation or a drug supply investigation or something of a similar

ilk and even know what that person's trusted location is low ball he arrived home 1825 his wife had already been dead for an hour it couldn't have been him or at least his device was if you look at the demand a log just above that you can see I wasn't really doing much on my phone that evening in long 7 to 14 in the morning if you subtract four hours from that that's me going to bed at about twenty to eleven at night right with the max yet so I haven't done anything with my phone for four hours and it's a lot back up so again if you pull the smart locks smut block logs out

of the phone you can get a little bit of an understanding of what that person's doing where they're going and you can see on this day here I was probably having a little bit too much coffee so in on 27 29 and 31 every couple of minutes I'm making that back and forth to the toilet leaving my phone up my desk well watch on my wrist and my position trusted brand let's trust is going to revoke trust revolt trust revolt right that's me going back and forth to improper way to my phone and you can see you know just leaving it you don't have to unlock it again it'll be about trust every time you come back to

the phone as long as it's within a four-hour window okay and then if we missile could have fun without a lock again it's not ready much help to anybody but if you did Amy be dumb sis you can see there in that top exam or hear this this is a phone that doesn't have any locks you see you're not going to get anything at all and in the one down here I'm just going to show you I go on to discuss this a little bit later but you can see just how quickly so these August commune revoked so 1212 4455 that's been revoked 12 12 32 and 33 there is locking up very quickly and

i'll go on to say what that is a little bit later okay so the fun part this is the testing that I had to do so I was thinking if my phone is going home it's going to be using a digital system it's not sentient it's not kidding it must be using some sort of digital evidence to no one in the hole so the first thing that came to my head back Wi-Fi that's going to be how it's doing it using it to your fencing geofencing uses Wi-Fi is gotta have something to do with a Wi-Fi so I cracked open the Wi-Fi pineapple and again I'm trend so keep it down in time is everybody familiar with the

Wi-Fi pineapple sure fine I'll go over very quickly I'm so it's all good so everyone has a rough idea I'm sorry for anybody that hasn't done it but basically what it will do it will look for Wi-Fi ap ends or short access point names with the one antenna it will then receive all of the data it's looking at and fire those ap ends up with another runtime so I configured pi AP I right here so you can see straight away then my phone started leaking out all of the hot spots that has ever been connected to and suddenly it because it's in my house sadly that didn't work unlike android kitkat android kitkat up until

iOS sorry android version 5.0 or whatever the version before I was it didn't have to have the same APN and password in a lollipop Without Really documenting it very well google her added an extra layer of trust whereby you won't normally have to have the same Sid we had to say have the same access point password as well does that make sense so the only way that I was able to do this was to use a forensic tool so I can I've analyzed the person's computer and pull out no Wi-Fi passwords I'm a good look at other phones in the case and I can pull out of Wi-Fi passwords using something like celebrates or X or

Y or one of the most obvious ways just crack open their roots room have a look what's written on the bottom how many user lands users are going to be changing their password if they're silly enough to have a smart lock on you can't be on superior user mind you you're one of the infosec people you're in the conference it doesn't come it doesn't come but you know all you would need to do then it in my testing is fire it up use a different Android device or something else capable of broadcasting and Android network a wireless network and just emulate the same said and the same sieve and password and that's all you need it doesn't check the

mac address it doesn't check that you're in proximity to anywhere too clever I thought so when I did this I was all excited I finally managed to fool it because a big part of computer forensics is you know we have four principles we have to abide to under the Apple principles we have 21 not modify any evidence to if you do have to change evidence so if you're going to remove a cold or if you're going to have to brute force the system in some way you have to know what you're doing three out to document what you're doing and for you have to you have to make sure that the OIC in the case is fully apprised of

everything that you are doing so really if I'm is emulating hot spots and changing this and changing that I this phone suddenly thinks it's been announced house it's being sent to parks it's been inhaling all day has been buttons it being a be cited suddenly and all of those wireless information records all of that information about where that phone's been for the last two years whatever is all gone now it's no use so it wasn't really an ideal method even if I could spruce the wireless network but what I found was the most tricky thing was when I did this and I got all excited I took the phone into my office to show my colleagues what I've

done I into the Wi-Fi hotspot I do it they go I'll up the phone will unlock anybody now it's going to unlock ah and google them something very clever here and this is where everybody in the room comes in really love to get your feedback on this because again this is quite exhaustive my wife was watching a serious corporately little liars like images boring as hell which is why I got the time to do all of this testing but I tried taking the wireless passcode to the sip out of the phone taking to work it's still knew that I tended towards a trap it must be using the gps antenna so i take the sim out i take it to work is

still knows a gps antenna look at the phone it can still get signal even without sin carne said i know i'm going to fall this unlock the phone in my house I let it see my wireless network it unlocks visit things in stone I put it in a Faraday back I take it all the way to work I put it in our own a box close the body box ticket out friday by it knows what a prism I then disassemble the phone took out the wireless antenna took out the gps antenna put it in a file a bag took it to work put in the bounding box closed the box still heroes there so goodness knows how they're

doing this but it's been very clever I'm guessing it's got to be something to do with an individual time act on the device so it needs to either see and this is the other thing as well so I just going back to my experimentation I could turn the phone off I can turn it back on I could unlock it with the antenna I'm detached so it doesn't know what mass time near it doesn't know that I've moved and it will still unlock in my home I cannot replicate that if you're always later in the office I just cannot do it so there must be something to do the accelerometer in the phone or gaps but I've got to be honest this was

I saw proof of concept and I could have tested this today or the s3 that I was using but that's not really a real-life experiment because there's everybody knows just a base flavor of operating system unless you're using something like a Nexus device that has plain android which could be tweeted ways documenting this for an individual phone wouldn't have done anybody any good so I think the only safe way of doing this would be to take it to a person's home click off their internet so you know you're not going to be able to receive a remote wipe to command or anything emulate the hotspot and do it now because I don't to tell you why but it does not work

outside of somebody else I've got my twitter handle by email if somebody else does work it I'll be gratefully gratefully gratefully received any feedback a predator in the paper or republish it somewhere for a much better talk but you know all of this testing that I did it didn't take five minutes it took me several weeks and I'm how to do this every morning take it to Bristol with me unlocking work and just I just wanted to share all of my failures really in it just so that you know you know what not to do really because it's a lot of time really I don't want anybody else to go through it okay are you doing nothing happened okay so NFC

ones that I don't really understand the NFC locks and how they can be used a small box they do seem a little bit pointless of redundant because if you if you block your phone most android phones are going to turn off your NFC adapter so even if I've got an NFC is after on my wall I come home a wife scan the phone it's not going to work because my NFC adapter is off so the only way i can imagine you would be able to use an NFC adapter to enable a smartlock would be has anyone seen in android lollipop is especially your kids you can log in is like an admin and you can login is like a child

so I I didn't have enough devices to test this on but I'd imagine you know the login is another user that doesn't have sudo privileges doesn't have permission to your photographs doesn't have permissions to your texts etc which will then turn on the NFC adapter this kind but who is going to really do that that's not a very practical implementation it's not like just tuning on your watcher starting up your car it's a bit cumbersome but if you were to do sir do anything like this again no for my mistakes I went through a good 10 20 points with of NFC tags before I realize the peeling them off the wall broke them so if you're going to do it

get an NFC cloning application and clone the NFC tag paste it back to another one and then use that back in the lab because peeling them off the walls not going to do a bunch of good oh it's all good things one of those you here which is more anything I actually I haven't actually successfully tested it because in everything I've got I don't have because of the roms I'm running it didn't give me the option to add that secondary user because on every main menu of the s3 that I tested HTC m7 and m8 the NFC adapter was off at the lock screen which I was trying to bypass so it would have to be a reform that would

enable multiple users that secondary user would enable the NFC tag I'm guessing again is only guess that movement scan the NFC tag short Google use those who the Nexus devices or to factor all so that microbe albeit do you know in the with the Nexus devices is the NFC sky available unlock life I believe all right fine affinity male be any any sort of testing that you could do it would be great to your CL share with anybody who's interested in hearing it really then we go on again these inquires tested Burton wonder the new locks is come in recently his own body protection and this one's very very sneaky so this one you put as little as

forty four seconds of a game I've heard you to tell you how long it took there are many times I had to pick up the phone it's a 4341 and just I saw did a bubble swords in methanol was throwing it at 20 then 15 and 35 but I've worked that out exactly 44 seconds you rip it off the desk in 44 seconds it's not going to lock so if you had on warning lock you have it in your pocket you're walking around all day you have any handbag whatever it might be you want to use and that phone if you put down on the desk when we've all been there you come in what's the first thing you do

after you've been on site instance you've been carrying the phone around you go I know what I'm going to go get it through so unless you can make up room in 43 seconds I do not recommend putting phones down on the table until you check this not block settings again it's worse case scenario but we always know these sort of things but the one good thing with smart box is if you're examining in somebody's house and had no body detection lock on it putting it down for 44 seconds or more because every other lock override the other see if you have my body protection and a watch the watch is going to enable the phone to stay or not if you have a

watch and location settings and watched eyes but you still at home again it's not going to lock unless that for hours kicks in does that make sense Cecily I didn't explain very well previously another thing that isn't very helpful is that when you have a device it will after 30 days or so or remind the user regardless of warlock they've got whether it's on body on device face unlock NFC it's going to remind that it said it's going to usually one set this I know reminded you the first time use if you are you sure you want to use this lock so again people who accidentally set it or thought it was a really good

idea 30 days ago might change their mind at a later stage and the biggest thing unfortunately the smart box only work as long as the phone is powered so again most police policies would be you see the mobile phone and turn it off exactly as the Apple fingerprint sensor works a surgeon to learn that device off the fingerprint sensors going to turn off on an iPhone small box are going to turn off on an Android device it's an irreversible process if you turn that phone off regardless of whether add smart locks the smartlock blogs are going to go because they were Gordon round and the small block is going to be just completely crapped out

you can't use it anymore not until I use it puts another successful unlock code into it so that's again a little bit of a bummer because it's only really good for instant response sort of live action taking all these devices because if you're looking in somebody and you think they've got a lock you really need to consider you know have they got a lock on there is it going to lock if I put it down on the desk just it's just this is only going to be the higher echelon criminals it's going to be the high rational a lot of jobs that we can put this sort of thing into because the most of the time you know Roberts techniques

like cheerio jtag analysis but again the higher echelon of criminals if you have a phone and it was fully encrypted even if we do a JTAG analysis on this or a chip off analysis all we're going to get is a fully encrypted copy of their data why throw away with you it's just it just it just doesn't make any sense so so finding so far so the phone has to be on as I mentioned it will work with Wi-Fi but it seems to be doing something else with GPS on the cell tower your phone will somehow know if it's nine its original location as still needs to be clarified which I can't tell you fortunately they only last up to four

hours so you need to ensure that if you're going to prioritize any phones in that case you need to either do it before the battery dies on the device appear to or you want to ideally do it in the location that's currently set to be unlocked to and the Wi-Fi SSID has to be both SSID and password which wasn't the case before so that's about it really sells best small boxes forensic examiners best friend locks I would say but so does anybody have any questions yeah when you move your friend of devices home office yes

it's a very good question i only did the one up wireless Sid and i have heard theories would be one again this hasn't been tested the perhaps is not looking only at my CSS ID it might also be looking at the surrounding neighbors replicating the breakfast of the other states yes but that's how Google's navigation yes if you if you know the manifest all day quality-wise you can find its location with the white clay rich people yeah then it's a very good theory is when I good performer I I want don't have enough devices unfortunately to make enough ad hoc networks I don't really get all my neighbors enough to ask them all to turn off there was

additional 10 minutes I could but again not too sure that my neighbors take too kindly to get knocked off their orbital module brokers directly to take a wireless snapshot okay normal a survival code yes they all say it's all the math classes and then doesn't the processing code into dates practical it's not a problem so you know in the office you stay up three or four access points which are both setting sside rates are the same mac addresses being exchanged details at the end I be very interesting i only know my name into a minimal standard really i'd be interested to hear if you've got a way or if you've got any documents will show how i can

record whenever my good sir thank you i'll show you there no one suggested during the entire experiment with else I would be interesting get to make alongside every day in translation obviously everybody ever so gently do all of that as well as happening I would be very interested there is in signal strength as well because sharing all that for what we really want doing setting your home location be suddenly you can replicate the three reaction points the separator they're physically separated with no differences and then see how to jump a whole lotta also work with just one SSID that would be the ideal see efficient ready women if you think your invites you to move far

outside how we do the incident commander last two years so do you want to have someone if you get myself I agree thank you very much yes just the it's an airport lagos watch your locket there yes so I've actually tried it all physically disconnected in the GSM antennas that it will still so it doesn't have to it doesn't have to have any reliable network and if you think the things like this is where another wireless things like tablets they don't have a GSM antenna necessarily or a GS side GSM antenna or GPS antenna all the time so I think they would have programmed it at a very basic level so the whole broad spectrum of devices can be used I've

just one dollar from first series is hoping of any any NFC at all but is in all the devices that I've got they don't the receiver in the phone so the actual actual hardware that would read NFC regardless of what type of NFC is is it on a blog screen so i would need to find another test of ice i got a limit of time a little bit more budget for a research now i'm no longer in the place but ironically so i could probably get hold of a little bit more like time and some of the test devices to test that on but as i said the m7 DNA and the s3 night rider on I didn't have I didn't

have the NFC enabled the menu menu next exercise until like that yes lucky so I will just go through my my two cents borrow never gone I think that you're is based on Excel Rana might be the best uses Google now to pull it on or you park your car explore now if never good to know that based on purely gps based on purely cell signals of a nose it's been moved yes especially with the news it goes speed down yes think that your cell phone might be big and an interesting thing as well too so go with the accelerometer I didn't mention this with 44 seconds I did test this to death I've tried it on the table a train and

the movement of the Train is enough to keep make it think it's moving sometimes it's also I've tried it that way it's not using the camera because I thought maybe it's looking for darkness in your pocket and then when you pull it out so it won't work that way that way that way that way that way that way any of its or more accesses you could put it down sideways on the table balancing or what engine or still no it's it's set down this is where i went on the accelerometer route rather than you know a flat level surface it can be at any angle i've tried it slope upwards downwards left right up now it just

looks for lack of movement so I think if if you wanted to you could put it on a baby's Romero and still think it's in somebody's pocket it's looking for that that's likely a believer changing both sugars I thought you live eight that like they moved it when it slips off singing sorry to say you said you moved it wasn't my fault and switch off its gonna do it who's this this is just specifically the way to attack the position lock the weather it does is what and I haven't tested it specifically it would be interesting to see whether in my home if I kind of waved it above it when I thought I'd being moved I was

just all work I just confusing it off the back of these if you if you keep an eye on my Twitter account next I'm gonna have similar because I've got a baby on my way so I cannot promise that I'm going to have all the time in the world in the next few weeks but if I can find the time I'll be sure to update the documentation on it i'll email out to the b-sides people who can send out to people in the vehicle that people are interested if not a few if you feel free to drop off your business cards like the ensure that your app to dinner yup insulin for the middle quite exciting

what you saying Faraday cage I know the location cellspacing screams as well okay I don't have been established in my people throwing in with bracket-y thing it consent you cycle through driving at our gym saying your site with them going to work is that way when I'm cycling if this i'm walking show so now it's when they are compacted basement screams so additional experiments peaked accelerometer in the house by shaking the balls off is done by the new friend called it there the scientific technique known to all men and with earlier sir jeremy NFC adapter honor and existing I'm just easy I'll get it done in five minutes okay did you have a question is

all this is this is what I like about this job is it's not necessarily overly techy and this is something actually I'm just going to bring it up you know with all of the different things you can you can you can hack the phones you can rip apart the GUI and everything but I always like this oo left a CD you know I saw saying his laptops encrypted that's not a million-dollar cluster to crack it yeah not a bad idea but really sometimes the best idea is a five-dollar wrench and this is exactly what likes I'll you know we can do tip-offs we can do jtags to sometimes the five-dollar wrenches occasionally the best idea any

further questions no no no I didn't one more yes about European source the I shall I forget the name of it right in the beginning I mentioned it was google untrust agents so it doesn't have to be specifically small box they all of this testing was done with a google smartwatch service you could build your own API in apk including small or functionality so in the testing that I got I have to make sure that you bring this chapter website up just to get him some here a lot of this was brought up by visiting this this website here by a chuck nan in half and he made a poor ghetto lock and an example unshown as an

example everything that I'm showing you here with his own custom-built I'm so you know it's not exclusive to smart locks and I'm sure if I was a far more talented programmer or any sort of programmer at all I can rip apart the wrong and have a bet slightly better understanding how it knows it's at the location is it's all going to be in the source code but unfortunately us a little bit beyond my skill set the short answer is not to hear insulting others if you flash your and white of its next energy it's one of the things do not get Google's I will gather gaps linking rings 2x earlier we probably have the package and I've been seeing incremental

updates just like location rocks used to be exclusively the homework then he'll dump your fancy whereas the smart used to be any Bluetooth device you just tapped it and go and if you don't have it and have to put your lock coding so it is evolved it

my hand

I have run to impatience I have considered that but having the fourth or I've got a little bit of a scatterbrain as you can see when they go back and forth of the slides I could put in a bank for two hours and have an alarm set and I love forgotten that the alarm was fall by the time it goes off this or a different place where is going on in the office but it's but it is a fair point but I'd say it'd probably be exclusive it's not going to be exclusive to the OS is going to be wrong dependence so what if he was testing I don't know thank you for listening I got some business cards

only that the phone if anybody's interested we do offer a free consultation service and one of the particular services that we do is a PDP encrypted ripoffs on blackberry devices which I believe we are they they saw provided for in the UK so feel free to visit us at scitech consultants com thank you very much so that's the panel talk on track to today closing remarks are just about to happen in track one so it could make your way there that'd be much appreciated we've got some prizes to give out so it's quite you think we've got well as we cannot dance around

you