Oooh, look, a public charging station. Should you trust it? You might get juice jacked. Oh wait, you’ve got a USB Wrapper designed by [Scasagrande] to deny access to your datas.
This project was inspired by the USB Condom, but the problem with those is that they completely cut out the data lines and limit the charge rate to USB 2.0 (500mA). The data lines are used to communicate information about the charger’s power sourcing capabilities to the device. Many manufacturers short D+ and D- together, but Apple applies specific voltages to those lines.
[Scasagrande]’s USB Wrapper gives you options. You can set it to Dedicated Charging Port, Sony, Open Circuit, or Apple. The super-cool part of this hack is for you Apple fanboys. The bottom slider lets you emulate any Apple charger and use any USB cube (including one you may have made) as long as you have that funny cable in your messenger bag. The hardware is open source and available at [Scasagrande]’s repo.
Make the jump to see [Scasagrande]’s nicely detailed video about the project.
Continue reading “Don’t Just Go Sticking That Anywhere: Protect the Precious With a USB Wrapper”
The HackPhx Winter 2014 hackathon was held at Heatsync Labs hackerspace in Mesa, Arizona, USA. The advertised theme was “Arduino Wearables”. Participating attendees were randomly placed on teams evenly distributed by their disclosed skills across all teams. There were 10 teams with 4 to 5 members per team competing for two winning spots.
Each team had to build an amazing wearable project utilizing the secret ingredient which was Seedstudio’s Arduino-compatible Xadow wearable platform and add-ons. The Xadow is similar to the Arduino Leonardo and participants used an Arduino cross compatibility and pin mapping chart to assist in development.
Top prize was the Judges’ prizes for the best completed and documented Xadow wearable team project. The second prize was the Jury’s prize given to the team project that the other teams liked the most regardless of event criteria.
Read more about the winning teams and watch their presentations after the break.
Continue reading “HackPhx Winter 2014 Hackathon Winners”
[Yoshinok] recently posted an Instructable on doing a $10 smartphone-to-microscope conversion. The hack isn’t so much a conversion as just a handy jig, but it’s still interesting. The basic idea is to set up a platform for the slides, and to mount the smartphone directly above. The trick, and the reason this can be called a microscope, is that [Yoshinok] embeds the lens from a cheap laser pointer into the smartphone holder. He is able to get 40x optical magnification with the lens, and even though it sacrifices quality, he uses the built-in digital zoom to get up to 175x magnification.
By itself, you could use this with a light source to magnify 3D objects. [Yoshinok] demonstrates this with a dime. But since the slide holder is made of clear acrylic, he mounted a cheap LED flashlight in the base to serve as through-sample lighting. Using this setup, he was able to observe the process of plasmolysis.
If you have kids, this is certainly a project to do with them, but we can’t help but think it will be useful for non-parents alike. This sort of magnification is good enough for simple lab experiments, and given that most Hack-a-Day readers have these parts lying around, we figure the cost is closer to $0. If you give it a try, let us know your results in the comments!
Continue reading “Use Your Smartphone as a Microscope for Less Than $10″
A team of researchers from Georgia Tech unveiled their findings yesterday at the Blackhat conference. Their topic is a power charger exploit that installs malware on iOS devices. Who would have thought that there’d be a security hole associated with the charging port on a device? Oh wait, after seeing hotel room locks exploited through their power jack this is an avenue that should be examined with all device security.
The demonstration used a charger and an BeagleBoard. Plugging in the charger is not enough to trigger the exploit, the user must unlock the screen while charging for it to go into action. But once that’s done the game is over. Their demo removes the Facebook app and replaces it with an infected impostor while leaving the icon in the same place on your home screen. They notified Apple of their findings and a patch will roll out with iOS7. So when would you plug your device into an untrusted charger? Their research includes a photo from an airport where an iPad is connected to the USB port of a public charging station.
The summary on the Blackhat site has download icons for the white paper and presentation slides. At the time of writing we had a hard time getting them to download but succeeded after several tries.
This hack doesn’t necessarily have a target application. But there’s a lot of potential. It’s a headless setup for tethering your Raspberry Pi to an iPhone. Building sensor arrays that upload to the Internet (live or just to dump its logs) immediately comes to mind. But we’re sure there are a ton of other applications just waiting to be thought of.
Tethering is pretty simple with the Raspberry Pi. Just install a few packages that are available in the repositories and make a quick configuration file tweak to allow hot-plugging. But this is dependent on the iPhone being mounted and that task is normally only automatic if the GUI is running. To get by without the X desktop [Dave Controy] walks through the ifuse setup to mount the phone from command line. The result is that your RPi will establish a network connect whenever the iPhone is plugged into it, without any intervention from you.
It’s quite common to have a timed lockout after entering several bad passwords. This simple form of security makes automated brute force attacks unfeasible by ballooning the time it would take to try every possible permutation. The lock screen on iOS devices like iPad and iPhone have this built in. Enter your code incorrectly several times and the system will make you wait 1, 5, 15, and 60 minutes between entries as you keep inputting the wrong code. But there is an exploit that gets around this. [Pierre Dandumont] is showing off his hardware-based iPad lock screen attack in the image above.
He was inspired to try this out after reading about some Mac EFI attacks using the Teensy 3. That approach used the microcontroller to spoof a keyboard to try every PIN combination possible. By using the camera kit for iPad [Pierre] was able to do the same. This technique lets you connect wired keyboards to the iPad, but apparently not the iPhone. A bluetooth keyboard can also be used. These external keyboards get around the timing lockout associated with the virtual lockscreen keyboard.
We’re of the opinion that this is indeed a security vulnerability. If you forget your passcode you can simply restore the device to remove it. That wipes all of your personal data which can then be loaded from an iTunes backup. Lockscreens are paramount if a device is stolen. They will give you the time you need to change any online credentials which might be remembered by the device.
Continue reading “iOS keyboard exploit allows brute force iPad lock screen attack”
The round-about way this iPhone garage door opener was put together borders on Rube Goldberg. But it does indeed get the job done so who are we to judge? Plus you have to consider that the Apple products aren’t quite as hacker friendly as, say, Android phones — so this may have been the easiest non-Jailbreak way.
The main components that went into it are the iPhone, a Wemo WiFi outlet, and a 110V rated mechanical relay. But wait, surely it can’t be that simple? You’re correct, just for added subterfuge [Tall-drinks] rolled IFTTT into the mix.
You may remember hearing about If This Then That from the Alert Tube project. It’s a web-based natural language scripting service. Throw everything together and it works like this: The iPhone sends a text message which IFTTT converts to a Wemo command. A power cord connects the Wemo outlet to the 110V electrodes on the relay. The normally open connection of the relay is attached to the same screw terminals of the garage door opener as the push button that operates it. When the relay closes, the garage door goes up or down.
The biggest problem we have with this is the inability to know if your garage door is open or closed.