This week, MuscleNerd and a few other unnamed dev team members will be at DEFCON 17 in Las Vegas. We’ll of course be carrying our iPhones on us like last year. Bringing an iPhone to a conference packed with hackers has both benefits and risks. Here are 10 tips for iPhone users at a hacker conference (or any technical conference). Most of these tips apply to jailbroken devices, but some also apply to stock devices too.
-
Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like twitter.com) to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you’ll end up on the Wall of Sheep. But you’ll be giving up your password to anyone else sniffing too.
-
Consider not using the hotel or conference wifi at all, especially if you’re getting 3G speeds anyway. Do not have your iPhone auto-connect to known networks. If you’re bringing a Mac to the conference and you use wifi, at least set up your firewall properly. Turn off everything in Settings?Sharing. Then in Settings?Security?Firewall, click “Set access for specific services”?“Advanced”?“Enable Stealth Mode”.
-
Learn how to use tethering to avoid wifi on your laptop altogether (and any hotel wifi charges too). By the way, the conference wifi generally doesn’t reach up to the hotel rooms, and vice versa.
-
If you’re avoiding wifi, consider buying 3G Unrestrictor in Cydia. It tricks applications that would otherwise insist that you be on wifi into using your cellular data network instead. Such apps include Skype, Slingplayer, iTunes, and many others.
-
Change your root and mobile passwords. Everyone’s iPhone starts off with the root and mobile password of “alpine”. You really don’t want to be in a hotel full of hackers who know your root password. You probably don’t need ssh access to your iPhone at the conference anyway, so uninstall it or toggle it off using SBSettings.
-
The above tips all apply at the McCarran airport, too. Don’t let your guard down on Sunday after the conference ends, since many of the people around you waiting for their flights out of Las Vegas will have just come from the conference too.
-
The conference events last from morning through well into the night. If you have firmware 3.0 on your iPhone and both bluetooth and wifi are enabled, you’ll very likely deplete your battery before the day is done. There are power outlets in each of the conference rooms, but those are often the first spots taken (especially late in the day). Consider disabling bluetooth and wifi if only for battery consumption reasons (and maybe even rollback to 2.2.1 ).
-
The “Hack the Badge” contest is a very fun event lasting the whole conference. If it’s anything like last year, the Hardware Hacking Village will be packed all weekend long with tinkerers trying to make their badge do cool and unexpected things. Kingpin has released very limited info about this year’s badge (to make the contest more exciting), but one thing he has revealed is that it will use a simple 3-wire serial interface. On the conference forums, he’s recommended that you bring your own level converter to make the serial voltages compatible with your laptop. But if you connect your badge to your iPhone’s serial interface, you won’t need a level converter. It’s already at the correct voltage. That’s why the early tethered jailbreak for the iPod Touch 2G was able to use the DEFCON 16 badge as a hardware dongle example to boot the device.
-
The official twitter tag is #defcon. So fire up your preferred iPhone twitter client (for example, Tweetie) and add #defcon as a saved search. And don’t forget to use that tag yourself when you tweet about something at DEFCON.
-
There are several talks that may interest iPhone and Apple owners in particular. Scanning the talk titles reveals things like “Hacking the Apple TV”, “Is your iPhone Pwned?”, “Jailbreaking and the Law of Reversing”, “Hacking with the iPod Touch”, “Attacking SMS. It’s No Longer your BFF”, and “Runtime Kernel Patching on Mac OS X”, For hardware tinkerers, any talk with Chris Tarnovsky or Kingpin is a guaranteed winner. The iPhone Dev Team gave a talk at 25C3 in December but isn’t presenting anything at DEFCON 17. We have a talk planned for HAR 2009 in a few weeks.
Reposted from http://wikee.iphwn.org/howto:iphones_at_defcon