Good to Meet You Black Hat, I’m Keri

We’ve maybe met before, this is my 4th Black Hat as media. Media.

Because to be clear: compared to you guys I’m a baby, a script kiddie at best. I’m okay at OSCINT and SE, it ends there.

I’m an auto journalist with Sun Media, a Canadian newspaper chain. I write the news, car reviews and a weekly column – Keri on Driving – 400 words about whatever I want. For a sample, read my 150th Anniversary column.

Been starting to specialize in auto security, which is why I’m here.

Blog tag = Auto Security (34), and I run the security section of the newspaper here.

About my blog’s security section

I doubt this section would much interest you, I write for the end user. It’s more for like, a housewife in Iowa.

Like my Blackberry security video:

Please don’t hack me! Really, it’d be like picking on the kid at recess wearing a helmet.

I’ll leave you something
only this crowd will appreciate

Despite everyone rolling their eyes when I tell them, it’s maybe the thing about my blog I’m most proud of, more than it making through bank filters

…. my blog and I have been flown around North America, gained access to some amazing places and tested almost $10 million in cars…. ready….

… all without an About Page! Nor a LinkedIn! And I kept my last name offline for 5 years.

Tada!

Find me fastest on Twitter @KeriBlog, if you see me say hi, and have a great conference!

Keri

Blog tag = Black Hat

 

 

I’m Not Blogging This Week

I’m leaving for Vegas to be media at Black Hat – the premier international security conference. AKA the most hostile network in the world.

Best way to go online is to not.  I’ll be walking around with my phone OFF.

I don’t stand a chance against this crowd.

These are screenshots from a media email I received.

Here’s what I’m walking into:

1 – blog tag = social engineering 

2 – remember when this happened to me at the LA Auto Show? The USB -> EGO attack

3 – Blog tags – NFC and RFID

1never leave a laptop unattended

2 – see that, “by far…”  While I’m taking my laptop in case of an emergency at the newspaper, I have zero intention of opening it

3 – friendly reminder to change your passwords, because when was the last time you did?

***

TTY on Twitter @KeriBlog, and here when I’m back later this week.

 

 

This Robot is Brute-Forcing an iPhone

The robot will try all possible 4-digit passwords on an iPhone.

Seen at Black Hat 2013.

Best Use I Can See

It’s not elegant, but it would work. Grab a phone off the street, return to a secure location, put it under the robot, wait.

You’d need a location though, and time. And it’d be a targeted attack; you’d be after the information on the phone, not the phone itself. Otherwise, just wipe it.

Defences

– turn OFF simple passcode. Then you can have a longer passcode, with alphanumeric characters
– turn ON “after 10 failed password attempts this iPhone will wipe itself”
don’t use any of these – Most Common iPhone Passwords
– hang onto your phone tight, but not like this this

Sorry, that’s all I know; saw it en route to the car hacking talk.

So if this robot belongs to you, email me and I’ll link you up, and any explanation you’d like to add.

 

 

Hi Black Hat

I’m Keri, from Canada.

I run this blog, and am a full-time auto journalist with my country’s largest newspaper company, Sun Media; news, reviews, and a weekly column called, ‘Keri On Driving’, where I get to say whatever I want for 300 words.

I’ve combined the worlds a few times, columns that may interest you include:

– Let’s go War Driving – here
– Securing your Car in the City – here
– Computers in Cars – here
– Your Car can be Hacked, but Not Really – here
– Stick Families are a Terrible Idea – here
– and maybe this post – Went Armoured Car Shopping

Find me in a BlackBerry class (I tested both their new phones for TELUS), or in the car hacking classes, because I think it’s about to become a huge problem.  As you know, you could drive a new car off the lot with a 5 year old un-updated system inside, oh boy.

Also, a couple months ago, I had an epiphany, then made this prediction: BlackBerry’s QNX OS is poised to become the default software for all automobiles.  Wrote about it, and that article even made the cover of the paper, here.

This is my 3rd Black Hat, and if we’ve met before I’ve probably said the same thing I’ll say again now:

I am way beneath you in skills; a script kiddie at best.

This is likely why you’ve never come across the Security category of my blog; it’s better suited to like, your relatives.

– How to change your Router Password – here
– Don’t Name your Phone your Name – here
– Most Common iPhone Passwords – here
– My blog being spidered looks like this – here
– You’re responsible for Hotspot users – here
– Your screen can be seen 20 feet Away – here

There’s a hole in the internet for end-user security stuff, so that’s the goal here.

Plus fun videos:

Smarten Up, Internet – for the housewives of Iowa

Please don’t hack me. It wouldn’t be much of a challenge even, especially because this blog is held together by tape and popsicle sticks (seriously, the search bar doesn’t even work, nor the comments) (new site coming this fall).

Look forward to seeing some old faces and meeting new ones, and am always up for car talk (had the all-new Honda Accord HFP last week; took a VP of Ford Canada’s 5.0L Mustang GT through a flood the week before that; recently travelled to Hungary to test the all-new Audi A3 Sedan; and to Alberta with Ford where I off-roaded in their Raptor, and am now a huge fan).

Twitter@KeriBlog
FB – ugh, almost never
Email = top right of sidebar

Keri

*first time my last name has ever been on the badge, because despite sharing my life online since 2007, I managed to keep my last name offline for 5 years, and am part of the 0.0002% on Google, ha.