9/14/2023 0 Comments Defcon tickets wednesday"A vulnerability that allows me to change someone else's answer on the polling system is a major oversight." "If I were more nefarious, what I could do is try to change the votes of my classmates," Nair said. The system is aware of all the other answers coming into the main base station in the classroom and can be set to automatically select the most common answer to submit, on behalf of the absent student. Going a step further, Nair demonstrated how the custom Time Turner could also respond to polling quiz questions that a teacher might ask. That means it could enable a student to claim to be physically in a class that they aren't actually in. He noted that the Arduino is a low-power technology that could be powered with a small battery.īy placing the custom Arduino-based Time Turner in a classroom, it could potentially mimic the actions of a legitimate device. Nair said that a clone device could be built using a low-cost Arduino electronics platform. "It is hard to overstate how vulnerable the system is, and it's even more shocking that this exact model is currently used at over 1,100 universities, and in nearly 100,000 classrooms," Nair said. With that knowledge, he realized that there was no encryption on the device transmissions and it could be possible to mimic a real device. In his talk, Nair outlined how the RFID-based system was reverse engineered so he could learn how it works. "It is, of course, hacking."īuilding a Time Turner to Exploit a Modern University "Without the luxury of magic, what is the next best thing?" Nair asked. Nair noted that in the popular Harry Potter fiction series there is a magical device known as a Time Turner, which is used to help enable a student to be in two classes at the same time, via time travel. The system includes a base station for each classroom or lecture hall, and then each student is required to carry a device, which can also be used to answer multiple-choice questions. Nair explained that many schools use an RFID-based attendance system known as an iClicker to track whether or not a student is present. student Vivek Nair outlined a scenario where a hack of the attendance system could, in fact, enable him, or anyone else, to be in two places at the same time. In a session at the DEF CON 29 conference on August 7, Ph.D. If a computer science student has a scheduling conflict and wants to attend two different classes that occur at the same time, what should that student do?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |