Doggy DVR Alarm Sensor

2014-01-05-13.22.20

[Martin] lives in a small village about 25km from his job in a major city. Occasionally his home alarm system will trip and he will rush home to make sure everything is okay. So he decided to buy a DVR system instead… and he turned his dog’s collar into one of the main sensors.

As you may know, DVR’s also have sensor inputs in addition to loads of video cameras. These can be very handy to tell you other things that a small video clip will not, such as moisture, humidity, temperature etc. [Martin's] DVR has 8 sensor inputs which he has configured to be the normally open type of sensors. By using a Sharp 817 optocoupler and a Funky v3 wireless module he made one of the sensor inputs wireless.

On the other end of the Funky wireless setup is a Kinder Surprise shell attached to his dog’s collar. In addition to the wireless module, it also contains a rudimentary 2-axis shock sensor consisting of a small spring that floats over a metal pin — when moved violently (when the dog is running about) it makes contact and [Martin's] DVR alerts him by email and sends him pictures from the system.

He suspects he’ll be getting lots of pictures of the dog getting spooked by cats wandering by.

Key Cutting with a CNC Mill

key2_zpsc260d079

Keys cost like what, $2 to copy at a locksmith? But where’s the fun in that? Here’s an easy way to cut your own keys using a CNC mill!

[Bolsterman] now “works” for a real estate company that rents out various properties. Whenever someone moves out, the locks need to be changed ASAP. They use Schlage locks, which can be re-keyed to any pin combination. New keys are typically cut with a punch or a key cutting machine — he actually had one years ago, but got rid of it. Not wanting to buy a new one for his new job at the real estate company, he decided to see how hard it would be to turn his small desktop CNC into his own personal key cutting machine.

All it took for [Bolsterman] to turn his mill into a key cutting machine was a 3/8th 90° countersink bit with the end ground to a flat approximately 0.055″ across (0.035″ is the width of a factory key, but a bit of leeway makes it easier to make the key). Then you simply zero the mill off of the shoulder of the key, and using the handy Schlage pin chart (included in the original link), cut the grooves!

To automate all of this, [Torrie Fischer] created a python script for generating the GCode  for keys based on [Bolsterman's] technique — it’s hosted over at Noisebridge’s Wiki — check it out!

But if all that seems like too much effort, you could just print a new key instead…

Gesture Based Security Lock

1

A team of students from Cornell University are looking into alternative ways of creating a security system that can be locked or unlocked by using physical gestures in an enclosed space.

It is the final year project for [Ankur], [Darshan] and [Saisrinivasan] in their MEng of Electrical and Computer Engineering. The system prototype is capable of recording a gesture and then comparing the gesture with future gestures to lock or unlock the system. Consider it like a secret handshake to get into the office!

To analyze the gesture they are using four SparkFun proximity sensors setup in a linear array to sense the distance a hand is moved. An ATMega1284P is used to convert the analog sensor signal to digital for further processing. The project is extremely well documented, as it appears to be the final report for the project.

A short video after the break shows off the prototype and gives a good explanation of how the system works.

[Read more...]

Chameleon Emulates Contactless Smart Cards

chameleon

Researchers at Ruhr University of Bochum in Germany have been busy working with RFID and related devices for quite some time now. They call the fruit of their labors Chameleon, a versatile Contactless Smart Card Emulator. Contactless Smart Cards are RFID style devices that also contain a smart card style memory. These cards are often used for payment, replacing mag strip style credit cards. Philips MIFARE Classic cards are a common example of contactless smart cards. The Chameleon is set up to emulate any number of cards using the common 13.56MHz frequency band. Adding a new card is as simple as loading up a new CODEC  and application to the firmware. Currently Chameleon can emulate MIFARE cards using the ISO14443A.

The Chameleon is completely open source, and can be built for around $25 USD. The heart of the system is an Atmel ATxmega192A3 microcontroller. The 192 is a great microcontroller for this task because it contains hardware accelerators for both DES and AES-128. An FTDI USB interface chip is used to provide an optional communication link between a host computer and the ATxmega. The link can be used for debugging, as well as manipulating data in real-time. A host PC is not necessary for use though – the Chameleon will operate just fine as a stand alone unit. We definitely like this project – though we’re going to be doubling down on the shielding in our RF blocking wallets.

Ambient Computer Noise Leaks Your Encryption Keys

RSA Key extraction

[Daniel, Adi, and Eran], students researchers at Tel Aviv University and the Weizmann Institute of Science have successfully extracted 4096-bit RSA encryption keys using only the sound produced by the target computer. It may sound a bit like magic, but this is a real attack – although it’s practicality may be questionable. The group first described this attack vector at Eurocrypt 2004. The sound used to decode the encryption keys is produced not by the processor itself, but by the processor’s power supply, mainly the capacitors and coils. The target machine in this case runs a copy of GNU Privacy Guard (GnuPG).

During most of their testing, the team used some very high-end audio equipment, including Brüel & Kjær laboratory grade microphones and a parabolic reflector. By directing the microphone at the processor air vents, they were able to extract enough sound to proceed with their attack. [Daniel, Adi, and Eran] started from the source of GnuPG. They worked from there all the way down to the individual opcodes running on the x86 processor in the target PC. As each opcode is run, a sound signature is produced. The signature changes slightly depending on the data the processor is operating on. By using this information, and some very detailed spectral analysis, the team was able to extract encryption keys. The complete technical details of the attack vector are available in their final paper (pdf link).

Once  they had the basic methods down, [Daniel, Adi, and Eran] explored other attack vectors. They were able to extract data using ground fluctuations on the computers chassis. They even were able to use a cell phone to perform the audio attack. Due to the cell phone’s lower quality microphone, a much longer (on the order of several hours) time is needed to extract the necessary data.

Thankfully [Daniel, Adi, and Eran] are white hat hackers, and sent their data to the GnuPG team. Several countermeasures to this attack are already included in the current version of GnuPG.

Google Security Certificates Forged

Chain of Trust

Recently, Google discovered that a certificate authority (CA) issued forged certificates for Google domains. This compromises the trust provided by Transport Layer Security (TLS) and Secure HTTP (HTTPS), allowing the holder of the forged certificates to perform a man-in-the-middle attack.

To validate that the website you’re visiting is actually who they claim to be, your browser ensures that the certificate presented by the server you’re accessing was signed by a trusted CA. When someone requests a certificate from a CA, they should verify the identity of the person making the request. Your browser, and operating system, have a set of ultimately trusted CAs (called root CAs). If the certificate was issued by one of them, or a intermediate CA that they trust, you will trust the connection. This whole structure of trust is called a Chain of Trust.

With a forged certificate, you can convince a client that your server is actually http://www.google.com. You can use this to sit between a client’s connection and the actual Google server, eavesdropping their session.

In this case, an intermediate CA did just that. This is scary, because it undermines the security that we all rely on daily for all secure transactions on the internet. Certificate pinning is one tool that can be used to resist this type of attack. It works by associating a host with a specific certificate. If it changes, the connection will not be trusted.

The centralized nature of TLS doesn’t work if you can’t trust the authorities. Unfortunately, we can’t.

SkyJack: A Drone to Hack All Drones

skyjack

Quadcopters are gradually becoming more affordable and thus more popular; we expect more kids will unwrap a prefab drone this holiday season than any year prior. [Samy's] got plans for the drone-filled future. He could soon be the proud new owner of his own personal army now that he’s built a drone that assimilates others under his control.

The build uses a Parrot AR.Drone 2.0 to fly around with an attached Raspberry Pi, which uses everybody’s favorite Alfa adapter to poke around in promiscuous mode. If the SkyJack detects an IEEE-registered MAC address assigned to Parrot, aircrack-ng leaps into action sending deauthentication requests to the target drone, then attempts to take over control while the original owner is reconnecting. Any successfully lassoed drone doesn’t just fall out of the sky, though. [Samy] uses node-ar-drone to immediately send new instructions to the slave.

You can find all his code on GitHub, but make sure you see the video below, which gives a thorough overview and a brief demonstration. There are also a few other builds that strap a Raspberry Pi onto a quadcopter worth checking out; they could provide you with the inspiration you need to take to the skies.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 91,389 other followers