Gotenna at DefCon 26 in Vegas Aug 9-12?

#1

Hello, anyone going to DefCon in Vegas August 9th to 12th?
I’ve heard that there might be a presentation on Gotenna.
If anyone makes it, send a shout, would love to connect. I know there are a few permanent relays in place (but I doubt many of them have updated to 6 hops yet).

Might be a good idea to leave your daily drivers and laptops at home and use only disposable burners while you are there. :slight_smile:

2 Likes
#2

A Shout would be fine.

Locally, we’ve got plans for a Test Emergency Shout, but only after prior coordination with local Emergency Management authorities.

Given some of the trauma Vegas has recently experienced, I would strongly suggest not using Emergency Shout for this clearly non-emergency purpose unless you do coordinate with the relevant local authorities as to its time and purpose. I suspect they’d hope you also come up with a better purpose, too. YMMV

#3

That would be great! Hell yeah. Good call!
Although, if these things aren’t sms relaying… and they aren’t in the hands of any first responders…
I imagine it would be like shouting into the wind.

#13

The presentation is titled “Attacking Gotenna Networks” will talk about many of the vulnerabilities and weaknesses in the app, protocol, encryption, hardware etc. It will be given in the wireless hacking village.

1 Like
#14

Thank you! Very excited! I didn’t see it on the speaker schedule. Do you happen to know date and time. Want to make sure that I’m there for that.

#17

Saturday 11am at the Wireless Hacking Village. The schedule is not yet officially posted.

1 Like
#18

Thank you! Any advice for a N00b to DC?

#19

3 Hours sleep, 2 meals, 1 shower . Just go out and have fun, there is a lot to take in with talks, villages, hallway con, offisite events and evening activities

4 Likes
#20

You goin share that with us all? I know goTenna has been responsive in the past to feedback. I seem to remember they use CryptoBB and BouncyCastle — open source encryption libraries.

2 Likes
#22

You goin share that with us all? - I’ll post slides here before the talk, I can link the talk here once it’s up on youtube but I’m pretty sure either one will result in a 1,000 year ban, just like asking about puerto rico.

I know goTenna has been responsive in the past to feedback. - as in respond to messages yes, as in to solve problems no

3 Likes
#23

I’ll be there. Mostly playing in the CTF, but GID is 9803 1045 2557 12 for DC26. I’ll try to make the 11am noon talk on Saturday, too.

2 Likes
#24

1- The guy who keeps posting about Puerto Rico is a notorious troll (check him out on Twitter for a taste…) and I myself have flagged his posts as harassment. My read is goTenna should get a restraining order against that guy but that’s just me…

2- goTenna responded about the last DefCon presentation - below. I personally have never used phone # as GID but then again I’m anonymous whenever possible!

1 Like
#26

Found these from Defcon:
Was a good talk, but seemed a bit biased against Gotenna “toys”
He makes some good points, but…
-price actually $143 ish for TWO ($70ish each)
-not waterproof or playaproof, but ip66? Held up pretty well in our real world Hurricane / wildfire tests by DHS DMAT and CERT units.
-cannot beat it’s simplicity… and familiarity using own phone.
-does provide FREE SMS / twitter / twillio / custom web server backhaul digipeter functionality like APRS
-functions at 1 watt versus 8 watts Bao Feng for sameish LOS (only draws 100milliamps!) charges with any microusb, solar, or cell charger, can even use your phone to charge one.
-6 hop functionality without ANY infrastructure
-e911 text 911 may be possible in your area* Check local 10 digit backup number for county
-does not require FCC licensure like Baofeng / Ham
-try throwing your ham radio up a tree, flag pole, or roof?
-shxt screens on baofeng… free offline topo maps and gps on Gotenna Mesh using your own primary device screen
-Mesh Developer Toolkit FREE enables beacon, status updates, backhaul, auto replies, … IFTTT, tasker, automate-it SDK integration
-Free blueteam tracking with GliderLink built on Gotenna App
-Block/Mute malicious / spam / compromised nodes
-impossible for new users to accidentally block or jam an emergency channel (SDK limits to 5 tx per minute)
-GPS capability
-Automated Emergency SOS Beacon with preprogrammed message mode
-encryption
-FHSS noise resilience even in DefCon wireless village and capture the packet
-1 to 1 and selective group messaging
*While they talk complete trash about Gotenna opsec… in the 72 hours of DefCon, 28.8K of the worlds most 1337 ha><ors, NONE of the bountied gotenna foxes were caught or compromised - cash pot went unclaimed even though foxes / flags hidden IN wireless village itself “spamming” shouts and clues.

Part 1 of Gotenna glitch / exposure

Part 2 of Gotenna vulnerabilities pwn

2 Likes
#27

Yeah, he kept referring to the fact that he had not quite gotten around to looking at 5.0. I suspect much of what was of more than superficial significance under 4 was fixed along the way to 5.0. Would kind of make things stale if much of that was dealt with. I would bet that security was not neglected with the firmware update. Of course, it’s not talked about, either.

Yeah, exactly. I’m not sure what he means by hard to find, I went right to it. Then again, I don’t own a cellphone, but if I did and was as worried as this fellow wants to suggest I should be, I\d get another post-cell device and use it as my goTernna terminal, then, duh, don’t use the real cell # as my GUID.

The user decides. And yes, the default is toward regular citizen users, not the other end of things where people CAN use it in a relatively secure manner with little effort or expense. In this segment of the market, not a problem with knowing the various twiddles and fixes to enhanced opsec. It pays to remember that making the default mode be extensive opsec implementation (including managing the needed maintenance ¬ like crypto and key updates), this renders it rather more complex for Joe Citizen to use and afford.

A 3.5 hour battery life? All I gotta say is how much was he trying to force through the poor little thing and for what purpose? Sounds like a test case. Doesn’t sound like the use people would ever make on their own. My GTM battery always last longer than my device battery and it was replaced under the Apple battery program around the time we started using mesh here. I have mostly noticed a day\s worth of service with fully charged units.

The discussion about emergency use tended to be off the mark, more than on it. Couldn’t quite see what he referred to as authentic backup comms for med units, etc, but I suspect it wasn’t consumer grade anything (too $$, too much training to use; etc) And I’m sure hams everywhere cringed at his suggestion to just gear up with that stuff and start yakking away during the next neighborhood emergency. While I could see making a discrete suggestion to people needing it to do so “just in case,” to publicly call for the general population to do so is basically a recipe to paralyze a significant part of the sustainable, reliable emergency comms infrastructure that already exists. Once all the amateur “amateurs” start checking in and tying up repeaters, what might have worked will probably melt down.

If you want to actually have robust, survivable, redundant emergency comms, you shouldn’t work at undercutting one part of that system of systems, then turn to making the next network upward in the chain useless by suggesting flooding it with untrained and unauthorized users. goTenna Mesh is an affordable consumer grade device that does a whole lot of things right. Could it be better? Sure, but at what cost in weight, infrastructure needed, and general availability of a device that would not take away from other programs like ham support.

In the end, if goTenna didn’t crack under the hacks at work at defcon, especially with a well advertised pile-on underway as seems to be the case, it’s a likely sign that if things ever were as bad as he described, goTenna has already taken considerable steps toward solving many issues.

3 Likes
#28

I had seen the presentation at DEF CON and it did come across as more vendetta or hit piece than a constructive presentation of security research findings. That’s too bad as I think there were some valid points raised that it seems like goTenna would be interested in learning about and addressing. It’s a shame the presenter apparently hadn’t approached goTenna with these issues beyond a “drive by” post to this forum.

I would hope that goTenna reviews the posted video, and responds to and addresses those valid technical issues raised. It would be ideal if goTenna posted a response and action plan here.

2 Likes
#29

I came here to post my own debrief of this talk + usage at defcon, but it looks like all the salient points were covered.

Aside from some annoying users spamming the emergency channel, I found them to be super useful with my group over there. Had a few 5-hop contacts with friends. (Thanks for the assist!) I was pleased to see that blocking a contact also stopped their annoyance within the Emergency channel.

7 Likes
#30

Respectfully, while the Gotenna Defcon talk focused a lot on the comparison of a licensed ham radio for emergency communications vs the consumer (license-free) Gotenna Mesh - I think that the more appropriate conversation should be a comparison of a decent ham radio vs the Gotenna Pro model (which also requires a license unless it’s an emergency).

" Simply put, the goTenna Pro is 40x less expensive, 12x smaller, 10x lighter, and 30x more energy efficient than any other comparable mesh networking tactical radio system. Plus, with its intuitive smartphone integration, operationalization is immediate — no special training is required, as it works just like any other messaging app on your smartphone.

Some of the key enhancements in goTenna Pro relative to the company’s existing consumer product line are:

  • Professional-grade, high-performance mesh networking
  • Upgraded 5-watt variable output power
  • Software-defined tunable VHF/UHF radio (142-175MHz; 445-480MHz)
  • Greatly upgraded radio sensitivity (-124dBm)
  • SMA antenna connector for easy operation with any legacy antennas
  • Military grade ruggedization (MILSPEC; IP68)
  • Intrinsic safety for explosive environments
  • Upgraded battery life exceeding 60 hours per charge
  • Complementary enterprise fleet management portal

it boggles me that there’s no .apk available on Gotenna. com site or a publicly provided MD5 hash for the file… but it does appear that 3rd party websites are hosting the updated 5.0 .apk install file (YMMV) this should be downloaded, scanned, hashed, and installed by admin and shared before going into a comms-blackout scenario.
e.g.
https://apkpure.com/gotenna/com.gotenna.gotenna


#31

Those 3 sites appear to be hosting the same apk (SHA1: 1bf91ef7096d7cd53981ee17d32172d7a7ffc7e4), but the actual SHA1 of my Gotenna 5.0.2 apk on a Pixel 2 XL from the Play Store is aa0b7229f60a9b8dc33e345b017c85646456a994

3 Likes
#32

I was at the Attacking GoTenna networks presentation and the guy was a complete tool. Like many typical “everyone should be a ham” guys he clearly didn’t understand the purpose of the goTenna mesh network.
I would have refuted most of his points with “but that’s not the point of the goTenna mesh.”
Also, I think I was directly in front of the person who took the video. I was sitting in the front row.

3 Likes
#33

Hey! Cert!!! I took your advice and volunteered at my local CERT and Red Cross.
If you were sitting in front of the video, then we talked. I apologized and asked everyone in the first row if it was ok to film. I hope I didn’t inadvertently get you in the shot. If so, let me know and I’m glad to remove your face. Apologies. #Consent is the 11th rule.

I don’t want to be mean, but yeah, he was definitely agendized and seemed to be misconstruing / looking at everything in the worst possible light. Completely agree with you. He had said that he let Gotenna know back in October… maybe he was frustrated from the lack of communication? Humbly and respectfully, Gotenna should hire a strategic customer service or client engagement / public interaction officer. Their responsiveness/culture has certainly turned quite a few enthusiasts and would-be fan-boys off to the product.