Jonathan Lalou's Blog

Archive for the ‘en-US’ Category

Helvio Carvalho Junior, a renowned security researcher and CEO of Sec4US, unveiled his groundbreaking HookChain technique at DEF CON 32, offering a fresh perspective on evading Endpoint Detection and Response (EDR) systems. By combining Import Address Table (IAT) hooking, dynamic System Service Number (SSN) resolution, and indirect system calls, Helvio demonstrated how HookChain stealthily redirects Windows subsystem execution flows, bypassing EDR monitoring without altering application code. His presentation, enriched with live demonstrations, challenged cybersecurity conventions and spurred discussion on adaptive defense strategies.

Understanding EDR Limitations

Helvio opened by outlining the rapid evolution of digital threats, which continuously challenge EDR solutions designed to monitor API calls through Ntdll.dll. He explained that traditional EDRs rely on hooking key functions to detect malicious activity, but these mechanisms can be circumvented. HookChain exploits this by manipulating the execution flow to avoid monitored interfaces, achieving stealth without modifying the source code of applications or malware. Helvio’s approach highlights the need for EDRs to evolve beyond static monitoring techniques.

Technical Mechanics of HookChain

Delving into the technical core, Helvio detailed HookChain’s methodology, which integrates IAT hooking to redirect function calls, dynamic SSN resolution to adapt to varying Windows versions, and indirect system calls to bypass EDR hooks. His live demo showcased shellcode injection into a process, executing it undetected by EDRs like CrowdStrike and SentinelOne. By leveraging techniques like Halo’s Gate to locate unhooked functions, HookChain ensures malicious payloads operate invisibly, achieving an impressive 66% success rate against top EDR products listed in Gartner’s Magic Quadrant.

Testing and Vendor Responses

Helvio shared results from testing HookChain against various EDR solutions, including remote process injection and credential dumping with tools like Mimikatz. His findings revealed that while some vendors, such as SentinelOne, implemented patches to counter HookChain, others lagged in response. He emphasized the importance of open collaboration, noting that two vendors engaged with him to test mitigations. Helvio’s transparency, including sharing his whitepaper and source code on GitHub, encourages the community to refine and challenge his techniques, fostering stronger defenses.

Future Directions for Cybersecurity

Concluding, Helvio urged the DEF CON community to embrace continuous innovation in security research. HookChain not only exposes vulnerabilities in current EDR systems but also paves the way for more adaptive solutions. He advocated for proactive strategies that anticipate emerging threats, inspiring researchers to explore new evasion techniques and defenders to enhance monitoring beyond Ntdll.dll. His work, rooted in a passion for discovery, sets a benchmark for advancing endpoint security in a dynamic threat landscape.

Links:

• Helvio Carvalho Junior on LinkedIn
• Sec4US website
• HookChain GitHub repository

Aapo Oksman, a seasoned security researcher specializing in IoT and network protocols, delivered a compelling presentation at DEF CON 32 on harnessing private Access Point Names (APNs) to analyze mobile and IoT device traffic. As devices increasingly rely on 4G and 5G networks, bypassing traditional Wi-Fi monitoring, Aapo’s innovative approach enables security professionals to inspect, filter, and tamper with mobile network traffic. His talk provided practical techniques for both offensive and defensive cybersecurity, from penetration testing to detecting malicious activity in mobile ecosystems.

Challenges in Mobile Network Monitoring

Aapo began by highlighting the shift in device communication from Wi-Fi to mobile networks, which complicates traditional traffic analysis due to direct connections to ISP-operated base stations. Setting up private base stations, while possible, is costly and complex. Aapo introduced private APNs as a cost-effective alternative, allowing users to create isolated networks within ISP infrastructure. This approach grants visibility into device communications, overcoming the limitations of locked-down devices and enabling detailed traffic analysis for security purposes.

Harnessing Private APNs for Security

Delving into the technical details, Aapo explained how private APNs can be configured to route mobile traffic through controlled environments, such as firewalls or custom servers. His demonstration showcased the setup process, emphasizing affordability and scalability, with costs decreasing as more devices are added. By intercepting IP traffic, security professionals can perform penetration testing on IoT devices or monitor for malicious activity, such as command-and-control (C2) communications. Aapo’s approach leverages ISP infrastructure to create a controlled network environment, enhancing both offensive and defensive capabilities.

Uncovering Advanced Malware Threats

Aapo addressed the growing sophistication of mobile malware, which often avoids Wi-Fi or VPN connections to evade detection. He cited an example of a misconfigured malware detected via Wi-Fi traffic, underscoring that advanced threats are designed to operate solely over mobile networks. Private APNs enable defenders to monitor these communications, identifying C2 servers or other malicious activities that would otherwise go unnoticed. Aapo’s insights highlight the critical need for innovative monitoring techniques to counter evolving mobile threats.

Practical Applications and Future Directions

Concluding, Aapo shared project details and encouraged the DEF CON community to explore private APNs for their research. He emphasized the dual-use potential of his approach, enabling both penetration testers and defenders to gain deeper insights into mobile device behavior. By connecting private APNs to existing security infrastructure, organizations can enhance their ability to detect and mitigate threats. Aapo’s work paves the way for future advancements in mobile network security, urging continued exploration of ISP-based solutions.

Links:

• None available

Håvard Opheim, a software developer at Kaa, took the audience at NDC Security 2025 in Oslo on a captivating journey through the history of the Morris Worm, the first significant malware to disrupt the early internet. Through a blend of historical narrative and technical analysis, Håvard explored the worm’s impact, its technical mechanisms, and the enduring lessons it offers for modern cybersecurity. His talk, rich with anecdotes and technical insights, highlighted how vulnerabilities exploited in 1988 remain relevant today.

The Dawn of the Morris Worm

Håvard set the stage by describing the internet of 1988, a nascent network connecting research institutions and defense installations via ARPANET. With minimal security controls, this “walled garden” fostered trust among users, allowing easy data sharing but also exposing systems to exploitation. On November 2, 1988, the Morris Worm, created by Cornell graduate student Robert Morris, brought this trust to its knees. Håvard recounted how the worm rendered computers across North America unusable, affecting universities, NASA, and the Department of Defense.

The worm’s rapid spread, Håvard explained, was not a deliberate attack but the result of a coding error by Robert. Intended as a proof-of-concept to highlight internet vulnerabilities, the worm’s aggressive replication turned it into a denial-of-service (DoS) fork bomb, overwhelming systems. Håvard’s narrative brought to life the chaos of that night, with system administrators scrambling to mitigate the damage as the worm reinfected systems despite reboots.

Technical Exploits and Vulnerabilities

Delving into the worm’s mechanics, Håvard outlined its exploitation of multiple vulnerabilities. The worm targeted Unix-based systems, leveraging flaws in the finger and sendmail programs. The finger daemon, used to query user information, suffered from a buffer overflow vulnerability due to the gets function, which lacked bounds checking. By sending a 536-byte payload—exceeding the 512-byte buffer—the worm overwrote memory to execute a remote shell, granting attackers full access.

Similarly, the sendmail program, running in debug mode on BSD 4.2 and 4.3, allowed commands in the recipient field, enabling the worm to send itself as an email and execute on the recipient’s system. Håvard also highlighted the worm’s password-cracking capabilities, exploiting predictable user behaviors, such as using usernames as passwords or simple variations like reversed usernames. These flaws, combined with insecure remote execution tools like rexec and rsh, allowed the worm to propagate rapidly across trusted networks.

Response and Legacy

Håvard described the community’s swift response, with ad-hoc working groups at Berkeley and MIT dissecting the worm overnight. By November 3, 1988, researchers had identified and patched the vulnerabilities, and within days, the worm’s source code was decompiled, revealing its inner workings. The incident, Håvard noted, marked a turning point, introducing the term “internet” to mainstream media and prompting the creation of the Computer Emergency Response Team (CERT).

The legal aftermath saw Robert convicted under the newly enacted Computer Fraud and Abuse Act (CFAA) of 1986, the first such conviction. Despite the worm’s benign intent, its impact—estimated at 100,000��10 million in damages—underscored the need for robust cybersecurity. Håvard emphasized that Robert’s career rebounded, with contributions to e-commerce and the founding of Y Combinator, but the incident left a lasting mark on the industry.

Enduring Lessons for Cybersecurity

Reflecting on the worm’s legacy, Håvard highlighted its relevance to modern cybersecurity. The vulnerabilities it exploited—buffer overflows, weak passwords, and insecure configurations—persist in today’s systems, albeit in patched forms. He stressed that human behavior remains a weak link, with users still prone to predictable password patterns. The worm’s unintended DoS effect also serves as a cautionary tale about the risks of untested code in production environments.

Håvard advocated for proactive measures, such as regular patching, strong authentication, and threat modeling, to mitigate similar risks today. He underscored the importance of learning from history, noting that the internet’s growth has amplified the stakes. By understanding past incidents like the Morris Worm, developers can build more resilient systems, recognizing that no system is inherently secure.

Links:

• Kaa website

Hashtags: #MorrisWorm #CybersecurityHistory #NDCSecurity2025 #HåvardOpheim #Kaa #InternetSecurity #Malware

Jamal Eason, Tor Norbye, and Ryan McMorrow unveil Android Studio’s latest, integrating AI, enhancing Compose, and Firebase tools for superior app development.

Evolving Roadmap with AI Integration

From Hedgehog’s vitals to Iguana’s baselines, Jellyfish stabilizes, while Koala previews Gemini enhancements in 200+ regions. Privacy controls empower users. Quality fixes resolved 900+ bugs, slashing memory use by 33%.

Gemini excels in code tasks, from generation to refactoring, accelerating workflows.

Advanced Features in Editing and Firebase

Koala’s IntelliJ base introduces sticky lines, improved navigation, and device-agnostic previews. Firebase’s Genkit streamlines AI, Crashlytics aids prioritization.

App insights aggregate issues; device streaming reproduces crashes on real hardware.

Streamlined Debugging and Release Cadence

Crashlytics’ diffs trace origins; streaming ensures secure testing.

Platform-first releases with feature drops double updates, enhancing stability.

Ladybug (2024.2.1) adds K2 mode; Koala Feature Drop (2024.1.2) expands devices.

Links:

• Jamal Eason on LinkedIn
• Tor Norbye on LinkedIn

EN_GoogleIO2024_014_017.md

Charles Fox, a security researcher with a knack for uncovering hidden vulnerabilities, captivated the DEF CON 32 audience with his exploration of CVE-2024-2961, a long-standing buffer overflow in the GNU C Library (glibc) that he leveraged to compromise the PHP engine. Discovered by chance while auditing PHP, Charles’s work revealed new remote code execution (RCE) vectors and previously unknown zero-day vulnerabilities. His presentation offered a deep dive into the internals of PHP, showcasing innovative exploitation techniques and their impact on the broader PHP ecosystem, while providing actionable insights for securing web applications.

Discovering the glibc Vulnerability

Charles stumbled upon CVE-2024-2961 while auditing PHP, though the flaw resided in glibc’s iconv library, responsible for character set conversion. This buffer overflow, overlooked for years, presented a potent opportunity for exploitation within PHP’s context. Charles detailed how his accidental discovery unfolded, emphasizing the importance of thorough code audits. By analyzing the iconv library’s behavior, he identified a pathway to manipulate PHP’s execution environment, transforming a seemingly innocuous bug into a powerful attack vector. His approach underscores the value of curiosity-driven research in uncovering critical security flaws.

Crafting Remote Code Execution Exploits

Delving into the technical intricacies, Charles explained two distinct methods to achieve RCE using the glibc vulnerability. The first targeted PHP filters, a lesser-known component of the PHP engine, which he manipulated to execute arbitrary code remotely. The second approach exploited direct calls to iconv, bypassing conventional security checks. His live demonstration showcased a sophisticated exploit that navigated PHP’s memory management constraints, even in scenarios without output visibility or with randomized memory allocations. Charles’s ability to achieve a shell under such conditions highlighted the vulnerability’s severity and his ingenuity in exploit development.

Impact on the PHP Ecosystem

Charles explored the broader implications of CVE-2024-2961, revealing its reach across popular PHP libraries and applications, including webmail platforms like Roundcube. He noted that email headers specifying charsets provided an ideal entry point for exploitation, as attackers could craft malicious inputs to trigger the buffer overflow. His analysis of affected sinks, from well-known functions to obscure code paths, underscored the pervasive risk within PHP-based systems. By sharing his findings, Charles aimed to alert developers to the hidden dangers in widely used software and encourage proactive vulnerability management.

Mitigation Strategies for Developers

Concluding, Charles offered practical recommendations to fortify PHP applications against similar exploits. He urged developers to update glibc to patched versions and scrutinize charset handling in their codebases. Additionally, he advocated for robust input validation and the use of secure coding practices to minimize exposure to buffer overflows. His work, shared openly with the community, empowers developers to strengthen their systems and inspires further research into PHP’s security landscape, ensuring the web remains a safer environment.

Links:

• None available

At DevoxxUK2025, Charles-Philippe Bernard, a software engineer at JPMorgan in Glasgow, captivated attendees with his talk on mastering prompt engineering through his remastered 1980s text-based adventure game, SRAM. Using the Godot engine, a WebSocket Python server, and Ollama for local LLM inference with Llama 3.1, Charles showcased how carefully crafted prompts bring dynamic interactions to life. His presentation explored the art of prompt engineering, demonstrating how to shape AI responses for immersive gameplay, manage game states, and handle NPC interactions. Through practical examples, he shared techniques to harness AI’s potential while navigating its quirks, such as hallucinations, offering developers actionable insights to create engaging experiences.

Crafting the System Prompt

Charles began by emphasizing the importance of a well-defined system prompt, which sets the tone and context for the LLM. In SRAM, the prompt establishes the AI as the “Game Master,” named Gun Master, responsible for narrating the adventure in a JSON-formatted output. This structure includes speaker ID, response text, and actions, ensuring consistency across interactions. By injecting variables like scene state and inventory, Charles demonstrated how the prompt adapts dynamically, enabling the game to track items like a knife or navigate scenes. He stressed the need for clear, structured instructions to guide the LLM, especially for smaller models like Llama 3.1’s 7-billion-parameter version, which may struggle with complex tasks.

Managing Game State and NPCs

A key challenge in SRAM is maintaining the game’s state, including inventory, scene descriptions, and NPC interactions. Charles explained how the prompt template incorporates variables to reflect the player’s progress, such as adding a knife to the inventory after picking it up. For NPCs, like the leprechaun Fergus, he crafted specific instructions to define personality, tone (e.g., a humorous Irish accent), and behavior, using few-shot examples to steer responses. However, he noted challenges like the LLM repeating examples verbatim or hallucinating actions, which he mitigates by balancing creativity (via a temperature of 0.8) with structured outputs to ensure consistency.

Handling AI Quirks and Hallucinations

Charles candidly addressed the LLM’s limitations, particularly hallucinations, where the model generates unexpected or incorrect actions, like responding to “make me a pizza” outside the game’s context. By setting a temperature of 0.8, he balances creativity with adherence to instructions, though this sometimes leads to inconsistent outputs. He shared techniques like explicit instructions (e.g., listing no items in the inventory) and iterative prompt refinement, often using larger models like ChatGPT to improve prompts for smaller, local models. Charles also highlighted the importance of testing prompts with humans to ensure clarity, as unclear instructions confuse both humans and AI.

Practical Tips for Prompt Engineering

To master prompt engineering, Charles recommended starting with a clear, structured prompt template, using markdown or bullet points for readability. He advised including specific guidelines, like short responses or JSON formatting, and leveraging few-shot examples to guide the model. For smaller models, verbose yet clear instructions are crucial, as they lack the reasoning power of larger frontier models. Charles also emphasized iterative refinement, storing interactions for testing consistency, and using tools like uppercase keywords or structured formatting to enhance the model’s understanding. His approach empowers developers to create dynamic, AI-driven experiences while managing the inherent challenges of LLMs.

Links:

• Godot Engine website
• Ollama website
• JPMorgan website

Javadi, Levy, and Draffe, a trio of security researchers, presented a groundbreaking study at DEF CON 32, unraveling vulnerabilities in HID Global’s iCLASS SE platform, a widely deployed electronic physical access control system. Over seven years, they reverse-engineered its complex chain of trust, uncovering flaws that enabled the recovery of cryptographic keys from CC EAL 5+ accredited secure elements. Their talk detailed the attack chain and provided practical mitigations for organizations relying on iCLASS SE.

Reverse-Engineering iCLASS SE

Javadi opened by contextualizing the ubiquity of HID’s iCLASS SE readers in government agencies and Fortune 500 companies. The team’s seven-year journey involved analyzing hardware, firmware, and software components to understand the platform’s security architecture. They discovered a series of implementation defects that compromised the system’s cryptographic integrity, challenging the notion that iCLASS SE was among the most secure access control solutions available.

Uncovering Cryptographic Flaws

Levy detailed the attack chain, which exploited pitfalls in the iCLASS SE’s secure elements. By targeting weaknesses in the hardware and software trust chain, they recovered sensitive cryptographic key material, effectively accessing the “keys to the kingdom.” Their approach combined advanced reverse-engineering techniques with exploitation of interoperability issues, particularly those tied to legacy Wiegand protocols, which undermined the platform’s security.

Operational Implications and Risks

Draffe explored the real-world implications, noting that standard key users face moderate risks, while advanced threat actors could exploit these flaws with significant skill. The vulnerabilities allow unauthorized access to physical systems, posing threats to high-security environments. The team’s findings underscore the dangers of relying on outdated protocols and the need for robust risk mitigation strategies to protect critical infrastructure.

Mitigating and Upgrading Security

Concluding, Javadi offered comprehensive guidance, recommending users transition to custom keys like HID’s Elite keys, which the vendor is offering fee-free for the first year. For advanced users, upgrading to the latest hardware and engaging with integrators to assess risks is critical. The researchers emphasized building security like an “onion” with layered defenses, urging organizations to work closely with HID to implement practical mitigations and enhance system resilience.

Links:

• HID Global website

Yann Léger, co-founder of Koyeb—a serverless sanctuary for AI sojourns—and veteran of Scaleway’s sprawl, plumbed the profundities of provisioning at DotAI 2024. With twelve years sculpting clouds from colocation crucibles to hypervisor heights, Léger laments latency’s lament: GPU galleons gilded yet gauche, underutilized by ungainly underlayers. His treatise traversed tiers—from silicon shards to virtualization veils, storage strata—unveiling unlocks for lithe, lavish inference.

Substrate’s Symphony: Chips to Containers

Léger limned infrastructure’s immensity: AI’s appetite annexes 28% of datacenter dynamos, ballooning fivefold by 2028—cloud’s quintessence quintupling national kilowatts. Yet, prodigality prevails: NVIDIA’s near-monopoly marooned on middling middleware, yields languishing at 20-30%.

Salvation stirs in silicon’s spectrum: AMD’s MI300X muscling Mistral’s mandates, Intel’s Gaudi grappling Grok’s girth—diversity’s dividend, decentralizing dependency. Léger lauded liquid cooling’s liberation: 100kW cabinets cascading cascades, unthrottled thermals turbocharging throughput.

Virtualization’s vanguard: GPU passthrough partitioning prowess, SR-IOV’s segmented streams—each enclave ensconced, isolation ironclad sans silos.

Scaling Sans Slack: Storage and Snapshot Savvy

Storage’s saga: NVMe’s nexus, disaggregated via Ethernet’s ether—RDMA’s rapid relays rivaling PCIe proximity. Léger spotlighted cold starts’ scourge: seconds squandered summoning sentinels, autoscalers asleep at switches.

Remedy’s realm: memory mirroring—snapshots sequestering states, resurrecting replicas in milliseconds on CPUs, aspiring to accelerator alacrity via PCIe Gen5’s gales (500GB/s conduits). Hints from heights: applications augur accesses, prefetching payloads—caches clairvoyant, latencies lacerated.

Léger’s lens: holistic harmonies—optimizations omnipresent, from opcode osmosis to orchestration oases. Prognosis: tenfold thrift by tomorrow, leviathans liberated for legions, imagination’s ignition unignitioned by infrastructure’s irons.

In peroration, Léger lured luminaries: IDs agape, beckoning builders to bolster the bedrock—where serverless surges, sovereignty supreme.

Links:

• Koyeb Website
• Yann Léger on LinkedIn

Efstratios Marinos captivated attendees at Devoxx Greece 2025 with a masterclass on streamlining large language model (LLM) integrations. By focusing on practical, modular patterns, Efstratios demonstrated how to construct robust, scalable AI systems that prioritize simplicity without sacrificing functionality, offering actionable strategies for developers.

Exploring the Complexity Continuum

Efstratios introduced the concept of a complexity continuum for LLM integrations, spanning from straightforward single calls to sophisticated agentic frameworks. At its simplest, a system comprises an LLM, a retrieval mechanism, and tool capabilities, delivering maintainability and ease of updates with minimal overhead. More intricate setups incorporate routers, APIs, and vector stores, enhancing functionality but complicating debugging. Efstratios emphasized that simplicity is a strategic choice, enabling rapid adaptation to evolving AI technologies. He showcased a concise Python implementation, where a single function manages retrieval and response generation in a handful of lines, contrasting this with a multi-step retrieval-augmented generation (RAG) workflow that involves encoding, indexing, and embedding, adding layers of complexity that demand careful justification.

Crafting Robust Interfaces

Central to Efstratios’s philosophy is the design of clean interfaces for LLMs, retrieval systems, tools, and memory components. He compared prompt crafting to API design, advocating for structured formats that clearly separate instructions, context, and queries. Well-documented tools, complete with detailed descriptions and practical examples, empower LLMs to perform effectively, while vague documentation leads to errors. Efstratios underscored the need for resilient error handling, such as fallback strategies for failed retrievals or tool invocations, to ensure system reliability. For example, a system might respond to a failed search by suggesting alternatives or retrying with adjusted parameters, improving usability and simplifying troubleshooting in production environments.

Enhancing Capabilities with Workflow Patterns

Efstratios explored three foundational workflow patterns—prompt chaining, routing, and parallelization—to optimize performance while managing complexity. Prompt chaining divides complex tasks into sequential steps, such as outlining, drafting, and refining content, enhancing clarity at the expense of increased latency. Routing employs an LLM to categorize inputs and direct them to specialized handlers, like a customer support bot distinguishing technical from financial queries, improving efficiency through focused processing. Parallelization, encompassing sectioning and voting, distributes tasks across multiple LLM instances, such as analyzing document segments concurrently, though it incurs higher computational costs. These patterns provide incremental enhancements, ideal for tasks requiring moderate sophistication.

Advanced Patterns and Decision-Making Principles

For more demanding scenarios, Efstratios presented two advanced patterns: orchestrator-workers and evaluator-optimizer. The orchestrator-workers pattern dynamically breaks down tasks, with a central LLM coordinating specialized workers, perfect for complex coding projects or multi-faceted content creation. The evaluator-optimizer pattern establishes a feedback loop, where a generator LLM produces content and an evaluator refines it iteratively, mirroring human iterative processes. Efstratios outlined six decision-making principles—use case alignment, development effort, maintainability, performance granularity, latency, and cost—to guide pattern selection. Simple solutions suffice for tasks like summarization, while multi-step workflows excel in knowledge-intensive applications. He encouraged starting with minimal solutions, establishing performance baselines, identifying specific limitations, and adding complexity only when validated by measurable gains.

Links:

• LangChain documentation

Erwin Karincic and Woody, security researchers with a passion for wireless technologies, delivered a revealing presentation at DEF CON 32 on vulnerabilities in goTenna Pro, a device promising secure, off-grid mobile mesh networking. Their rigorous examination exposed flaws in the implementation of AES-256 encryption, enabling message tracking, interception, and injection. Erwin and Woody’s work, conducted in collaboration with goTenna, culminated in open-source tools and actionable recommendations to enhance device security, challenging the community to verify claims of security.

Unmasking goTenna’s Security Claims

Erwin introduced the goTenna Pro, a radio used by personnel requiring secure communication without cellular or satellite infrastructure. Despite its AES-256 encryption claims, their analysis revealed vulnerabilities allowing fingerprinting and tracking of every message, regardless of encryption. By dissecting the device’s hardware and software, Erwin and Woody uncovered implementation flaws that undermined its security guarantees, highlighting the dangers of trusting datasheets without verification.

Exploiting Mesh Network Vulnerabilities

Woody delved into the technical details, demonstrating how they exploited goTenna’s mesh network to intercept and decrypt messages. Their live demo showcased the ability to inject malicious messages into the network, exposing operational risks for users in sensitive environments. The researchers developed open-source tools to replicate these exploits, encouraging the DEF CON community to test similar devices. Their methodology emphasized systematic testing of RF protocols, revealing weaknesses in goTenna’s encryption implementation.

Collaborative Remediation Efforts

Erwin highlighted their constructive engagement with goTenna, which responded positively to their findings. The company acknowledged the vulnerabilities and worked to address them, a rare success in vendor collaboration. The researchers also thanked organizations like the Electronic Frontier Foundation (EFF) and CISA for supporting their work, emphasizing the importance of community-driven efforts to hold manufacturers accountable and improve device security.

Empowering Secure Communication

Concluding, Woody urged the DEF CON community to challenge security claims and test equipment rigorously. They released their tools open-source, inspiring further research into mesh technologies like LoRa and Meshtastic. By sharing their findings and mitigation strategies, Erwin and Woody aim to reduce the risk of compromise for goTenna users, advocating for secure-by-design principles in RF communication devices.

Links:

• Electronic Frontier Foundation website
• CISA website