Group entry hacks are a favorite for hacker social groups. Why use old fashioned keys when you can use newfangled electronic keys? If you are looking to build a simple RFID-based security system to secure your important stuff, this project from Resin.io is a good place to start. In it, [Joe Roberts] outlines the process of building a simple RFID-triggered mechanism for their office door.
It’s a pretty simple setup that is composed of an RFID reader, a Rasperry Pi and a Neopixel ring. When someone places an RFID card against the reader hidden behind a poster by their front door, the reader grabs the code and the Pi compares it with a list of authorized users. If the card is on the list, the Pi triggers the door lock using a signal line originally designed to work with an intercom system. If the user isn’t on the list, a laser is triggered that vaporizes the interloper… well, that’s perhaps in the next version, along with an API that will allow someone to open the door from the company chat application.
At the moment, this is a clean, simple build that uses only a few cheap components, but which could be the basis for a more sophisticated security system in the future.
On the one hand, this is awesome functionality. The browser is the most ubiquitous cross-platform operating system that the world has ever seen. You can serve a website to users running Windows, Linux, Android, iOS, or MacOS and run code on their machines without having to know if it’s a cellphone, a desktop, or a virtual machine in the Matrix. Combining this ubiquity with the ability to control Bluetooth devices is going to be fun. It’s a missing piece of the IoT puzzle.
On the other hand, it’s a security nightmare. It’s bad enough when malicious websites can extract information from files that reside on your computer, but when they connect directly to your lightbulbs, your FitBits, or your BTLE-enhanced pacemaker, it opens up new possibilities for mischief. The good news is that the developers of Web Bluetooth seem to be aware of the risks and are intent on minimizing them, but there are still real concerns. How does security come out in the balance? Read on.
Capcom’s CPS2 – or CP System II – was the early to mid-90s arcade hardware famous for Super Street Fighter II, Alien vs. Predator, and a few of the Marvel and Capcom crossover arcade games. As you would expect, these boards have become collectors items. Unfortunately for future generations, Capcom took some short-sighted security measures to prevent copying the games, and the boards have been failing over the last two decades.
Last year, [ArcadeHacker] reverse engineered the on-chip security for Capcom’s Kabuki processor, the CPU used in some of Capcom’s earlier arcade boards. It used a similar protection scheme. In the Kabuki hardware, the on-chip ROM was interspersed with a few XOR gates on the processor’s bus. With a security key kept in battery-backed memory, this was enough to keep the code for the game secret, albeit at the cost of preventing historical preservation.
Over the next few weeks, [ArcadeHacker] will post more detailed information about the copy protection scheme of the CPS2 board, but the proof-of-concept works right now. It’s now possible to revive a CPS2 board that has killed itself due to a dead battery, and the hardware is as simple as an Arduino and a few test clips. You can check out a video of the exploit in action below.
Security in the home — especially a new home — is a primary concern for many. There are many options for security systems on the market, but for those will the skills, taking matters into your own hands can add peace of mind when protected by a system of one’s own design. [Armagan C.] has created their near-ideal multi-sensor security module to keep a watchful eye out for would-be burglars.
Upgrading from their previous Arduino + Ethernet camera — which loved to trigger false alarms — [Armagan] opted for a used Raspberry Pi model B+ camera module and WiFi connection this time around. They also upgraded the unit with a thermal sensor, LPG & CO2 gas sensor, and a motion tracking alarm. [Armagan] has also set up a live streaming feature that records video in 1hr segments — deleting them daily — and circumvented an issue with file descriptor leak by using a crashed drone’s flight controller to route the sensor data via serial port. It is also proving superior to conventional alarms because the custom software negates the need to disarm security zones during midnight trips to the washroom.
It’s probable that most Hackaday readers are aware of their own computer security even if they are not specialists. You’ll have some idea of which ports your machines expose to the world, what services they run, and you’ll know of a heap of possible attack vectors even if you may not know about every last one.
So as part of that awareness, it’s likely you’ll be wary of strange USB devices. If someone drops a Flash drive in the parking lot the chances of one of you blithely plugging it into your laptop is not high at all. USB ports are trusted by your computer and its operating system, and to have access to one is to be given the keys to the kingdom.
Our subject today is a DEF CON talk courtesy of [Dominic White] and [Rogan Dawes] entitled “Universal Serial aBUSe“, and it details a USB attack in which they create an innocuous USB stick that emulates a keyboard and mouse which is shared across a WiFi network via a VNC server. This gives an attacker (who can gain momentary physical access to a USB port to install the device) a way into the machine that completely bypasses all network and other security measures.
Their hardware features an AVR and an ESP8266, the former for USB and HID work and the latter to do the heavy lifting and provide WiFi. They started with a Cactus Micro Rev2, but graduated to their own compatible board to make the device more suitable to pose as a USB stick. Both hardware and software files can be found on their GitHub repository, with the software being a fork of esp-link. They go into significant detail of their development and debugging process, and their write-up should be an interesting read for anyone.
Below the break you can find a video description of the attack. It’s not a shock to know that USB ports have such little defense, but it is a sobering moment to realize how far attacks like this one have come into the realm of what is possible.
It doesn’t matter how many bits your password has, how proven your encryption is, or how many TrueCrypt volumes are on your computer. If someone wants data off your device, they can get it if they have physical access to your device. This is the ‘evil maid’ security scenario, named after hotel maids on the payroll of a three-letter agency. If someone has physical access to a laptop – even for an hour or two – the data on that laptop can be considered compromised. Until now, there has been no counter to this Evil Maid scenario, and for good reason. Preventing access to data even when it is in the possession of an Evil Maid is a very, very hard problem.
Software defined radios are getting better and better all the time. The balaclava-wearing hackers know it, too. From what we saw at HOPE in New York a few weeks ago, we’re just months away from being able to put a femtocell in a desktop computer for under $3,000. In less than a year, evil, bad hackers could be tapping into your cell phone or reading your text message from the comfort of a van parked across the street. You should be scared, even though police departments everywhere and every government agency already has this capability.
These rogue cell sites have various capabilities, from being able to track an individual phone, gather metadata about who you have been calling and for how long, to much more invasive surveillance such as intercepting SMS messages and what websites you’re visiting on your phone. The EFF calls them cell-site simulators, and they’re an incredible violation of privacy. While there was most certinaly several of these devices at DEF CON, I only saw one in a hotel room (you catchin’ what I’m throwin here?).
No matter where the threat comes from, rogue cell towers still exist. Simply knowing they exist isn’t helpful – a proper defence against governments or balaclava wearing hackers requires some sort of detection system.. For the last few months [Eric Escobar] has been working on a simple device that allows anyone to detect when one of these Stingrays or IMSI catchers turns on. With several of these devices connected together, he can even tell where these rogue cell towers are.
Stingrays, IMSI catchers, cell site simulators, and real, legitimate cell towers all broadcast beacons containing information. This information includes the radio channel number, country code, network code, an ID number unique to a large area, and the transmit power. To make detecting rogue cell sites harder, some of this information may change; the transmit power may be reduced if a tech is working on the site, for instance.
To build his rogue-cell-site detector, [Eric] is logging this information to a device consisting of a Raspberry Pi, SIM900 GSM module, an Adafruit GPS module, and a TV-tuner Software Defined Radio dongle. Data received from a cell site is logged to a database along with GPS coordinates. After driving around the neighborhood with his rogue-cell-site detector sitting on his dashboard, [Eric] had a ton of data that included latitude, longitude, received power from a cell tower, and the data from the cell tower. This data was thrown at QGIS, an open source Geographic Information System package, revealing a heatmap with the probable locations of cell towers highlighted in red.
This device really isn’t a tool to detect only rogue cell towers – it finds all cell towers. Differentiating between a rogue and legitimate tower still takes a bit of work. If the heatmap shows a cell site on a fenced-off parcel of land with a big tower, it’s a pretty good bet that cell tower is legit. If, however, the heatmap shows a cell tower showing up on the corner of your street for only a week, that might be cause for alarm.
Future work on this cell site simulator detector will be focused on making it slightly more automatic – three or four of these devices sprinkled around your neighborhood would easily allow you to detect and locate any new cell phone tower. [Eric] might also tackle triangulation of cell sites with an RF-blocking dome with a slit in it revolving around the GSM900 antenna.