We’ve seen some ways to bypass biometric security measures but here’s a new offering that we think will be hard to fool. The Safelock system is used in conjunction with a password to identify a specific user. This software records your typing style including the time between keystrokes, the time keys are held, and key pressure data. This information is then normalized and compared to the information stored about the user when the password was originally set. If you don’t fall within specifications that match the stored data, you won’t get in even with the right password.
The icing on the cake is that Safelock will look for malicious users. If you enter the wrong password, it will begin to record and analyze your typing style. If you make enough incorrect attempts you will be labeled as a security threat and locked out of the system altogether. We can only think of one reliable way to circumvent this and that’s using a man-in-the-middle method of recording the keyboard inputs of the legitimate user for playback later.
This is an innovative user identification system and we’re not the only ones that think so. [Jeff Allen] and [John Howard], students at SMU won first prize for the Student Innovation Contest at the 2009 User Interface Software and Technology Symposium.
SecurityTube is a site which has recently caught our attention. The site has quite a variety of videos from various sources related to security and hacking. Videos range from DEFCON talks, to documentaries, step by step how tos, and even proof of concept vulnerability videos. It’s certainly a great resource for anyone looking for something a bit more involved then a plain text writeup, and offers a way for you to catch those hacker conference talks you missed. Many of the videos come with a bit of a background information as well, so it’s far more informative then your regular YouTube videos. This site is certainly going to become a very valuable resource for many people, and is certainly a great way to kill an afternoon while still learning something.
In 2006, Defcon 14 premiered a unique electronic badge. All it did was blink, but it raised the bar for what was expected from a hacker conference badge. In 2007, they went from 2 LEDs to 95 in a scrolling marquee. Along with a POV mode, the badge had two capacitive switches to let the user edit the displayed text. Defcon 16’s badge featured an IR transmitter and receiver for transferring files from an SD card. It worked as a TV-B-Gone and had pads to access a USB bootloader. That was the same year that The Last Hope debuted their RFID tracking badges.
This year the official Defcon badge reacted to sound, but they were no longer the only game in town. Ninja Networks brought their 10 character party badges with a built in debugger. The Arduino compatible HackTheBadge 1.0 also made an appearance. With these new entrants into the field, we wondered what you’d want to see in your ideal badge. What badge would you want to see at next year’s Defcon? Leave you comments below and keep in mind that it should be an idea that is easy to cheaply mass produce.
[Martin] tipped us off to HackTheBadge 1.0. Possibly more elusive than the NinjaBadge, HackTheBadge has a Dpad, a 3×5 LED matrix, Arduino compatable headers, and 46 GPIO channels. You can download the open source plans if you didn’t get one at Defcon. You probably didn’t, there were only 14 given out. You can also order one pre assembled. This makes us wonder, does being low in quantity qualify this as elusive?
While coverage of the official Defcon badge has been pretty heavy, there was a badge that was far more exclusive and talked about way more. For the last ten years at Defcon a group of hackers known as Ninja Networks hosted an invitation-only party for selected attendees. For the 2009 event, [cstone] and [w0z] created an electronic badge which acted as the ticket to the party. The badge is based around an 8-bit Freescale microcontroller (MC9S08QE8) which drives 10 individual 16-segment HIOX-format LED displays. Read the rest of this entry »
Following up on their post about the new Defcon 17 badges, Wired recently posted some of the best badge hacks of the con. Among the hacks featured were an LED frequency meter hack, a sound seeking dirigible powered by three badges, and a wireless geiger counter random number generator that sent random numbers back to a laptop equipped with a zigbee card. Probably one of the most impressive hacks mentioned, the hack that won the badge hacking contest, was the LED equipped baseball cap modeled above by [Joe Grand], Defcon’s defacto badge designer.
The hacked badge is connected to the cap by an ethernet cable, where the LEDs pulse on and off in order to defeat facial recognition systems. The cap’s designer told Wired that he initially designed the cap in order to sneak into [Grand]’s room to steal the über badges under his protection. Needless to say, the winner doesn’t have to worry about stealing the badges anymore as he was awarded his own über badge at the award ceremony. While we’re not completely sure who pulled off this awesome hack, we congratulate you and all of the participants of the badge hacking contest on your fantastic hacks.
Update: We’ve confirmed that the badge contest winner was in fact [Zoz Brooks], [Grand]’s co-star on the popular Discovery channel show Prototype This. From all indications, his hack seems to be legitimate and not a clever idea, however we are still looking to confirm this. Also, even though Wired’s article stated that the dirigible was sound seeking, we have confirmed that it is sound avoiding. Thank’s to everyone in the comments for pointing these things out.
A fake ATM machine, set to capture ATM information was found at Defcon 17 in vegas this year. Its design has a tinted plastic window at the top which attendees noticed had a computer in it. It was quickly removed by the police. Is this an amazing coincidence? We doubt it. Someone probably knew exactly who was going to be there and either wanted to scam some hackers or just wanted to have some fun.
[Aaron] has been working at iweb hosting for about 5 years. When he started, the number of servers was small enough that managing them was fairly painless and could be done by just manually verifying that everything was operational. As the number of servers grew, this task became more and more difficult. They employed various methods of tracking problems, but found them all lacking in one way or another. They got an idea to build a Defcon status page based on all of the information collected about their server status. The page was built and all rejoiced. As with most projects, they just couldn’t leave it alone. Next, they built an android app to be able to see the defcon status from their phones. As cool as that was, they felt they needed to have yet another way to keep track. They What you see above is the prototype for the office defcon status display. It is extremely simple, using an Arduino (yes, we know, massive overkill) to receive status updates to change the display number. [Aaron] says that right now it is a mess, and you have to shield it from the light with your hands to see it, but it works. What should the next step be? A giant Alpha Numeric LED indicator? A nixie tube?
With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.
Defcon is upon us once again, and that can only mean one thing: new badge designs. Our friends over at Wired posted the picture above along with a description of this year’s new badge. Since our last post, there has been little new information released regarding the components used for the new badge. However, we now know that it utilizes a microphone and a full color LED along with the Freescale mc56f8006, an advanced digital signal processing microcontroller. [Grand], the badge designer, told Wired that while this year’s design is a bit simplified compared to last year’s design, it is not nearly as easy to hack. Just like last year, the functionality of the badge hasn’t been announced yet. We’re hoping for some kind of communicator. Be sure to check out Wired’s article if you want to see the high res pictures.
