Web Security Researcher @ Checkmarx
David Sopas leads a team of security researchers at Checkmarx and co-founder of Char49. With more than 15 years experience in pentesting and vulnerability research, he have been acknowledged by companies like Google, Yahoo!, eBay and Microsoft. Retired from this bug bounty hunting "career", Sopas now focus on IoT security and tries to learn new things every day.
Exfiltrate all the things!
This talk is based on our research on airgap systems and covert channel exfiltration methods. Nation state spying users seems pretty common these days and we will show the audience how to implement these covert channels using NFC and visible light.
The talk will be split into two parts. Starting with a brief explanation on airgaps and data exfiltration, moving on to some of the existing techniques and finishing it with some of our own already published research, live demos included.
The speakers will show how is possible to exfiltrate information using two methods. First by abusing an IoT Bluetooth Low Energy light bulb and retrieve the information reflected off a wall or any other surface with an off-the-shelf smartphone. Then a different approach on NFC will be shown. What if you can use the NFC chip of a device with a longer range? And transmit information even behind walls?