Before winding up with the presentation, Ryan Lackey and Marc Rogers provide some final details on the travel routers and answer DEF CON audience’s questions.Ryan Lackey: So, out of this full range of hardware we needed to come up with initial piece of hardware that we wanted to support as a development environment (see right-hand image). The Qualcomm Atheros AR9331, which is used in the Hak5 Pineapple, used in a bunch of travel routers, super cheap in quantity – is awesome. We wanted to have a pre-built image for it and multiple ports. The other thing is we really want to be able to power it off of USB, because then you can use USB batteries, you can power it off your laptop. And one use case for this is you use something like a Nexus 7 or a cell phone with the baseband turned off, and you want your mobile phone to be able to talk to this device, which then have a WiFi connection or a 3G connection plugged into it. So having something that could be battery-powered is great, but putting a battery into a small cheap device is more of a consumer engineering challenge for us. We are not really all hardware guys, so trying to make things as simple as possible made sense. And, obviously, it needs to be easy to use, with a GUI for configuration. But there are some problems (see left-hand image). A lot of this hardware is designed to be as cheap as possible when you make it in, like, million-unit quantities. The price difference between a 64 MB RAM chip and an 8 MB RAM chip is substantial in those quantities. So they put the absolute minimum amount of RAM, absolute tiniest flash they can possibly do in these devices. And we wanted to have multiple radios and multiple ethernets in a small device, which wasn’t really a common use case. The other problem is we’re sort of in the middle of 802.11n and 802.11ac. USB 2.0 is still the most widespread power protocol we could use, so we’re limited to 500mA. Radio quality on a lot of this stuff is actually really-really bad: they’re using questionable antennas and their whole RF chain is pretty questionable.
Also, making quantity under 10 of something is really easy because you can make it yourself. Making quantity, like, 100,000 or a million of something is also fairly easy because you can justify amortizing your dev costs over a large number of things. But making, like, 1000 of them or 5000 of them is still a pain point. We looked at the cost of making them; you can buy these travel routers for about $100, $20, whatever. For us to make a small quantity of them is going to be really expensive. And there’s a problem of, if we make the special secret spy router that everyone can use – 1) we have to distribute it to all the people that want it, and 2) it’s itself very suspicious, so the guy carrying around the super-secret spy device is going to get special attention, and special attention is the absolute last thing you want.
Marc Rogers: Speaking to someone who gets special attention every time he goes to the airport, I can tell you it’s a real drag.Ryan Lackey: I had been working on this as a hardware thing and ended up selling my company instead and doing some other stuff at CloudFlare. So it was sort of like a back burner thing, and then I was like: “Oh, what are we gonna do?” And then – we’re saved by China (see right-hand image). There’s apparently a company in China that makes the perfect device. It appears to be a clone of a much more popular device, but it happens to have a huge amount of RAM and a huge amount of ROM. And they are really cheap. It’s the “Goodlife” GL-iNet box. You can buy them for $215 for 10 of them and you get them in three days. They’re awesome. It’s pretty much the perfect hacking platform for this kind of hardware. It’s got two ethernet ports on it, USB and the micro USB for power. It’s pretty ideal.
So we’ve got portalmasq.com, we’ve got tools that are loading up there that will let you effectively use the old Portal toolchain and then additional pluggable transports on it. Building the server side of it is maybe a little bit ambitious at this point, but definitely the client-side hardware will work with the existing services.Marc Rogers: We would welcome a ton of feedback because we want to shake this into a tool that’s generally usable. This is no good if it’s hard to work with. It needs to be the kind of thing that you pop in your pocket, that a journalist can take, go to a foreign country and use it for secure communications without even thinking about it.
Ryan Lackey: … And open-source, obviously, non-commercial.
Marc Rogers: Thank you! Any questions?
Question: Could you provide some additional details about the device?
Ryan Lackey: This is a clone of TP-Link 703N.
Question follow-up: Why didn’t you use other devices to build the travel router?
Marc Rogers: They are great; the problem is – less RAM means less stuff. And what I ultimately want to put on this is I want there to be a SIP phone, I want there to be Tor with pluggable transports, and I want to put on some tools so that they can actively probe the networks they are connected to and make some judgments about the kind of networks. It needs to give some guidance and give a little bit of advice in terms of the level of security that the user is experiencing at that point.
After we gave a similar talk for H.O.P.E. and after the feedback we got from that, we’ve started putting together this kitchen tool so that you guys can use anything you want. There just may be some tradeoffs. If you put some of the tools onto a USB device, perhaps it’s not going to be quite as fast and there may be some UI issues. Likewise, maybe you don’t care about the SIP phone and you just want something that has Tor stuff on it. This will allow you to just point and click, choose what you want, build the image, flash it to your device – and off you go. And the big benefit of that is, if we can have a ton of people with a ton of different devices doing it – it makes it much harder for anyone to say: “This is the bad thing.”
Question: The people here are hackers and they can get one of these things and use it. Is your device going to be available enough for, like, my mom to use it?
Marc Rogers: That is a great question. We’re contemplating, maybe we should do a Kickstarter, maybe we should donate a bunch to the EFF and have them give out. I’m kind of hoping that, as people start to use it, more people will hear about it and want to use it. I’ve been talking to a global telco provider, they’re potentially going to give us a global SIM that we can put in this and bundle a chunk of free data. So, at that point you’ll have a pocket travel router that has a 3G bearer no matter where you are. This thing will get you going before you’ve even checked in to a hotel. At that point, this could be useful enough that people will start using it, and then the security features will kind of come as a benefit.
The code is already up, the basic stuff. It’s a living project. I would be really happy to have the kitchen and most of the UI done by the end of this year.
Read previous: Masquerade 4: Introducing Secure Travel Routers