CreepyDOL


Update on December 4, 2013: Want to watch the videos?

CreepyDOL (Creepy Distributed Object Locator) is the name of the sensor networking project I’ve been working on since January, with the initial thoughts coming from a post-DEF CON 20 musing on the airplane. I presented it at Black Hat USA and DEF CON 21. I could summarize, but frankly Ars Technica did a really good job of hitting the high notes with their summary, and Forbes did one of the best early pieces. The project also got coverage on Gizmodo, Gizmag, Dark Reading, The New York Times, CNN, and so on. I even got on Bloomberg TV. All in all, a pretty wide reach for a security talk.

I cited some prior good work having to do with large-scale data collection and academic sensor network research in my slides, but I missed a really neat presentation from 44Con in 2012, where a project called Snoopy did some very related work. Both Snoopy and CreepyDOL start from the problem of “beacon frames are leaking too much data,” but then they take it a fascinating direction: rather than doing the very simple work through the NOM Filters that I describe in my talks, they do some really deep analytics, and sometimes go into a fully active wireless attack mode, complete with deauth, MitM, SSLStrip, etc. Their sensor system is quite different, too—more-powerful endpoints, connected in a star topology, compared to my distributed network (using Reticle) of really simple endpoints—and I encourage everyone to go check out their work. I hate (and not just due to my academic background) to miss citing to prior work, so I’m sorry I didn’t know about the project in time to put it in my slides. My apologies to the authors, and seriously—go check out their work. It’s great.

(As a side note, “I looked and I couldn’t find anything, then way later discovered someone else had solved some of the same problems I did” is pretty much the exact reason I started Hark, a project to create a hacker archive that gives us the discoverability of academic work, while making sure to encourage more than just formal papers. I’d really love to be able to get it running, but we need your help: check out the Kickstarter to learn more, and support the effort!)

Since a huge number of people have asked: I will be selling completed F-BOMBs (the hardware I use for CreepyDOL, now in version 2) in a few weeks, for those who would like to purchase them. They’re a great base platform for a lot of different areas of work: they’re more powerful than usual sensors, while also being much cheaper. (Of course, many sensor motes are ultra-low-power, which these are not; everything is a tradeoff.) If you’d like to get announcements when preorders for the F-BOMB are being taken, as well as a few other milestone announcements from CreepyDOL, sign up for the CreepyDOL Announce List.

In addition, I will be releasing everything related to CreepyDOL—source code, some binaries, disk images, VMs, parts lists, sketches—all at once, as soon as I can; I’m aiming for the end of August, but that date may slip. (There’s some code cleanup that I need to do; while some projects enjoy having large amounts of profanity in the code base, I’m going to work on removing mine. :-) ) Rest assured, that code is coming.

Have more questions about CreepyDOL? Drop me a line: brendan -at- maliceafterthought -dot- com.

Thank you to all the people I’ve ceaselessly annoyed and/or ignored for the last several months while getting this all ready (especially Kathryn Sweet), to the Black Hat and DEF CON CFP committees, and to everyone who showed up to my talks at either conference. And, not least, to the kind and gentle Goons, who insisted that I take the ritual shot of Jack Daniels before I began my DEF CON talk.

Below, my slides from Black Hat, my slides from DEF CON, and the YouTube copy of the video demo I showed at each (there’s no sound).