The term "most people" is terribly exaggerated. Defcon is not nearly as scary as some people make it out to be. If you have the latest security updates across your devices, disable wifi and take a few other precautions things are fine. I was there this year as saw just as many late model iPhones (most likely not a burner) in peoples hands as I did at any other conference I attended.

People do routinely screw with the cell phone networks there. Here's what happened to my burner phone this year: https://twitter.com/ryancdotorg/status/891558627986751492

I'd tried to force the phone to LTE only, but I'm not sure whether it worked.

Yep. There were several fake towers setup that would allow man in the middle attacks for phones / networks that were insecure.

Exactly. I don't think the guy who said "nobody uses a burner phone" has ever been to DEFCON. And given that phones cost $10.00 why not?

If people are on iPhones, they're on their old one.

> And given that phones cost $10.00 why not?

Because most burner phones use 2G or maybe 3G, both significantly weaker than LTE.

My burner phone, with disabled wifi, bluetooth, and data, was owned this year.

I gave up on burner phones because they were typically old and terribly vulnerable with no possible way to update - think older Android phones. Although, I did win the WiFi Village Fox & Hound hunt a few years back using a Samsung S4, but I had that thing locked down to using only a WiFi strength meter app and of course it was running CyanogenMod back when that was still a thing.

These days I update, backup, and lock down my daily use iPhone before going. See my post earlier in the comments for more details on that. In terms of what was happening in the last two years at DEF CON that could get you with all the steps I took, OpenLTE networks were tricking phones into attaching to them and the most disturbing thing I saw of that was middling of TLS. However, it was of course with a self-signed certificate so as long as you didn't accept the cert, you were likely fine.

If you had an older phone and one without all the latest updates and wasn't configured to be mostly silent, then your experience could be very different. There are a surprisingly high number of SMS exploits which still work to this day on a large number of phones and of course SS7 has architectural weaknesses which will likely never be fixed.

> OpenLTE networks were tricking phones into attaching to them and the most disturbing thing I saw of that was middling of TLS

I am sure that many folks would be very interested in seeing any supporting data/captures. This is incredibly uncommon.

Someone had put a map together of the OpenLTE / catchers they found but I can't find it. In my particular case, I had WiFi off the entire time and received certificate validation failure notices four times at different locations while at DEFCON. Given I was only connecting with LTE, there could only be one explanation for those certificate warnings. I was being redirected to an OpenLTE or other cellular base station and someone was running a MitM proxy or solution like SSLSplit on the connection.

Unfortunately when it comes to calling it "incredibly uncommon", we really don't have any widely deployed solutions to identify rogue cellular base stations so it's very difficult to say how often it happens IRL although the only times I've ever seen it happen have been the last two years at DEF CON.

That's quite disturbing. Share more details? Model of phone and OS installed? Nature of the compromise, if you know?

I saw all sorts of attempts to pwn me when I was there this year!

I was at a company that sent a large cohort to Defcon. I wasn’t going but I went to the pre-conference security briefing. The requirements were fairly extensive: no company laptops, only company phones with a long password, no 2G, no 4G, must be locked to a specific carrier, no WiFi, no bluetooth... the list went on. They were pretty concerned.

Out of my sample size of 1, I didn't take either of my devices -- my work phone or my personal phone -- to defcon or Vegas when I went last year: they didn't even leave my home.

I bought a laptop at Staples, put Fedora on it, used it for the conference, and I only really use it for when I go to conferences and the like.

There is a mix of folks using late model phones and burner phones, but, there there is a lot of burner usage at DefCon/DerbyCon/BlackHat.

Most people at Defcon use a "burner phone"*

I highly doubt this. Also, bear in mind that few bug hunters would be dumb enough to burn an iOS RCE 0day on some of the most monitored/logged wireless airspace on the planet.

I went there with my iPhone 6S and a Macbook Pro, and was fine. Granted, I spent all of DEFCON holed up in Caesar's doing the CTF, but I didn't encounter any issues.

DEF CON provides conference WiFi with preauthorized certificates (WPA2), so if you remove all other known open networks then you can have secure and sane WiFi at the conference.

broadcom disagrees.

Are you referring to a bug which was fixed prior to Defcon?

>DEF CON provides conference WiFi with preauthorized certificates (WPA2), so [if you remove all other known open networks] then [you can have secure and sane WiFi at the conference].

Emphasis mine. Merely "removing" networks from your device does not preclude you from being attacked. Broadcom and all the locked-down devices that aren't iphones or high-end android devices who use them demonstrate this quite nicely.

I haven't heard any reports of people using the Broadcom attack on a vulnerable device at DEFCON (And there are a whole lot of people monitoring the airwaves)