Defcon17: 10 Tips for iPhone Users

Do you know what’s Defcon? Don’t worry i didnt know either , until like 1-2 years ago when i was searching something about “shoulder surfing” and i found a video of this dude that was talking about non tech hacking at Defcon 15. So, what’s Defcon? Defcon is one of the oldest continuous running hacker conventions around, and also one of the largest. See their site here .

Ohhh ok… but wait , what the fuck is shoulder surfing?In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone’s shoulder, to get information.Anyway, just watch the video here. You will be amazed, and pretty much i bet you will watch this video at least 2 or 3 times.

Why i wrote that much BS before i actually posted the actual tips? So you know what is Defcon, what kind of people are associated with Defcon, so you can realize the importance of this tips. iPhoneDev , one of iPhone DevTeam memebers, just posted a link that contained 10 crucial tips for iPhone users.

  1. Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you’ll end up on the Wall of Sheep. But you’ll be giving up your password to anyone else sniffing too.
  2. Consider not using the hotel or conference wifi at all, especially if you’re getting 3G speeds anyway. Do not have your iPhone auto-connect to known networks. If you’re bringing a Mac to the conference and you use wifi, at least set up your firewall properly. Turn off everything in Settings→Sharing. Then in Settings→Security→Firewall, click “Set access for specific services”→“Advanced”→“Enable Stealth Mode”.
  3. Learn how to use tethering to avoid wifi on your laptop altogether (and any hotel wifi charges too). By the way, the conference wifi generally doesn’t reach up to the hotel rooms, and vice versa.
  4. If you’re avoiding wifi, consider buying 3G Unrestrictor in Cydia. It tricks applications that would otherwise insist that you be on wifi into using your cellular data network instead. Such apps include Skype, Slingplayer, iTunes, and many others.
  5. Change your root and mobile passwords. Everyone’s iPhone starts off with the root and mobile password of “alpine”. You really don’t want to be in a roomful of hackers who know your root password. You probably don’t need ssh access to your iPhone at the conference anyway, so uninstall it or toggle it off using SBSettings.
  6. The above tips all apply at the McCarran airport, too. Don’t let your guard down on Sunday after the conference ends, since many of the people around you waiting for their flights out of Las Vegas will have just come from the conference too.
  7. The conference events last from morning through well into the night. If you have firmware 3.0 on your iPhone and both bluetooth and wifi are enabled, you’ll very likely deplete your battery before the day is done. There are power outlets in each of the conference rooms, but those are often the first spots taken (especially late in the day). Consider disabling bluetooth and wifi if only for battery consumption reasons (and maybe even rollback to 2.2.1 ).
  8. The “Hack the Badge” contest is a very fun event lasting the whole conference. If it’s anything like last year, the Hardware Hacking Village will be packed all weekend long with tinkerers trying to make their badge do cool and unexpected things. Kingpin has released very limited info about this year’s badge (to make the contest more exciting), but one thing he has revealed is that it will use a simple 3-wire serial interface. On the conference forums, he’s recommended that you bring your own level converter to make the serial voltages compatible with your laptop. But if you connect your badge to your iPhone’s serial interface, you won’t need a level converter. It’s already at the correct voltage.
  9. The official twitter tag is #defcon. So fire up your preferred iPhone twitter client (for example, Tweetie) and add #defcon as a saved search. And don’t forget to use that tag yourself when you tweet about something at DEFCON.
  10. There are several talks that may interest iPhone and Apple owners in particular. Scanning the talk titles reveals things like “Hacking the Apple TV”, “Is your iPhone Pwned?”, “Jailbreaking and the Law of Reversing”, “Hacking with the iPod Touch”, “Attacking SMS. It’s No Longer your BFF”, and “Runtime Kernel Patching on Mac OS X”, For hardware tinkerers, any talk with Chris Tarnovsky or Kingpin is a guaranteed winner. The iPhone Dev Team gave a talk at 25C3 in December but isn’t presenting anything at DEFCON 17. We have a talk planned for HAR 2009 in a few weeks.