Day 1 in Germany with a single rattagatta node deployed on a T-Dongle-S3 (loving these trains!)
22,675 BTLE devices
14,804 are connectable
7,797 were connected and indexed
AVG RSSI of -88 for connected
1,056 unique characteristic/service pairs
Compared with US:
Same brands of Bluetooth headphones but EVERYWHERE, Xiaomi/Redmi watches and phones, Lime scooters and Segways, same hardware key lockbox systems (STANMORE), Lots of smart kettles/waffle irons/cappuccino etc..., Polestar (electric cars)
contd.
Mar 21 • 13 tweets • 3 min read
RE: APEX / ALGS / EAC Remote Code Execution
👋 I wrote undectable cheats for online games for challenge and sport for many, many years. I know enough to know that no one has the answers, but I'd like to call out some things you may have glazed over, and put them in context. 🧵
About a month ago, the suspected individual talked on stream about cheating and attempted to defer the accusation by saying "you can't cheat on console"
I am very familiar with this claim, and why it's important in context!
Jan 10 • 4 tweets • 2 min read
“The research institute says the sender's device name, email address, and mobile phone number are hashed in the iOS device logs.”
Yeah, those hashes are in the wireless handshake too, and you don’t need physical access to the device. This has been known for a loooooooong time
The Chinese researchers used a rainbow table.
I… downloaded the US Facebook DB dump, and then generated the hash table assuming that phones near me had the local area code.
Took like 4 hours. Could tell the email and phone number of everyone in wireless proximity instantly.
Feb 19, 2023 • 4 tweets • 1 min read
Lotta hot takes today about about SMS 2FA, so I’ll add mine. Remember all those “text NNNN for a ringtone, only $0.99!” commercials?
Yeah… those telco premium rate sms services are still around, and SMS 2FA is ripe for abuse by registering premium rate numbers.
Anyways, SMS fraud is a fun world to know about.
“Why didn’t they just rate limit the SMS 2FA to only distribute one code per hour, limiting volume fraud that could occur?”
Scammers just make more accounts, and despite public statements, Twitter actually cannot identify bots.