On Wednesday, the Localz EU team travelled to Berlin, where we ran a beacon treasure hunt for KPMG Hacknet. Only days had gone by since the Localz team had finished up at PayPal BattleHack London, but the hackers and developers that we are wanted more.
Hacknet is an internal event organised by KPMG NL, bringing together the best hackers and security engineers from KPMG, as well as selected partners and organisations. The aim of the event is for attendees, who are at the forefront of the latest malware and hacks, to communicate with the audience and swap information about the trends happening in their space. Activities ranged from talks regarding the latest relay hacks facing contactless EMV transactions, to an interactive event which involved hacking drone sensors to take over control of a simulated aeroplane. There were laptops, antennae, cables and terminals everywhere, a true hacker paradise. Oh, and donuts.
Of course, as this was Hacknet, it wasn’t all trends and slideshows. However, educating the audience on the need for caution with this new technology, and the importance of keeping the customer safe, is important to us. In any new market it is important to remember security and control without letting the novelty of a product run away from you. Martijn Verbree (@mverbree) the Director of Localz Europe presented on the relatively new technology that is iBeacon, and what we’ve seen in our experience with the use of beacons. Martijn spoke about the Top Security Risks, a range of attacks that nefarious minds may employ regarding micro-location technology, and the ways we have been ensuring protection of micro-location touch points, and how our platform can negate many of the current attacks, such as spoofing, but also some of the ways manufacturers of hardware beacons have used their own countermeasures. The feedback we received from the audience, about the mindset of KPMG customers in regards to this technology, will help us prioritise what is important in our next development cycle.
The talks at the Hacknet were very insightful, however the event didn’t stop there. After consuming numerous beers the night before, and wandering around Tiergarten (and maybe accidentally an embassy) installing beacons, we were ready for a treasure hunt game, with a twist.
At 1pm, all attendees were split into groups to uncover clues, only uncovered by being in close proximity to a beacon, that would ultimately lead to the recovery of the “explosive banana drone” threatening KPMG Berlin HQ. Participants were equipped with a map and the Hacknet app. The Hacknet app was built on the Localz platform, and enabled players to find the clues, which became visible on their phone when close to a beacon. They needed to collect all the clues, and then complete the mission.
But this wasn’t your normal treasure hunt audience; they were the KPMG White Hat Team. Some teams, not content to simply wander Tiergarten and surrounds, took to the laptops instead. We had teams packet sniffing the data, trying to decompile the app and penetrate the database. I’m proud to say that Localz came out unscathed, forcing all involved to hit the street to uncover clues, and use their skill to unlock the secrets.
The feedback we received from this highly engaged and skilled group of people was invaluable to Localz. We hope that the team at KPMG enjoyed the insight into the new world of iBeacon and micro-location, a market that is still only about 18 months old, as much as we enjoyed sharing it.
Oh - and if you like the idea of doing cool stuff with beacons and location at your next event, let us know.
Posted by Callum Murphy