A team of researchers from Georgia Tech unveiled their findings yesterday at the Blackhat conference. Their topic is a power charger exploit that installs malware on iOS devices. Who would have thought that there’d be a security hole associated with the charging port on a device? Oh wait, after seeing hotel room locks exploited through their power jack this is an avenue that should be examined with all device security.
The demonstration used a charger and an BeagleBoard. Plugging in the charger is not enough to trigger the exploit, the user must unlock the screen while charging for it to go into action. But once that’s done the game is over. Their demo removes the Facebook app and replaces it with an infected impostor while leaving the icon in the same place on your home screen. They notified Apple of their findings and a patch will roll out with iOS7. So when would you plug your device into an untrusted charger? Their research includes a photo from an airport where an iPad is connected to the USB port of a public charging station.
The summary on the Blackhat site has download icons for the white paper and presentation slides. At the time of writing we had a hard time getting them to download but succeeded after several tries.
This hack doesn’t necessarily have a target application. But there’s a lot of potential. It’s a headless setup for tethering your Raspberry Pi to an iPhone. Building sensor arrays that upload to the Internet (live or just to dump its logs) immediately comes to mind. But we’re sure there are a ton of other applications just waiting to be thought of.
Tethering is pretty simple with the Raspberry Pi. Just install a few packages that are available in the repositories and make a quick configuration file tweak to allow hot-plugging. But this is dependent on the iPhone being mounted and that task is normally only automatic if the GUI is running. To get by without the X desktop [Dave Controy] walks through the ifuse setup to mount the phone from command line. The result is that your RPi will establish a network connect whenever the iPhone is plugged into it, without any intervention from you.
It’s quite common to have a timed lockout after entering several bad passwords. This simple form of security makes automated brute force attacks unfeasible by ballooning the time it would take to try every possible permutation. The lock screen on iOS devices like iPad and iPhone have this built in. Enter your code incorrectly several times and the system will make you wait 1, 5, 15, and 60 minutes between entries as you keep inputting the wrong code. But there is an exploit that gets around this. [Pierre Dandumont] is showing off his hardware-based iPad lock screen attack in the image above.
He was inspired to try this out after reading about some Mac EFI attacks using the Teensy 3. That approach used the microcontroller to spoof a keyboard to try every PIN combination possible. By using the camera kit for iPad [Pierre] was able to do the same. This technique lets you connect wired keyboards to the iPad, but apparently not the iPhone. A bluetooth keyboard can also be used. These external keyboards get around the timing lockout associated with the virtual lockscreen keyboard.
We’re of the opinion that this is indeed a security vulnerability. If you forget your passcode you can simply restore the device to remove it. That wipes all of your personal data which can then be loaded from an iTunes backup. Lockscreens are paramount if a device is stolen. They will give you the time you need to change any online credentials which might be remembered by the device.
Continue reading “iOS keyboard exploit allows brute force iPad lock screen attack”
The round-about way this iPhone garage door opener was put together borders on Rube Goldberg. But it does indeed get the job done so who are we to judge? Plus you have to consider that the Apple products aren’t quite as hacker friendly as, say, Android phones — so this may have been the easiest non-Jailbreak way.
The main components that went into it are the iPhone, a Wemo WiFi outlet, and a 110V rated mechanical relay. But wait, surely it can’t be that simple? You’re correct, just for added subterfuge [Tall-drinks] rolled IFTTT into the mix.
You may remember hearing about If This Then That from the Alert Tube project. It’s a web-based natural language scripting service. Throw everything together and it works like this: The iPhone sends a text message which IFTTT converts to a Wemo command. A power cord connects the Wemo outlet to the 110V electrodes on the relay. The normally open connection of the relay is attached to the same screw terminals of the garage door opener as the push button that operates it. When the relay closes, the garage door goes up or down.
The biggest problem we have with this is the inability to know if your garage door is open or closed.
The Vine app is all the rage these days. It lets you shoot six-second videos on your iPhone and easily post them on the Internet. The problem is that [Sean Hodgins] doesn’t find the time limit to be useful for traditional video. But you can cram a lot more info into a half-dozen seconds if you make it a time-lapse video. The rig above is his solution to making the Vine app act as a time-lapse recorder.
The trick is in how the app itself works. It only records video when you’re touching the screen. So you record one second of video, then remove your finger and it ‘pauses’ the recording until you’re ready for the next scene. [Sean] automated this by adding a servo motor and a stylus. An Arduino drives the servo, making quick taps on the screen to get as many different frames into the six seconds as possible. He had a bit of trouble registering quick taps at first. His solution was to inject 3.3V into the stylus he gutted for the project. Click through the link above to see some example videos, or watch this embedded video to see the hardware at work:
Continue reading “Vine app hack on iPhone makes time-lapse movies”
We mourn the loss of the physical keyboard with the advent of tablets. After all, we do a bit of typing getting all of these features posted throughout the week. And we kind of blame tablets for the decline of the netbook industry (we still use a Dell Vostro A90 when not at home). But we’re trying to keep an open mind that we may not need a physical keyboard anymore. If someone can come up with an innovative alternative to the Qwerty layout that we are able to learn and can use with speed and without physical strain we’ll be on board. Our question is, do you think we are close to a screen typing breakthrough?
This question came to mind after seeing the Minuum keyboard shown above. It compresses all of the rows of a Qwerty into a single row, monopolizing less screen space than conventional smartphone input methods. The demo video (embedded after the break) even shows them hacking the concept into a distance sensor and using a graphite-on-paper resistor. Pretty cool. But what happens when you type a word not in the dictionary, like this author’s last name?
You can actually try out the Minuum style thanks to [Zack’s] in-browser demo hack. He’s not affiliated with Minuum, but has done quite a bit of alternative keyboard input work already with his ASETNIOP chorded typing project. It’s another contender for changing how we do things.
Continue reading “Ask Hackaday: Are we close to reinventing the keyboard for touchscreens?”
CrashBangLabs in Regina recently got their hands on a laser cutter. The Full Spectrum cutter was donated by a local company, who were upgrading to a larger machine.
With no laser cutting experience, [Brett] decided that his first project would be laser engraving his iPhone 5. This is a bit of an ambitious first project, since the power and speed would have to be set correctly to get a good contrast level, and you only have one try to get it right. Also, using too much power might have turn the phone into a laser etched brick.
[Brett] used an older aluminium iPod for testing. Once the laser speed and power was dialed in, he loaded up the artwork for the real thing. The cutter did a pretty good job at etching the art, but as the etching started it became clear that an alignment error had occurred. Fortunately [Brett] decided to not interrupt the cutter, and ended up with a good looking phone, with a slight alignment issue.
After the break, check out a time lapse of the laser cutter doing its thing.
Continue reading “Laser Etching an iPhone 5”