PG - Human honeypots, or: How I Learned to Stop Worrying and Love The Implant - Nick Koch

so I'm here to give a good morning and welcome to besides Las Vegas proving ground to you guys this talk is human honey pots or how I learned to stop worrying and love the implant by Nick Koch a few announcements before we begin we'd like to thank our sponsors especially our inner circle sponsors the critical sack and volley mail and our stellar sponsors Amazon blackberry and Microsoft it's their support along with our other sponsors donors and volunteers that make this event possible as I mentioned the camera is live the mics are hot so please go ahead and take this time to silence your cellphone's so that we are not going to interrupt the speakers or our audience on YouTube and

if you have any questions the talk please flag me down I will wander over with the microphone so that YouTube has the pleasure of hearing your question as well without much ado good morning I'm Nikki nice she just said this is human honey pots or how I learned to stop worrying and love the implant now a little bit about myself I'm a side security student at Pensacola State College I'm a member of the cyber defense Club and I'm the resident bio hacker if you want to ou sent me further my blog is down there as well as my twitter handle now I have a lot to cover and not a lot of time before I get

Shepard hooked off the stage so here's a brief agenda first why am i here followed by a brief treatise on Nia Nia field communications and then implants and then finally I am become cyborg the destroyer phones now the times are changing younger generations are growing up with better security awareness the less susceptible to just clicking on suspicious links on Facebook or in their email and because of this we have to adapt and overcome now the technology available to us is also changing to the advent of NFC and RFID implants we have more ways of getting these messages across stuffing more tricks up our sleeves or in this case skin now our mobile devices are carrying

increasingly more and more sensitive information our text messages have our two factor authentication keys our photos have work schedules or passwords and pictures of various nature's personal notes contain our journals and our medication reminders and Facebook and Instagram both have a location data and of course names numbers addresses in those associations while they don't seem like much at first add up very quickly now before we get into the meat and potatoes we have to do a little bit of housekeeping hence a previous on near field of communications now how does it work what you see when an active device and a passive device love each other very much they do something thank you they do something incredibly special and

this is called hold or electro dynamic coupling now active devices can both read and write data and for example we have smartphone right here have a Clark smirk and we have a smart lock well that's our passive devices are read-only and our examples being key fobs smart codes and of course implants now they'll have multiple users sharing social media links storing your medical info sending someone to fake book calm and active devices have different modes you have peer-to-peer mode which is two active devices just talking to each other and exchanging data card emulation mode which is you clone a passive device and the replay it back and reading and writing reading and writing is what

we're going to be spending most of our time on and is simply lead from a device and put it on your passive device now we have end of now this is how we communicate to our password devices it's the language of NFC as the NFC data exchange format now in depth records or separate it into a header and a payload and it's up to the transmitting and receiving applications to agreed on the formatting and definition of that payload and all that means is if you try to open up a app that doesn't exist on someone's smartphone the smartphone is going to scream at you and go hey what the hell is this now headers are going to contain the

record ID how long the record is and the type so it's a picture video but maybe the login information for your Wi-Fi pineapple whatever and the payload is actually what it is now the length of them well theoretically that can be about as long as you want practically speaking it's a different story now your typical implant only has 800 a six bytes of storage however as of the writing of this dangerous things released one that does eight kilobytes however it's not the size that matters it's how you use it in this case you see if you're sitting at a bar and you're trying to get someone's phone to scan your chip the longer that payload is the longer it's

going to take for it to completely transfer over to your active device so if so much a brownie bumps into you you've got to start all over and it's going to start getting suspicious really fast now time for the implants now why in the hell would you have a chip a little piece of bullet silicate glass with some copper wire inside of it shoved inside your hand well for one I still know enough that people aren't going to believe you and to show them so of course that's your way in hey I don't believe you well hand me your phone and of course it's just way cooler than an NFC vein for a business card that seems a little superficial but

again new technology we love shiny things I mean we've seen NFC rings before we've seen and seen business cards before not many people have seen a chip implanted under one skin now the procedure like this you have a sir you'll have two types of implants a surgical tag and a flat flex tag now the cylindrical tag is a quick injection and there's a variety of safe implantation areas that we'll get into in a moment and they're not that painful now don't get me wrong the painful but not painful as you might think well it's the flex tag it's going to require an incision and some stitches and the implantation areas are still being tested however there is a general

rule of thumb for where you can put them and they are incredibly painful there I could go and be cutting into you and again stitching you up and you're not going to get any painkillers that being said caution the following slides contain some minor Medical Corps if you're squeamish turn away now anyone anyone cool so implantation implantation areas we have the webbing which is where this poor guy's being poked between the index finger and the thumb and it has the perk of being easier access from the active device so you can just hop your phone on it with the low risk of damaging nerves or blood vessels mainly just fat and skin in that area next up you have the

metacarpals no the metacarpals or the top of your hand right here and of course it's easy to access just type your phone on top of it however depending on your personal Anatomy you might not want to choose this location and that's because you have a lot of bones you have veins running across the top and your hands are fragile precious things next up and have the blade now the plate it's not let's say that was practical for this application it's great for if you're doing access control and just want to bump a door and open and however again depending on your own Anatomy there's some risk involved here because you have a lot of muscle so if you don't

have a lot of fat in that area or just lost gaining it's very easy to go too deep and to go into that muscle mess and your hand up now for the Flex tags there's no real trip third location again they're all being tested out however so long as it doesn't constantly flex which I know it's a bit counterintuitive it's fine that means that yes while you can give what you're attacking the middle finger it's not exactly the best idea some people like to pop the knuckles like this and this is essentially a ribbon cable the chance it might creak inside of you for anyone that had to close your eyes and I'll think there's anyone it's

now safe to open them we might now go back to our regularly scheduled presentation now post the implantation I'm going to repeat this a couple times put a password on your implant the last thing you want is for it to be locked in the read-only mode and you not know it and then you're walking about with goatse in your hand now if this happens it's not the end of the world but you're going to be sitting there for two or three hours for the proxmark on your hand trying to crack that key and it's also not going to be very well at first this is normal don't panic your hand is swelling and it's increasing the size or it's increase in

the area between your your active device and your implant you need to be touching and the closer you are the better and of course you have implant migration these aren't coded in by a bond they're going to move around for the first couple weeks until the collagen starts forming around them please please please please please please follow your aftercare instructions especially if you get one during hacker summer camp infections are no joke complex is a real thing this will also help we do scoring and keep your healing time short so you can get around you playing with your implant in other words case scenario should you want to upgrade it's a standard I'll pay some procedure make a little slip pop it

out like a zit you're good to go and they're more doable than you might think and athletes have these the cross players peeing right on the implant I do Hema longsword pow right on the implant if you're in pain gets crushed your hand is also likely crushed you have bigger things to worry about now as much as they may look like magic they ought to have a few limitations surgical tags for example are kind of picky about positioning now this is because most active devices are designed for flat surfaces and well these are not and because of the way those shapes are also going to have a very small surface area now flat tags they need better but

the nos flex well as the name implies and they're easier to notice due to scarring and then smartphones themselves now small phones actually are doing a pretty good job at protecting against these kind of attacks for example your phone will not scan unless it is unlocked that's great that used to not be the case the antenna it's not always in the same place as well so if you were talking Android here variety of different Android phones some antennas maybe on the side so maybe on the top some might not even have NFC at all so you might want to be searched at all beforehand and you have to be touching the device this means that some phone

cases OtterBox is maybe one of those cases I'll cover in crystals on the back whatever your tastes may be might interfere with the implant and of course your user has to have NFC enabled to begin with but with Google pay and stuff like that that's already highly likely now we have an implant you're now a cyborg what can you do now DLC yes thank you a yes your implants have downloadable content in the form of apps that you put on your phone to interface with them of course we have dangerous NFC which will protect your implant and is literally the first thing you should do and then we have NFC tools now NFC tools is free however if you're

putting a chip inside your body spring for the pro version and support the developer as well and this allows you to easily read from and write to your implant now for attack vectors we'll start off with malicious links so your targets going to scan the chip and it's going to send them to a fraudulent website for credential harvesting maybe you're going to emulate Facebook and ask for GPS permissions and this is going to last so long as the browser's open its file to smile we're now this is going to be quite a little bit of social engineering because what's going to happen it's pop up a prompt saying hey do you really want to go to this website so what you

do is you hide it either with a link shortener like a bit ly link or just overload them with the information in and now make a hilariously long URL next up have Bluetooth so this is great for if you want you actually go through the phone own they scan the chip and it's going to connect them to the Bluetooth device with your choosing even if pre tooth is off it's still going to start connecting to your device and this is good fondue you please know a finger blue bugging with the caveat of of course you have to stay within Bluetooth range Wi-Fi works the same way they scan the chip and it directs them to a specific access point so Wi-Fi

pineapple or whatever your choice of rogue access point may be and this is good for man in the middle of traffic analysis and what-have-you and my personal favorite V code spoofing if you did you research ahead of time and this is great because what's going to happen is your victim is going to scan the code and it's going to put away is essentially a virtual business code inside the phone and instead of your name you're gonna put the name of where they work or their child's school whatever bank they use and so later on you can call them up and by hello this is banku America I've noticed a compromise on your card can I get your

card number and you and your social security number and this is going to require both sleight of hand because what's gonna happen is that pesky prompts gonna pop up so you want to have it was a device in hand scan it tap it and you're good to go and now for some final words these implants exist in the growing in popularity roughly fifty to a hundred thousand people out of twenty eighteen have these people are also using NFC more and more on their phones for google pay he and other applications now people use implants for training bus passes in Sweden people use them for smart locks and though I don't exactly recommend that and we have to start educating

people about NFC and about how it can be used against them how it's no different than just clicking on a random link you see online and before I go into the Q&A I want to ask you what else can you think of of that we can do to push this technology further and to educate or users on the dangers of NFC and just scanning everything you everything you see thank you

anybody have so I'm not all too familiar with like the NFC right capabilities but is there a specific time or a specific amount of times that you would have to write to the tag or excuse me I should probably rephrase that is there a limit to how many times you can write the tag before it starts to decay I guess in its storage space so the question is is there a limit to how many times you can write to the tag yes and no about 1 million times them all times you can read from it but that resets whenever you write to it again the tag is likely going to outlive you any other questions

so is there any heat from repeatedly writing this quickly or other things like that could you perform an attack based on sort of writing it over and over again the USB Drive heats up quite a lot I'm wondering if these do and can you push them to okay so you're asking is if there's like like a duty cycle you need to worry about or if it's generating heat not really you're not going to feel it there's not enough power being pushed through to really have to worry about that so in in line with that you know if there are concerns from other types of implants in the same hand let's say you get a small magnet

put in your index finger and you want to have a NFC chip implanted in the webbing between your thumb and your index finger are there any potential interference issues yes so the question is with with compatibility with other implants have magnet and your ring finger and a implant and your webbing would there be any interference issues it's not recommended and that's because there's a slight risk of you accidentally degauss in your own implant do you actually feel anything when you're getting the NFC read like we know the radiation is hitting it and it's activating is there any sort of sense that that's happening the question is it's not any really feeling of when you scan your active

device no not really your phone's going to vibrate that's about it why would you do this without any kind of anesthetic when you can order an anesthetic online and use it before you get seriously I mean from a micro needling place or you know so the question is why would you do this without anesthetic for a flex tag now you can go through dangerous things you can buy anesthetic however a lot of legitimate pieces they're not really supposed to give you anesthetic that's kind of an FDA thing for the injectables you don't need it it just doesn't hurt well it hurts but it's not that bad the worst parts actually not the injection but they pinch your

hand afterwards and hold there for 30 seconds put the band-aid on and then you're walking around the Convention Center like this for about 30 minutes or so into it fully clots that's the worst of it hi are there any special concerns before going into an MRI not these are too small to really be of an issue of course you should always tell your your physician hey I have a bit of metal inside me so they can prep accordingly but people have had MRIs and it hasn't affected it at all this these also won't show up on say body scanners at the airport for example basically my questions also dental work any do you have to mentioned your dentist do you

have a metal in your body for dental surgery you shouldn't have to again it's always a good idea but that's just so the doctor knows what you have inside you just in case if something goes wrong and there's an emergency hi so I sort of have a double-park question first of all so you mentioned this is sort of similar to the tattoo industry but also that people are just getting these at conventions is there any sort like is there any sort of regulation around this or do you just have to be really really careful also if you walk up to your doctor or if you go to your like general practitioner and say hey so I got this

implant in a conference room at DEFCON like how are they going to react okay so as for regulations there's not really any this is a brand-new field now if you're going to go to your piercer I recommend someone who's a PP certified it but other than that most Pierce's you go to you're going to have to hand them some documentation and they're gonna have to look into it and research it before they do it and you want to find a piercer that you trust 100% as with all body modifications now as for the reactions from your doctor the exact quote from mine was why the hell would you do that she was so confused and she

wasn't too enthused I told her well because I can alright folks last question as you said earlier I can guarantee my friends and family know nothing about this or nothing about the dangers do you know of any resources that I could use to school my friends and family on this particularly so the question is although any resources online dangerous things has a implant 101 page and you can take them there my blog also has a six-months the NFC implant page on it and that can answer a lot of questions with how it's used and a procedure alright everyone let's give Nick one final round of applause thank you