Dave Bullock / eecue

photographer, engineering leader, nerd


Xerox Multifunction Device In Your Network?

Brendan O

Brendan O'Connor gave a talk called "Vulnerabilities in Not-So Embedded Systems" about how easy it is to take over the computers that run the Xerox Multifunction Devices. Basically he wants people to treat these supposed embedded systems as servers which they really are. Through his research he found that the Xerox systems didn't have the GRUB boot loader locked down with a password so he was able to gain access to the system and basically do whatever he wanted with it. These systems are dangerous because they are full linux systems, but the user doesn't have access to it so they are unable to secure it. As you know services are constantly being found to be vulnerable and relying on a technician to come and patch your copier isn't going to keep your network safe. It would be wise for vendors to allow users access to these systems so that they can keep them safe.


BlueBag - Mobile Covert Bluetooth Attack and Infection Device


I missed Claudio Merloni and Luca Carettoni's talk about their cool suitcase based bluetooth hacking system named BlueBag, because I was fighting an epic battle with a cruel hangover this morning. I did get a chance to talk to them and photograph the bag up close in the press room. The system inside is a low powered Micro-ATX motherboard running Gentoo Linux and the custom software that does the actual hacking will be available soon on their website. The system can detect and attack bluetooth devices from distances of over several hundred feet thanks to the built in amplifiers and the attacker can access the BlueBag system via a laptop remotely. The BlueBag has a side effect of knocking out 802.11b within about 10 meters due to the bluetooth amps. They chose not to fly with the BlueBag and instead shipped it in to Vegas, which was probably a good idea due to the extremely suspicious contents of the case. More photos of the BlueBag here.