ProxyHam Debunked and Demoed At DEFCON

darthcamaro writes: Last month, the ProxyHam project talk for DEFCON was mysteriously cancelled. In its place as a later edition is a new talk, in which the ProxyHam approach will be detailed and debunked — in a session called '"HamSammich". In a video preview of the talk, Rob Graham and Dave Maynor detail the flaws of ProxyHam and how to do the same thing with off the shelf gear, legally. "Our goal is to show that ProxyHam did not actually enhance security," Maynor said. "It does the exact opposite, causing more trouble than you can fix."

Transcript Please

[rudy_wayne]

I can read. I don't need to watch two retards mumble their way through a poorly shot video.

Re:Transcript Please

[JustAnotherOldGuy]

Agreed...just let me scan the text, I don't need a puppet show for this kind of stuff.

Re:Transcript Please

All the info is in the summary, anyway. There'll be a talk about how shit ProxyHam was going to be. There you go.

Re:Transcript Please

[Darinbob]

But how else are they supposed to make money from their youtube channel? That's the real reason everyone wants a 10 minute long video to relay two sentences of value.

Re:Transcript Please

You mean there are other ways to convey simple information than to make long youtube videos?

Ugh, this trend is literally killing me by wasting my time. Once I just wanted to know the damn code to get diagnostics on my phone, most of the results were 10 minute youtube videos showing me how to type in the magic 6 digits. Or, you know, they could have just left the number in the description...

Re:Transcript Please

Even some technical blog authors are guilty of this. They'll write a half dozen paragraphs of preamble and fluff before getting to the damn point and answering the question posed in the subject line.

Re:Transcript Please

They want eyeballs (and sling ads) as much as possible. Just like sites that demand you log on or create an account, it is all about wasting your time, and while the video plays, the site gets credit for ads thrown at you.

Re:Transcript Please

[Sqr(twg)]

Didn't watch the video either, but according to TFS it tells you how to build your own, and that's not hard to figure out:

* Go to Google and type in "900 MHz ethernet extender", click on one of the ads an buy one.
* Connect it to a wireless router, and set the router to "bridge" mode.
* Congratulations, you now have a ProxyHam
* ...
* Profit!

Re:Transcript Please

[AHuxley]

Some insights are:
2.00 in is about 900MHz been useful in the USA, out of the main wifi sniffer app, tool range, a few testing apps for 900MHz.
3.00 "boosting signal" and US cellular services range.
5.00 Line of sight for range beyond the wifi parts.
5.30 Header packets and ip. Tracking radio bearing, hill over a town, 5 miles away 3mb to 6 speed, a good link and line of sight.
7.00 900MHz is good for some tree, building issues.
8.40 FCC limitations? Off-the-shelf 900MHz radio transmitter, normal defaults
10.00 How easy to track 900MHz if looking? Very.
10.30 Use laptop to craft signals, code on laptop, wide band over entire 900MHz, low signal and noise floor.
12.40 Is 900MHz encrypted? Offered in off-the-shelf.
13.40 How to limit risk? Note other devices scanning for outside wifi connections.
15.00 Easy to detect on 900MHz if too powerful.
16.00 Cost savings.
Keep to off-the-shelf parts, know about wifi end, line of sight helps, learn about 900MHz transmission.

its

its its its its its

not it's

Re:its

If everyone would watch the video, nobody would even know they can't use an apostrophe correctly.

Re:its

'

That up there is the universal symbol for "HOLY SHIT, HERE COMES AN S!"

Re:its

ITYM: That up there is the universal symbol for "HOLY 'SHIT, HERE COME'S AN 'S!"

Re:its

[KGIII]

I always picture the folks who make these complaints as inferior Rainman-esque folks whining because someone told them the vending machine would have Cheez-Its. "I was told the machine would have Cheez-Its." (Or however that snack cracker is spelled.)

We already knew

We already knew this was a bogus product, well those of us with .0001% of a brain left at least. All you have to do is let them explain what it is and does, they debunk themselves

Re:We already knew

Yeah broadcast all over the HAM bands without a license! Great way to stay anonymous. Those guys take this shit seriously. The FCC would be visiting you within a week.

Re:We already knew

[KGIII]

They might let the ham folks toy with you for a little while before they step in with guns, arrest, and fines. The FCC has been a bit devious in the past and has allowed some vigilante behavior to go unnoticed.

DISINFORMATION

This guy had something that worked that would have made current tracking and surveillance methods useless. Now there is a huge disinformation campaign to make people think it isn't possible.

Re:DISINFORMATION

[Pikoro]

The difference is mainly in legal vs illegal. It's not illegal to hide yourself, but it IS illegal using the previous method. Broadcasting all over a licensed band is a quick way to end up in trouble. HAMs self report, no FCC required. Hell, we'd grab the YAGIs and make a game out of finding the prick.

Re:DISINFORMATION

[laurencetux]

and if y'all are being POLITE said prick might land up in the local jail.

if not ... (insert theme to BONES)

Re:DISINFORMATION

[Obfuscant]

The difference is mainly in legal vs illegal. It's not illegal to hide yourself, but it IS illegal using the previous method. Broadcasting all over a licensed band ...

1. It's not "broadcasting", it's point-to-point data.

2. It's unlicensed for the devices that were being used.

HAMs self report, no FCC required. Hell, we'd grab the YAGIs and make a game out of finding the prick.

Yeah, go track down a legal secondary user of a band where you are a secondary user yourself and Part 97 (97.301 and 97.303(e)) tells you that you must accept interference from, and then what? Force them to stop their legal use of the frequencies you want to call your own?

The "previous method" is no different than the current one. You didn't bother to read any of the discussion about this in the earlier /. dust-up and conspiracy party, did you? It was pointed out by several people, myself included, that the ProxyHam hardware shown in the pictures they released were simple 900 MHz unlicensed data radios and cheap Yagi-Uda antennas. That's not illegal. They weren't shut down by some awful FCC or NSA conspiracy to stop some dangerous hacking activity, because it was both legal and the intended use for the commercial products they were using.

Re:DISINFORMATION

[Obfuscant]

and if y'all are being POLITE said prick might land up in the local jail.

For what, using a legal data radio link in a way that doesn't require a license and isn't causing you any interference?

if not ... (insert theme to BONES)

If not, YOU wind up in jail for assault and trespass, and the FCC yanks your ham license for failing to abide by the Part 97 rules that say you must accept interference, if any, from the guy you beat up, and for a demonstrated lack of moral character that has cost other felons their licenses.

Y'all need to take a breath and realize that there are other authorized users of ham frequencies, some of whom don't need licenses to operate there, and some of whom you are required to accept interference from. Just because they show up on what you consider your private radio real-estate and don't have a ham license doesn't mean they're doing anything illegal, or anything that you can legally threaten violence against them for.

Re: DISINFORMATION

You miss the point about broadcast or point to point. The point to point link still must "broadcast" energy in the RF spectrum to work.

Does the 900MHz band in use have bandwidth available to transmit the signal? If the answer is no then they are in violation with FCC regs and they will be shut down

Re: DISINFORMATION

902 - 928 MHz are a legitimate ISM band in the Americas.

Re: DISINFORMATION

Operating broadband data links in 900MHz is perfectly legal in the us (with some minor rules). What the ProxyHAM did can perfectly be done legally. Many industrial SCADA networks operate in this band. It is actually quite congested so directional antennas are very recommended.

Well know 900MHz WiFi modem manufacturers are Ubiquiti and Mikrotik.

Re: DISINFORMATION

[Obfuscant]

You miss the point about broadcast or point to point. The point to point link still must "broadcast" energy in the RF spectrum to work.

No, I used the term correctly. The radio transmits, but it is not a broadcast.

Does the 900MHz band in use have bandwidth available to transmit the signal?

Of course it does. They were using a COMMERCIALLY PRODUCED data radio with FCC approval for sale in the US. If you mean "are there hams trying to use the bandwidth", then it doesn't matter. It is a SHARED RESOURCE, and as an ISM device hams are legally required to accept any interference there might be from it. Damn unlikely to be any, though, given the low power and narrow radiation pattern being used.

Re:DISINFORMATION

915MHz is a ISM band in the US.
The Ubiquiti M900 bridge + Ubiquiti 9M16 Yagi combination they used is specifically designed to maximize range while staying within Part15 limits.

Re:DISINFORMATION

[Zero__Kelvin]

" Hell, we'd grab the YAGIs and make a game out of finding the prick."

... and then once you found me, I'd make a game out of it from there that you would neither like nor be prepared to handle.

Re: DISINFORMATION

[KGIII]

I do not know who makes them but some company makes a clock that is used in institutions and that clock synchronizes itself over that part of the spectrum. I have an "intelligent" scanner that I tote around with me at times (more so in the winter when I am out towing people out of ditches for fun) and I almost always have to disable that set when I am in a large town because it finds the signal and happily plays me beeps every so often. I had a hell of a time figuring out what the source is.

Re:DISINFORMATION

" Hell, we'd grab the YAGIs and make a game out of finding the prick."

... and then once you found me, I'd make a game out of it from there that you would neither like nor be prepared to handle.

In other news, a lucky bystander managed to capture a video of a dog catching a monster truck. Film at 11....

IF they eventually answer it

[raymorris]

The paragraphs of fluff "introduction" has always bugged me, but lately I've run into a few articles which have all the fluff, then completely forget to address the question, to EVER get to the point. Stuff like:

HOW TO BOOT DIAGNOSTIC MODE IN ANDROID

Android is the world's most popular ...
Cell phones are now more popular than PCs ...

Diagnostic mode should be used with care ...
Some carriers disable diagnostic mode ...

THE END

Hey asshole! You forgot to say how to boot into diagnostic mode!

beep beep beep - there he is

Using a trackable radio signal is not exactly a stealthy method.

too easy to direction find

All you have to do is direction find in the 900 MHz band to find out where the person is located. Epic fail

900MHz *is* monitored

[ihtoit]

it's the GSM mobile band.

Oh yes, I think the FCC might have something to say about that.

Re:900MHz *is* monitored

[ncc74656]

it's the GSM mobile band.

Oh yes, I think the FCC might have something to say about that.

GSM operates on the same 850-MHz band as other cellular services, not 900 MHz. Properly-functioning 900-MHz equipment should stay well away from the cellular band...about the only equipment (other than a phone) you're likely to run across that tunes into the cellular band are old TVs (built up to the mid-'80s or so) that tuned up to channel 84, and they're receive-only.

Re:900MHz *is* monitored

[ihtoit]

E-GSM uplink is 880-925MHz, downlink 925-960MHz. This technology is used in Europe and Brazil.
CDMA-800 is only used in the Americas except Brazil. 850 is Band V CLR used for roaming with compatible quad band handsets. Tri-band uses 900, 1900 and 2100MHz. The rest of the world (not the Americas or Europe) uses only 2100MHz.

This is why 934MHz switched gear is illegal to operate. Because you're talking unrestricted (it never was restricted, I still have a 200 Watt burner and a firestick capable of radiating it) transmission power interfering with lobby-coopted cellular bands.

Re:900MHz *is* monitored

Analogue OTA TV only ever went up to channel 83, that topped at 890MHz. FYI. Cable TV (that which actually requires a tricore signal/DC cable from the distributor all the way to the decoder/switch box) has channels 142 through 158 from 900MHz on up. CATV, by its nature of being contained within a shielded cable, still retains 800-1000MHz signal bands because it does not interfere with cellular data.

Re:900MHz *is* monitored

[squiggleslash]

That's great, but you're talking about Europe. The FCC doesn't give a crap what European GSM phones use, that's out of its jurisdiction. In the US, 900MHz is not used for GSM. 900MHz in the US is used for a variety of reasons, but there's a big fat ISM band in the middle there, and the FCC doesn't mind if you use it.

At one point a decade or so ago, most new US cordless phones used 900MHz.