Without fail in the weeks leading up to Black Hat and DEF CON, there are inevitably talks that are either pulled by organizers, cancelled by presenters, or strong suggestions are made that the talks don’t happen. This year’s first casualty, Ben Caudill’s scheduled DEF CON demonstration of ProxyHam, has already fanned some seriously speculative flames from the research and anti-surveillance camps about exactly why the talk isn’t happening.
Devices such as ProxyHam, a hardware proxy ideal for whistleblowers and others concerned about online privacy, apparently make some people nervous. On July 10, through his company Rhino Security Labs’ Twitter feed, Caudill announced that not only was his talk canceled, but source code for ProxyHam would not be released, all development was at a standstill, and existing devices were being disposed of. Early speculation on why Caudill’s talk drifted from a run-in with law enforcement, to the delivery of a National Security Letter, or concerns over possible violations of the Computer Fraud and Abuse Act (CFAA).
Effective immediately, we are halting further dev on #proxyham and will not be releasing any further details or source for the device
— Rhino Security Labs (@RhinoSecurity) July 10, 2015
Existing #proxyham units will be disposed of and no longer be made available at @_defcon_
— Rhino Security Labs (@RhinoSecurity) July 10, 2015
Caudill has refused to reveal why his talk won’t be given, and while he’s been deterred in moving forward with his project, others have not.
Samy Kamkar, a 29-year-old hacker and entrepreneur who has in the past seven months hacked a child’s toy to figure out garage door codes and hacked a USB charger to sniff keystrokes over the air, has picked up the cause for devices like ProxyHam. This week he unveiled ProxyGambit, similar in concept to ProxyHam but Kamkar said his device puts more distance between the user and the device than ProxyHam.
While ProxyHam could be stashed up to 2 ½ miles away from a user and its signal routed over Wi-Fi and radio connections, Kamkar says his device allows a user to access the Internet from anywhere without revealing their physical location. A description on Kamkar’s site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connects and exits the Internet through wireless networks far from the user’s physical location. From the site:
“While a point-to-point link is possible, the reverse GSM bridge allows you to proxy from thousands of miles away with nothing other than a computer and Internet with no direct link back to your originating machine.”
Kamkar told Threatpost that his approach makes it several times more difficult to determine where the original traffic is coming from.
“With ProxyGambit, once someone tracks the IP down, it’s almost a dead-end—it’s the ProxyGambit device using that Wi-Fi’s wireless connection,” Kamkar said. “If they go to the location and find the actual ProxyGambit device, they may find the 2G SIM card—which can be purchased with cash and no tie to your identity, and there’s almost no way to find out who was on the other side. Even if a government asked the mobile company, they’d have no information other than ‘pre-paid user.'”
-Samy Kamkar
Kamkar describes on his site how ProxyGambit can be used with either a high speed link with a direct line of site (up to 10 kilometers), or if further away, over a 2G GSM connection that produces a “reverse TCP tunnel serializing a shell into the device” that can be accessed either over the Internet or the GSM mobile protocol.
“Either method proxies your connections through local Wi-Fi networks near the device, shielding and making it more difficult to determine your true location, IP and identity,” he says on the site.
Kamkar lists the hardware necessary to build ProxyGambit, along with the software (available on Github) and wiring requirements.
“ProxyHam seemed great, but the range was an issue, and also the fact that line of sight is necessary. Also, it’s trivial to track that strong signal back to the originating antenna (your actual physical location),” Kamkar said. “ProxyGambit improves upon ProxyHam by adding the GSM layer which allows you to be anywhere in the world.”
Kamkar said this isn’t his first go-round building hardware-based anonymization devices.
“While I’ve built similar systems and gateways like this in the past, I built this specifically after I heard about the cancellation,” Kamkar said. “I thought ProxyHam was a great addition to the arsenal for privacy advocates and wanted it to live on.”