Xilef
nullagentSo, funny story. Every cop's body cam is basically an AirTag. I did a talk at DEFCON explaining how you can detect and ID police body cams with your phone.
The talk is now available on YouTube in 1080p
DEF CON 31 - Snoop On To Them, As They Snoop On To Us - Alan Meekins
If you enjoyed our talk please consider supporting. We have a ton more crazy hacks, apps and most importantly open source up our sleeve but it won't happen without your help.
Our crew is broke AF, this is not a drill.
America puts 1% of total company creation dollars into Black founders. Direct support is literally our only way out.
🛩9395224!!69🐷@nullagent Thank you for sharing that presentation! That was hella bad@zz 😮 🙏 
Michael Vilain@nullagent rfparty isn't in the Google Playstore (shocking I know) but links to it and a side loader made me decide to abandon this mink lined rat-hole.
ErgonWolf@nullagent Once upon a time, information like this would be disseminated slowly through 'zines like White Feather. I mean nothing by this other than an observation.
ThomasToSpace@nullagent Super cool talk. Also got the rfparty app. Gonna be a lot of fun!
Small feature request: It would be great to see devices in a list view as well. Currently have 9 devices around me, but since they're on top of each other, I can't see them individually.
AlexanderMars@nullagent be cool if the data could be federated so we could, uh share “locations of interest” between local users. Be very handy during civic awareness activities, for safety.
@AlexanderMars you'll probably enjoy reading our technology road map 😉
@nullagent fucking all star
@nullagent so is Gpgfs distributed like ipfs but encrypted or am I just projecting? Just digging into this project, you guys are working on some really cool shit.
James Britt
Caro Flores Hine@nullagent What do you think about this "smart textile" thing? https://www.popsci.com/technology/smart-epants-privacy/
TeflonTroutVet here, these sound like a dangerous, but surprisingly potentially useful idea...
Pretty sure special forces types 100% don't want their fucking clothes to rat them out if local authorities get a hold of them, for starters.
Secondly, unless they passively store data, or link physically to secure transmission devices, wearing something that broadcasts unsecurely is a Bad Idea. Putting encryption data into them is also a Bad Idea. But! ....
@ushcala @nullagent ... Imagine if they were used, for example, as an antenna?
Military is headed the direction of massively networked peer to peer information sharing. It could support mounting a ruggedized, slim interface to your sleeve instead of having to carry a radio. Location, audio, hell, even helmet cam footage transmission via encrypted comms, enhanced gunshot direction detection, automated wound reporting... this isn't nearly as ridiculous as it sounds- For the MILITARY, not cops
Greg Stolze@TeflonTrout @ushcala @nullagent What barriers exist to keep military technology from flowing straight into precincts? Lots of connections are already in place. Look how quickly Active Denial tech moved from Afghanistan to the L.A. prison system.
@GregStolze @ushcala @nullagent yep, I 100% agree, but that is outside the scope of my experience and my comments' intent. It's a major issue that merits its own discussion.
Florida Ted@ushcala @nullagent because we're not yet adequately surveilled, right?
Viss@nullagent oh rad! I'm glad I can finally watch this :D :D
Michael Darweesh ☑️
Irishleprechan@nullagent shouldn’t politicianswear bodycams as cops must?
I’d like to know where mine spends their time
I’d like to know where mine spends their time
aethervision@nullagent I am in no way suggesting that you consider calling the app Truffle in an inversion of a truffle hunting pig. I just want to make that clear.
Isho'ye@aethervision @nullagent Stylize it as "tRuFfle" to highlight the connection to rfparty?
@wuffish @nullagent absolutely.
Ralph Hogaboom@nullagent is that talk online? It sounds fantastic
char (#4|2
ChiefGyk3D@nullagent @darnell hey @ylove didn’t we chat about something like this in private? Well it looks like you can actually do it
coldclimate@nullagent astounding work
Negative12DollarBill@nullagent
In the talk you give the impression that Bluetooth LE device scanners are unusual/discouraged in the Apple App store, but there about about a hundred which come up when I search?
I got the one you named and will be driving past my local police station with great interest anyway.
Felipe, o motoboy de treta@nullagent it applies only to US?
Scott Jackson@nullagent Am I incorrect in assuming that with slightly more sophistication, someone could, for example, set up multiple bt scanners around a hideout and have some simple algorithm triangulate the physical position of body cams?
As in, someone could detect the SWAT team attempting to breach the wall and know which wall they're trying to breach before they do?
webhat@nullagent any plans to release a version on @fdroidorg
Luna Lactea@nullagent Don't most BLE devices change their MAC address like every 15 minutes though? How would you identify a specific device?
Kira@jackemled @nullagent Do they actually?? How would your computer/phone know what device it’s connecting to without the same MAC address?
@kira @nullagent They probably share a key with eachother or notify eachother before changing their MAC addresses. I haven't done any research on it besides to find out that most modern Bluetooth devices do it when I had an issue tracking Bluetooth devices by MAC addresses that was caused by that.
@jackemled @nullagent This seems really obvious after looking into it but you’re correct, the BT pairing process is just sharing a long-term key that the devices can use to connect to each other.
@kira @nullagent Oh ok! Thank you for explaining! I still wonder how a device that doesn't have a copy of the key is able to identify another device for longer than a few minutes at a time though.
Purple 
Only some do, mostly phones. Most devices I have do not seem to use MAC Randomisation
@Purple @nullagent Oh ok! That does still make it difficult for identifying phones.
@jackemled purple hits the nail on the head. About half way through the talk I mentioned about a dozen common broadcast data fields (aka GAP fields). While the MAC may be randomized(like in Apple Countinuity) many of these additional fields are not, and can be very unique. So even when a MAC changes things like device name or manufacturer data do not. Finally some devices are so unique and rare it doesn't matter because you only see one at a time.
@nullagent Oh ok! That makes sense. An iPhone might be identifiable because the name is always something like "Kaylee's iPhone". I had an iPhone for a short amount of time & I think it automatically changed its name to say it's mine, so most iPhones should be identifiable that way.
AnarchoTechDFW@jackemled @nullagent Reminds us of this tool that, among other things, recognizes devices based on what WiFi networks they're trying to reconnect to: https://www.wired.com/story/this-anti-tracking-tool-checks-if-youre-being-followed/
Dec [{(
)}]
Joan of Contention 😷@nullagent Do you know whether this applies to all body cameras? (Including ones used in the Ireland/EU market?)
Michael Sipior@nullagent Thank you for that very timely and interesting talk.
Léauxfi@nullagent
Just casually mentioning that #Apple #continuity broadcasts the users phone activity via #BLE. 😬
Just casually mentioning that #Apple #continuity broadcasts the users phone activity via #BLE. 😬
The Animal and the Machine
[David Nathanson has moved]@nullagent This is tremendous work. I’d love to hear your thoughts about what kinds of discovery defendants should be seeking related to this topic when a police officer’s conduct is at issue. Thank you!
Cats Who Draw 
@nullagent Thank you!!
For anyone not familiar with the term #Airtag (also Apple product brand), it is like a homing beacon where a signal is emitted in open space that allows geolocation monitoring in near real time. In this case, a portable blue tooth or wifi device emits a signal which is recorded and saved to a database, that provides a tracking capability for third parties and general public.
your auntifa liza 🇵🇷 🦛 🦦
leah is looking for work 
@nullagent funny tidbit: these devices seem to be in use in some major cities in germany, with a lot of clustering in the east:
cuan_knaggs@pee thinking you might be interested in this one @nullagent
cybervegan@nullagent Awesome! Unfortunately, the Android app link doesn't seem to work (at least for me, I'm in the UK).
agundy@nullagent Cool talk!