Twitter | Search | |
Marc Rogers
Ramblings of a Mad English Hacker: Hacker behind BBC's The Real Hustle & USA's Mr Robot. Head of SecOps for DEF CON. Head of Infosec for CloudFlare.
10,015
Tweets
1,316
Following
10,304
Followers
Tweets
Marc Rogers May 19
Replying to @ToiIetbowIs
LOL :) anyway the thing to remember is any network *can* be a vector so the smaller you can make your attack surface the better. I shut off wifi, bluetooth, NFC when in high risk places. Telcos aren’t completely safe but it reduces the vectors from 4 to 1. Stay safe out there.
Reply Retweet Like
Marc Rogers May 19
Replying to @Poignantsulphur
Yes but would almost certainly require rooting the device to really get enough control to be useful. That said theres 2 apps that are interesting - XPrivacyLUA (needs root) and NetGuard (by the same dev) (doesn’t need root)
Reply Retweet Like
Marc Rogers May 19
Replying to @ToiIetbowIs
Protecting yourself - Run the latest firmware. Retire old hardware: no longer supported = no longer secure. Make sure the phone is encrypted. Don’t use a rooted device in high risk environments. Use protection on public networks. Don’t use shady apps or 3rd party stores.
Reply Retweet Like
Marc Rogers May 19
Replying to @ToiIetbowIs
Did you go to DC China?
Reply Retweet Like
Marc Rogers May 19
You think that’s bad wait until a car backfires.
Reply Retweet Like
Marc Rogers May 19
Also suggest you be careful about throwing around accusations like that. I lived in South Korea, China, and Singapore for 5 years. Would go back in a heartbeat.
Reply Retweet Like
Marc Rogers May 19
Who said anything about China? Multiple phones were owned in DC Las Vegas last year and the year before. Draw your own conclusions.
Reply Retweet Like
Marc Rogers May 19
Everyone messaging me about we’ve already made arrangements.
Reply Retweet Like
Marc Rogers May 18
Replying to @stephenb2006 @k8em0
Yeah pushing fake apps is a common drive-by technique. Generally relies on another vector to make it possible though.
Reply Retweet Like
Marc Rogers May 18
Replying to @Micael_Card @blowdart
I built a femtocell that does exactly this. Watch the end of season 2 of Mr Robot to see a proof of concept lol ;)
Reply Retweet Like
Marc Rogers May 18
Replying to @Micael_Card @blowdart
Theres lots of different ways to do this from fake basestation MITM, to carrier impersonation & compromised credentials or software exploitation. A phone is just a computer and a telco/isp is just a network. All hackable. It gets harder with newer devices but never goes away.
Reply Retweet Like
Marc Rogers May 18
Replying to @richsentme
Cool, thanks!
Reply Retweet Like
Marc Rogers May 18
Replying to @richsentme
IMHO iPhone malware is unlikely due to the cost of the “package”. Why waste against some random geeks & hackers? I can see someone testing distribution methods and payloads against Android (especially older models) though. If you see any weird behaviour though, hit me up.
Reply Retweet Like
Marc Rogers May 18
Friends who went to DC China. If you have malware on your phone - not some shady app you downloaded, malware that just “appeared”. I want it. I will be willing to buy you a new phone if you bag the infected one and send it to me. It’s for my eyes only. likely Android only.
Reply Retweet Like
Marc Rogers Apr 30
We bypassed the Gateway during our research but didn’t have time to disclose before DEF CON was upon us. Devtools were left on the CID filesystem to enable CAN Injection and shell via telnet. Keen Team later covered them extensively.
Reply Retweet Like
Marc Rogers Apr 30
Actually, the Jeep uses an NEC V850, while the Tesla has an MIPC5668G running FreeRTOS to allow specific stored procedures through via UDP commands.
Reply Retweet Like
Marc Rogers Apr 20
Replying to @sethr
dunno what you are talking about.
Reply Retweet Like
Marc Rogers Apr 20
Replying to @sethr
of course thankfully this is a one off.....
Reply Retweet Like
Marc Rogers Apr 20
Replying to @sethr
i mean its not like they had any vendors or security people they could turn to after all......
Reply Retweet Like
Marc Rogers Apr 20
Replying to @sethr
Reply Retweet Like