Your Unhashable Fingerprints Secure Nothing

Passwords are crap. Nobody picks good ones, when they do they re-use them across sites, and if you use even a trustworthy password manager, they’ll get hacked too. But you know what’s worse than a password? A fingerprint. Fingerprints have enough problems with them that they should never be used anywhere a password would be.

Passwords are supposed to be secret, like the name of your childhood pet. In contrast, you carry your fingers around with you out in the open nearly everywhere you go. Passwords also need to be revocable. In the case that your password does get revealed, it’s great to be able to simply pick another one. You don’t want to have to revoke your fingers. Finally, and this is the kicker, you want your password to be hashable, in order to protect the password database itself from theft.

In the rest of the article, I’ll make each of these three cases, and hopefully convince you that using fingerprints in place of a password is even more broken than using a password in the first place. (You listening Apple and Google? No, I didn’t think you were.)

Continue reading “Your Unhashable Fingerprints Secure Nothing”

iPhone Jailbreak Hackers Await $1M Bounty

According to Motherboard, some unspecified (software) hacker just won a $1 million bounty for an iPhone exploit. But this is no ordinary there’s-a-glitch-in-your-Javascript bug bounty.

On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.

But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.

Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.

We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.

And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)

Move Over Gucci; Laser Cut Handbags Are a Thing

What happens when you want to make a custom handbag with some handy tech features, and have access to a nice laser cutter? You end up doing what [Christian] did: design a assemble a Woman’s Handbag made of Laser-Cut Leather with iPhone charger and LED Light.

The design of the bag was made in Adobe Illustrator and sent off to a Epilog Legend 36EXT laser cutter located in the hackerspace located near [Christian] in Vienna. Once the parts were precision cut, traditional leather sewing methods were used to assemble the handbag (with a little help from a shoe cobbler).

The interior of the bag was lined with old blue jeans and a white LED, which is wired and held into place with conductive thread. Powered by a coin cell and controlled by your choice of a button, or a slide switch, the light helps locating items in the deep bag.

Slide a standard USB battery pack in one of the pockets of the old jeans and you are ready for a night out on the town. Join us after the break for a video showing the design, construction and features of this practical project.

Continue reading “Move Over Gucci; Laser Cut Handbags Are a Thing”

Reverse Engineering Apple’s Lightning Connector

Introduced with the iPhone 5 nearly two and a half years ago, Apple’s Lightning connector has stymied the incredible homebrew electronics scene that was previously accustomed to the larger, older, better documented, and more open 30-pin connector. Now, finally, the protocols inside the Apple Lightning connector have been broken. We’re still a ways off from a Lightning breakout board, but this is the first proof that a serial console can be obtained through a Lightning connector. That’s the first step to totally owning an iDevice, and this is how all those exploits will start.

[Ramtin Amin] began the teardown of the Lightning connector began as most reverse engineering tasks should – looking at the patents, finding a source for the connectors, and any other products that use similar hardware. [Ramtin] found a Lightning to Serial converter powered by an STM32 microcontroller. Disassembling the firmware and looking at the output on a logic analyzer, [Ramtin] figured out part of the protocol, most of the wiring, and after some research, schematics for how an until-now unidentified chip in Lightning-enabled iProducts was wired.

The chip in question is colloquially known as the Tristar, and more accurately as a CBTL1608A1. During the teardown craze of the iPhone 5 launch, this chip was frequently identified as a DisplayPort Multiplexer. It is a mux, but not for DisplayPort – it’s only to connect the accessory (Lightning) UART, debug UART, baseband, SoC, and JTAG. This is the key to the castle, and being able to get through this chip means we can now own our iDevices.

The chip is an incredibly small BGA affair that [Ramtin] desoldered, reflowed onto a breakout board, and connected to an STM32 Discovery board. Using the techniques he used with other Lightning-enabled hardware, [Ramtin] was able to connect his iPhone and ever so slightly peek his head into the inner workings of his device.

It’s not complete control of an iDevice yet, but this is how all those future exploits will start. [Ramtin] uploaded a short video as a proof of concept, you can check that out below.

Continue reading “Reverse Engineering Apple’s Lightning Connector”

Clockety Uses Phone Flash for Projection Clock

[Gaurav Taneja] was showing off his projection clock add-on for iPhone called Clockety at this year’s Consumer Electronics Show. The concept is pretty neat, a clip-on clock which uses the iPhone flash LED as the light source. It may sound a little gimmicky until you see the functionality of the accompanying app which is shown off in the video after the break. Once clipped onto the phone, you lay it face down on your night stand and a gentle tap on the furniture will turn the projection on or off. This is a killer feature when you’re staying some place without an illuminated bedside clock.

Continue reading “Clockety Uses Phone Flash for Projection Clock”

Selfie-Bots Will Take Your Best Shots For You

Professor [Bruce Land] teaches a microcontroller class at Cornell University, and it seems like this year’s theme was selfie-taking-robots.

First up is a clever mix of technology by [Han, Bihan and Chuan]. What happens when you take an iPhone, three microphones and a microcontroller? The ultimate device in selfie-taking-technology, that’s what — Clap-on! The iPhone is mounted on a few servo motors which allows the bot to direct the camera towards, you guessed it, a clapping noise. On the second clap, the phone takes your picture. Cute.

Next up is a bit more sophisticated — a facial recognition selfie-bot. This little robot can be programmed to track faces and take pictures of you and your friends when your arm is just not long enough. Not only that, you can set all kinds of parameters so you get the perfect picture. It uses OpenCV to crunch the raw data and outputs commands to an ATmega1284 which controls the servo motors that direct the camera. This project was by [Michael and Jennifer] — two fourth year students at Cornell.

Continue reading “Selfie-Bots Will Take Your Best Shots For You”

Real-Time Thermal Projection Saves Your Tastebuds from the Hot Stuff

With another wave of holiday parties about to land on our doorstep, we still haven’t found a great way to stop scalding our tongues each time [Uncle Dave] pours us an enticing cup of boiling cocoa.

Thankfully, [Ken] has both you and your holiday guests covered with a clever trick that takes the data from a FLIR ONE and projects a heat profile onto the surface it’s observing. Here, [Ken] has superimposed his FLIR ONE data onto his kitchen table, and he’s able to visualize 2D heat profiles in near-real-time.

If you haven’t started quantifying yourself recently (and what are you waiting for?), the FLIR ONE is yet another opportunity to help you become more aware of your surroundings than you are now. It’s a thermal camera attachment for your iPhone, allowing you to see into the infrared band and look at the world in terms of heat. We’ve covered the FLIR ONE before, and we’ve seen ways of making it both clearer and more hacker-friendly.

As we tip our hats to [Ken], we’d say he’s a generous fellow. This hack is a clever inversion of the normal use case where you might whip out your FLIR-ONE-enabled iPhone and warn your cousins not to try the hot chocolate for a few more minutes. With [Ken’s] solution, the data is right there on your condiments and in plain sight of everyone, not just for you with your sweet, Star-Trek-augmented iPhone.

Continue reading “Real-Time Thermal Projection Saves Your Tastebuds from the Hot Stuff”