We live in a connected world where social media is ubiquitous and many people feel compelled to share every waking moment with anyone who will listen. In this type of world, wearable computers like Google Glass allow us to share experiences like never before. A Glass user can take photos, record video and audio, or potentially even stream video live on the Internet with the greatest of ease. That might be great for the Glass user, but what about the rest of us? As wearable computing becomes more and more mainstream, people are naturally going to become divided on the issue of privacy. Is it a good thing to have “cyborgs” with wearable computers and cameras constantly at the ready, or is it a privacy nightmare? The cyborg war is coming, and [Julian] has already chosen his side.
It would seem that [Julian] lands on the side of the privacy advocates, based on his “glasshole” script. Glasshole is a relatively simple bash script that relies on some other common network security tools to take care of the heavy lifting. The basic premise relies on the fact that every manufacturer of network interface devices is assigned their own MAC prefix. This is a piece of the MAC address that is unique to that manufacturer.
[Julian’s] script uses a utility called arp-scan to obtain a list of all MAC addresses on a given wireless network. It then loops through each address and compares it to the known Google Glass MAC prefix. If it finds a match, it will make an audible beeping noise to alert the script user. The script then launches aireplay-ng in de-authentication mode. This will send spoofed disassociate packets to the client (in this case the Google Glass device), hopefully forcing them to disconnect from the access point. The script runs continuously, ensuring that once the device reconnects to the network it will get booted off once again. The script is designed to be run on a small Linux computer such as a Raspberry Pi or a BeagleBone black. This way, the user can carry it around with them as a sort of portable defense mechanism.
How do you fit into the cyborg war? Will you stand proudly with your computer on your face for all to see? If so, what kind of countermeasures would you deploy to prevent this type of attack from working on you? If not, what other types of interesting attacks can you think of to keep the cyborgs at bay?
We have friends watch the cats when we go out-of-town. But we always leave a server running with a webcam (motion activated using the Linux “motion” software) so we can check in on them ourselves. But this project may inspire a change. It leverages the features of a Carambola2 to capture images and upload them to Dropbox.
In the picture above the green PCB is a development board for the tiny yellow PCB which is the actual Carambola2. It is soldered on the dev board using the same technique as those HC-05 Bluetooth modules. That shielded board includes a Qualcomm SoC running Linux and a WiFi radio. The dev board feeds it power and allows it connect to the USB webcam.
There’s a bit of command line kung-fu to get everything running but it shouldn’t be out of reach for beginners. Linux veterans will know that taking snapshots from a webcam at regular intervals is a simple task. Uploading to a secure cloud storage site is not. A Bash script handles the heavy lifting. It’s using the Dropbox Application API so this will not violate their TOS and you don’t have to figure out your own method of authenticating from the command line.
[Vasilis] works at CERN, and like any large organization that invented the World Wide Web, they take computer security pretty seriously. One ‘feature’ the IT staff implemented is locking the desktop whenever the screen saver runs. When [Vasilis] is in his office but not at his battlestation, the screen saver invariably runs, locking the desktop, and greatly annoying [Vasilis].
The usual Hackaday solution to this problem would be a complex arrangement of RFID tags, webcams, and hundreds, if not thousands of lines of code. [Vasilis] came up with a much better solution: have the computer ping his phone over Bluetooth. If the phone is detected by the computer, kill the screen saver.
The code is up on Github. It’s not much – just 20 lines of a Bash script – but it’s just enough to prevent the aggravation of typing in a password dozens of times a day.
Get serious about your shell scripting skills and maybe you can pull this one off. It’s a game of snake played in a BASH shell. It seems like a coding nightmare, but the final product turns out to be organized well enough for us to understand and took less than 250 lines of code.
[Martin Bruchanov] started on the project after pining for an old DOS game called Housenka. It’s another version of the classic Snake game which we’ve coded ourselves and seen in several projects including this head-to-head version using musical recorders as controllers. When using a terminal emulator capable of ANSI sequences the game is displayed in color using extended characters.
We give [Martin] bonus points for the way he wrote about his project. It describes the mechanics most would be interested in, like how the user input is captured and what drives the update function and food generation. The rest of the details can be gleaned by reading through the code itself.
With so many uses for a Raspberry Pi in a headless configuration – especially with the impending release of the Raspi Model A – we’re surprised it has taken so long for someone to send in a way to create a custom message of the day that is displayed whenever you SSH into everyone’s favorite Linux board.
A MOTD is used by servers to display messages to new users, or simply system information for server admins. It’s a simple text file stored in /etc/motd, but with some proper beardly Unix wizardry it’s possible to display uptime, free memory, and even the weather wherever the Raspi is located.
[yanewby] over on the Raspberry Pi forums created a nice little MOTD that grabs weather data from the Internet and displays it alongside an ASCII rendering of the Raspberry Pi logo. Of course like everything in Unix, this MOTD can be modified to do just about anything, from checking your Twitter to sending a text message to your phone.
[Elliot] put together an intriguing proof-of-concept script that uses repeated deauthentication packet bursts to jam WiFi access points. From what we can tell it’s a new way to use an old tool. Aircrack-ng is a package often seen in WiFi hacking. It includes a deauthentication command which causes WiFi clients to stop using an access point and attempt to reauthenticate themselves. [Elliot’s] attack involves sending repeated deauthenitcation packets which in essence never allows a client to pass any data because they will always be tied up with authentication.
After the break you can see a video demonstration of how this works. The script detects access points in the area. The attacker selects which ones to jam and the script then calls the Aircrack-ng command. If you’ve got an idea on how to protect against this type of thing, we’d love to hear about. Leave your thoughts in the comments.
Continue reading “WiFi jamming via deauthentication packets”
[Joshua] has put together a list of BASH prompt customizations. The command prompt is used in a command-line interface to show that the system is ready for the next command. Often times this is nothing more than a user name, host name, and working directory:
[Joshua’s] customization examples can be used to color code the information in your prompt, change what information is displayed, and make the prompt respond differently when an invalid command is typed. A BASH prompt reference is helpful in deciphering what each of these commands do. The easiest simplification is to understand that non-printing characters (such as color codes) are surrounded in escaped square brackets. For example, line 1 is the sequence for Red, line 2 is the sequence for Dark Grey, and line 3 sets a simple prompt to display in Red and all text after that to be in Dark Grey:
Continue reading “Take command of your BASH prompt”