PogoPlug Hacking: A Step by Step Guide to Owning The Device

[Films By Kris Hardware] has started quite an interesting YouTube series on hacking and owning a PogoPlug Mobile v4. While this has been done many times in the past, he gives a great step by step tutorial. The series so far is quite impressive, going into great detail on how to gain root access to the device through serial a serial connection.

PogoPlugs are remote-access devices sporting ARM processor running at 800 MHz, which is supported by the Linux Kernel.  The version in question (PogoPlug Mobile v4) have been re-purposed in the past for things like an inexpensive PBX, an OpenWrt router and even a squeezebox replacement. Even if you don’t have a PogoPlug, this could be a great introduction to hacking any Linux-based consumer device.

So far, we’re at part three of what will be an eight-part series, so there’s going to be more to learn if you follow along. His videos have already covered how to connect via a serial port to the device, how to send commands, set the device up, and stop it calling home. This will enable the budding hacker to make the PogoPlug do their bidding. In this age of the cheap single-board Linux computer, hacking this type of device may be going out of style, but the skills you learn here probably won’t any time soon.

Continue reading “PogoPlug Hacking: A Step by Step Guide to Owning The Device”

White-hat Botnet Infects, Then Secures IoT Devices

[Symantec] Reports Hajime seems to be a white hat worm that spreads over telnet in order to secure IoT devices instead of actually doing anything malicious.

[Brian Benchoff] wrote a great article about the Hajime Worm just as the story broke when first discovered back in October last year. At the time, it looked like the beginnings of a malicious IoT botnet out to cause some DDoS trouble. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. More recently a new Mirai variant has been launching application-layer attacks since it’s source code was uploaded to a GitHub account and adapted.

Hajime is a much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.

The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.

So where is this all going? So far this is beginning to look like a cyber battle of Good vs Evil. Or it’s a turf war between rival cyber-mafias. Only time will tell.

Ask Hackaday: Why Did Modular Smart Phones Fail?

Remember all the talk about modular smart phones? They sounded amazing! instead of upgrading your phone you would just upgrade the parts a bit like a computer but more simplistic. Well it seems modular phones are dead (video, embedded below) even after a lot of major phone manufacturers were jumping on the bandwagon. Even Google got on-board with Google Ara which was subsequently cancelled. LG released the G5 but it didn’t fare too well. The Moto Z from Motorola seemed to suffer from the same lack of interest. The buzz was there when the concept of these modular phones was announced, and people were genuinely exited about the possibilities. What went wrong?

For a start people expect their phones to have everything on board already, whether it be cameras, GPS, WiFi, high-capacity batteries or high-resolution screens. Consumers expect these things to come as standard. Why would they go out and buy a module when other phones on the market already have these things?

Sure you could get some weird and wonderful modules like extra loud speakers or perhaps a projector, but the demand for these items was small. And because these extras are already available as separate accessories not locked down to one device, it was a non starter from the beginning.

When we did our user studies. What we found is that most users don’t care about modularizing the core functions. They expect them all to be there, to always work and to be consistent. — Lead engineer Project Ara

The hackability of these phones would have been interesting to say the least, had they come to the mainstream. It just seems the public want thin sleek aluminum phones that they treat more as a status symbol than anything else. Modular phones have to be more bulky to accommodate the power/data rails and magnets for the modules, so they’ll lose out in pocketability. Still, we hope the idea is revisited in the future and not left on the scrap-heap of obsolescence.

Would you buy a modular smart phone? Even if it is bigger or more expensive? Is that really why they failed?
Continue reading “Ask Hackaday: Why Did Modular Smart Phones Fail?”

IoT Security is Hard: Here’s What You Need to Know

Security for anything you connect to the internet is important. Think of these devices as doorways. They either allow access to services or provides services for someone else. Doorways need to be secure — you wouldn’t leave your door unlocked if you lived in the bad part of a busy city, would you? Every internet connection is the bad part of a busy city. The thing is, building hardware that is connected to the internet is the new hotness these days. So let’s walk through the basics you need to know to start thinking security with your projects.

If you have ever run a server and checked your logs you have probably noticed that there is a lot of automated traffic trying to gain access to your server on a nearly constant basis. An insecure device on a network doesn’t just compromise itself, it presents a risk to all other networked devices too.

The easiest way to secure a device is to turn it off, but lets presume you want it on. There are many things you can do to protect your IoT device. It may seem daunting to begin with but as you start becoming more security conscious things begin to click together a bit like a jigsaw and it becomes a lot easier.

Continue reading “IoT Security is Hard: Here’s What You Need to Know”

Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.

This is quite disturbing, What if someone left a tea towel on the hob or some other flammable material before leaving for work, only to come back to a pile of ashes?  This is a six-gazillion BTU stove and oven, after all. It just seems the more connected we are in this digital age the more we end up vulnerable to attacks, companies seem too busy trying to push their products out the door to do simple security checks.

Before disclosing the vulnerability, [Pen Test Partners] tried to contact AGA through Twitter and ended up being blocked. They phoned around trying to get in contact with someone who even knew what IoT or security meant. This took some time but finally they managed to get through to someone from the technical support. Hopefully AGA will roll out some updates soon. The company’s reluctance to do something about this security issue does highlight how sometimes disclosure may not be enough.

[Via Pen Test Partners]

Prisoners Build DIY Computers and Hack Prison Network

The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.

This Ethernet router was located in a training room in the prison. Physical access is everything in computer security.

Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:

The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”

The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.

This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.

A Touchscreen From 1982, That Could Kill With A Single Finger Press

Over the pond here in the UK we used to have a TV show called Tomorrow’s World, It was on once a week showing all the tech we would have been using in 10 years time (or so they said). In 1982 they ran with a story about a touch screen computer. Perhaps not what you would recognize today as a touchscreen but given the date and limited technology someone had come up with a novel idea for a touchscreen that worked sort of.

It was a normal CRT screen but around the edges where photodiodes pointing inwards as if to make an invisible infrared touch interface just half an inch in front of the screen. Quite impressive technology giving the times. As they go through the video showing us how it works a more sinister use of this new-fangled touch screen computer rears its ugly head, They turned it into a pretty cool remote-controlled gun turret complete with a motorized horizontal and vertical axis upon which an air pistol was placed along with a camera. You could see an image back from the camera on the screen, move the gun around to aim the weapon, then with a single finger press on the screen, your target has been hit.

Continue reading “A Touchscreen From 1982, That Could Kill With A Single Finger Press”