Presented at
DEF CON 33 (2025),
Aug. 9, 2025, 1:30 p.m.
(45 minutes).
Encrypted radios promise off-grid privacy and security, but what if their core trust anchors can be broken with one message? Our latest research shows that a single, unauthenticated RF packet can overwrite any public keys goTenna Pro stores for peer-to-peer and group chats, silently substituting attacker-controlled keys so that every AES-256 encrypted message is now readable only to the attacker, not the intended recipient; by repeating the swap on both ends the attacker becomes an undetectable man-in-the-middle who alone can forward, alter, or drop traffic, leaving victims blind to compromise. We will live-demo three outcomes: pulling teams into GPS dead zones by injecting phantom coordinates; impersonating a surveillance teammate to feed disinformation and fracture cohesion; and detonating a network-wide blackout that forces operators onto weaker radio communication that allows easy direction-finding. The audience will watch us craft the packet, poison key stores, pivot between victims, and restore normalcy - all from commodity SDR hardware and open-source code released at the session. We close with a hardening guidance and a patch in goTenna Pro version 2.0.3 (CVE-2024-47130) proving once again that cryptography is only as strong as the key lifecycle surrounding it.
Presenters:
-
Erwin "Dollarhyde" Karincic
Erwin is an experienced security researcher specializing in both hardware and software reverse engineering, binary analysis, and exploit development across a range of processor architectures. He has notable experience in implementing complex Radio Frequency (RF) waveforms using Software Defined Radios (SDRs) for cybersecurity applications, complemented by his proficiency in designing, simulating, and fabricating antennas tailored for such applications. His past work includes extensive TCP/IP networking experience, designing worldwide secure communication systems. Erwin holds a number of prestigious certifications, including OSCP, OSCE, OSWE, OSEE, and CCIE Enterprise Infrastructure. Erwin is also a staff member in the RF Hacker Sanctuary and a member of Security Tribe.
-
Woody
Woody thinks Linux is a member of the Charlie Brown gang who can lift heavy things but not always spell them. He has had some success with RF exploits in the past with the first ever goTenna exploit talk in the RF wireless village as well as the first attack against Ford Raptor key fobs with RaptorCaptor exploit. Woody’s unique background, familiar to some, gives him a creative aspect to the impact of goTenna Pro research in the physical and RF world. Woody is also a staff member in the RFHacker Sanctuary, a member of Security Tribe, and has appeared on a few episodes of Hak5 describing novel device attacks.