Encrypted radios promise off-grid privacy and security, but what if their core trust anchors can be broken with one message? Our latest research shows that a single, unauthenticated RF packet can overwrite any public keys goTenna Pro stores for peer-to-peer and group chats, silently substituting attacker-controlled keys so that every AES-256 encrypted message is now readable only to the attacker, not the intended recipient; by repeating the swap on both ends the attacker becomes an undetectable man-in-the-middle who alone can forward, alter, or drop traffic, leaving victims blind to compromise. We will live-demo three outcomes: pulling teams into GPS dead zones by injecting phantom coordinates; impersonating a surveillance teammate to feed disinformation and fracture cohesion; and detonating a network-wide blackout that forces operators onto weaker radio communication that allows easy direction-finding. The audience will watch us craft the packet, poison key stores, pivot between victims, and restore normalcy - all from commodity SDR hardware and open-source code released at the session. We close with a hardening guidance and a patch in goTenna Pro version 2.0.3 (CVE-2024-47130) proving once again that cryptography is only as strong as the key lifecycle surrounding it.

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West
5.4K views

DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon
11.1K views

DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth
8.5K views

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine
3.6K views

DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino
5.4K views

DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov
6.4K views