Las Vegas, NV – Unicorn Riot journalists are currently reporting from DEFCON 25 in Las Vegas, where hackers of all flavors come together to present the most cutting edge in a long list of hacking skills. Over the four day convention, DEFCON will host speakers from around the world and present demonstrations on the latest and greatest hacks and security vulnerabilities. Presentations range from preserving internet freedom, to social engineering (aka human hacking), and even more dubious subjects such as hacking drones.
One specific presentation caught our eye, called “See No Evil, Hear No Evil: Hacking Invisibly and Silently with Light and Sound”, presented by Matt Wixey. During the talk, he detailed some very interesting techniques, often involving hand-made devices, of sending and receiving, jamming other systems, and trolling his friends in unexpected ways and without internet! Many of the slides and video demonstrations of these devices drew frequent applause and amusement from the crowd.
Of course, everything he hacked was something he owned, or had explicit consent to hack. A disclaimer on his projected slides, displayed through-out the enormous ballroom in Caesar’s Palace, read: “All content is for educational purposes only.”
One device he crafted, used ultrasonic sound waves to disrupt a drone, and render the controller that the pilot uses to move the drone around in the air useless. Wixey filmed a couple versions of the device as he tested it against the drone in his living room. An early iteration of the hobby project made it so when the drone flew directly over an “animal repellent alarm” with the ultrasonic waves pointed directly up toward the ceiling, the drone would immediately accelerate upwards in altitude uncontrollably. He showed on camera that he no longer had control over the direction the drone flew. After a moment, the drone suffered from a total control failure causing its propellers to stop midair and ending in it comically crashing to the floor because of the effects of the ultrasonic attack.
The drones are affected because many have ultrasonic altimeters, similar to how autonomous cars see and avoid obstacles. Ultrasonic hacking is difficult to detect, leaves little trace, and is at low cost, which will likely be cause for concern in the coming years within the tech, auto, and security industry.
But this wasn’t enough. Wixey decided to take the drone-devastating hobby project even further. He wanted the device to take down all drones in any direction, not just those that flew directly over-head…Thus, he built this:
Dozens of ultrasonic transducers mounted to a colander with two arduinos underneath. Now the device, which grew approximately 10 times in size and exponentially more so in power, could sit effectively, say, on top of your house or car, and ward off drones which fly within its signal.
Wixey also showed off a wide array of other hacks including a tool he developed called Spectregram, where near-ultrasonic sound waves (16-20KhZ) that contain hidden pictures and/or messages can be shared wirelessly, and sometimes at too high of a pitch for most people to hear. In theory, an individual or group of people could use this technology to develop a covert acoustical mesh network.
In addition, Wixey demonstrated a computer opening an application by shining infrared light into its ambient light sensor near the webcam which triggered activation of preinstalled malware. He built a device which was able to spoof and disable a couple types of motion detectors, also using infrared light. Another device he created could play music from a smartphone into a speaker without Bluetooth and without wires connecting the two devices, by using infrared LEDs within close proximity. The finale technique he demonstrated was a script that listened for the sound of a theme song of Gilmore Girls and, upon hearing the melody of the theme, caused the television to turn off.
This was one of the amazing talks Unicorn Riot attended on Thursday during DEFCON 25. To read the full presentation in PDF format, go here. Follow Unicorn Riot as we continue to report from DEFCON 25 and don’t forget to support our work!
Written by Andrew Neef & Rachel Weiland