Bill Swearingen - HAKC THE POLICE - DEF CON 27 Conference

Share

Summary

Bill Swearingen, a veteran DefCon attendee and hacker, discusses how to hack police radar and lidar systems. He covers the federal offenses and individual state laws related to these devices, drawing from his past experiences and providing technical insights into radar and laser speed measurement. Swearingen also introduces his open-source laser jammer project, NOTCHACOTCHA.

Highlights

Introduction and Disclaimer
0:00:00

Bill Swearingen is introduced as a hacker from Kansas City with a history of influencing the hacker community, including co-founding Cowtown Computer Congress and SecKC. This is his first DefCon talk. He immediately warns that the topic is illegal in all 50 states, emphasizes personal responsibility for actions, and notes the talk is U.S.-centric. He jokes about getting arrested and tells attendees to bail him out if he does.

Past Experiences with Hacking Emergency Devices
0:04:59

Swearingen recounts his experience from 10 years ago with 'iHacked' where he released a device to trigger pre-emptive street light changers, turning them green. He mentions getting media attention from Wired but advises against publicly discussing federal offenses, as selling or using such devices is a felony with penalties up to 2 years in prison and a $10,000 fine.

The Hacker Ethos and Questioning the World
0:06:42

Swearingen describes himself as a lifelong hacker, influenced by his engineer father to question how things work. He believes hackers should use their curiosity to understand and influence the world. He then reads an excerpt from the Hacker Manifesto, emphasizing curiosity and judging people by their actions and knowledge.

Acknowledging Law Enforcement and Story Time
0:07:59

He asks for law enforcement to raise their hands, playfully suggesting they might not want to be picked for a demo. He clarifies that he respects law enforcement and doesn't want to live without laws, but his interest is in understanding technology. He then shares a personal story about getting a speeding ticket and remembering his dad's tale of using microwaves to jam radar.

How Radar Works and What it Measures
0:10:49

Swearingen explains that radar measures speed by detecting the Doppler shift of sound waves, primarily using high-frequency radio waves (microwaves). He shows the equation for calculating speed from frequency shifts. He highlights that only a tiny fraction of the signal is reflected back to the police radar system.

Types of Police Radar Bands
0:14:40

He introduces the three main radar bands: X band (older, less used), K band (most commonly used worldwide and in the U.S., also known as the 'grocery store band' due to false alerts from automatic door sensors), and Ka band (the multi-mode emerging system). He also jokingly mentions Ku band for Europe.

Live Radar Jamming Demo
0:16:39

Swearingen conducts a live demo with a volunteer playing a police officer. He uses a modified radar gun (from a Hot Wheels toy) to show how he can return the same frequency as the police radar to appear stationary, and then slightly adjust the frequency to indicate moving at a specific speed (111 mph), demonstrating how radar can be tricked.

The Math Behind Radar Jamming
0:20:12

He explains that a device could be built to continuously transmit a frequency that makes a car appear to be going 65 mph. He provides the specific gigahertz frequencies needed to jam X band and K band radar. He notes that multi-mode Ka band is more complex but can also be overcome. He connects this back to his dad's story, confirming that a microwave oven would have jammed X band radar, making a car appear to go 'negative 97 million miles an hour'.

Challenges with Constant Jamming and Solutions
0:22:17

Swearingen addresses the problem of constantly transmitting at a set speed, especially in varying speed zones like school zones. He points out that modern radar detectors like Valentine 1 and Escort 360 can detect radar signals miles ahead and share the exact frequency via Bluetooth, allowing for dynamic jamming. He outlines the concept of an app that integrates speed limits via APIs, radar detector data, and transmits the appropriate jamming frequency.

Cost and Legality of Radar Jammers
0:24:44

He estimates that a basic radar jammer could be built for about $700, with SDRs being the main cost. However, he reiterates that radar jamming has been illegal by the FCC since 1996, making it a federal offense to sell, use, or even advertise these devices due to their seriousness. He suggests focusing on other countermeasures.

Laser (Lidar) Technology and Countermeasures
0:26:55

Swearingen shifts to laser (lidar) speed enforcement. He explains that while radar detectors are poor at detecting lidar, lidar is regulated by the FDA (not FCC) and must be Class 1 eye-safe lasers, making them inherently weak. Unlike radar, lidar measures distance, not speed, by sending rapid pulses and calculating the time of flight. Officers must aim and target reflective surfaces like headlights or license plates.

Laser Jamming Legality and Brute Force Method
0:30:40

He presents a map showing that laser jamming is legal in about two-thirds of the U.S. states. He explains that when a laser gun sends a series of pulses, it's measuring distance. By returning a pulse before the reflected one, a jammer can dictate the reported distance. He proposes a 'brute force' method: sending a pulse every 1 millisecond at 904 nanometers (the standard wavelength). This method makes the car appear close and stationary, returning an error message on 80% of laser guns.

Advanced Laser Jamming and NOTCHACOTCHA
0:35:02

Swearingen addresses advanced laser guns that employ countermeasures to brute force jamming. He suggests that by understanding how these guns shift their pulse widths, jammers can also shift their responses. He highlights that identifying the specific gun by its second pulse allows for implementing tailored countermeasures. He then introduces 'NOTCHACOTCHA', a 12-volt ESP8266-based open-source laser jammer. It uses brute-force mode, effective against 80% of current laser jammers, though not against advanced Dragon Eye systems. He calls for community help to reverse-engineer commercial jammers (or build unique solutions) to compete with commercial-grade equipment. It can also emulate laser guns for testing purposes. The bill of materials is simple, costing only about $8. His code is available open-source, and he confirms it works, as it’s legal to test in Kansas.

Recently Summarized Articles

Loading...