Dry erase marker opens all hotel room doors

If you’re carrying around an exposed circuit board and a bunch of wires people are going to notice you. But a dry erase marker won’t turn any heads. And this one holds its own little secret. It acts as a master key for hotel room door locks.

This is really more of a repackaging hack. The exploit is already quite well-known. The Onity brand of key card locks most commonly used in hotels have a power jack on the bottom that doubles as a 1-wire communications port. The first published proof of concept used an Arduino board and a simple adapter to unlock any door in under one second. Now that hardware has been reduced in size so that it fits in the hollow shell of a dry erase marker. Even better, the felt tip has been replaced with the appropriately sized barrel jack. Check out the ultra-fast and inconspicuous use of it after the break. We think using this is no more obvious than actually having the key card.

[Read more...]

Facedancer board lets your Python programs pretend to be USB hardware

This is the prototype board for [Travis Goodspeed's] new USB development tool called the Facedancer. He took on the design with USB security exploits in mind, but we think it’s got a lot of potential for plain old development as well.

Kudos on the [Frank Herbert] reference when naming the project. Like the characters from the Dune mythology that can perfectly mimic any person they touch, this device let’s you mimic whatever you can imagine. One the USB ports connects to the victim (or host) the other connects to a development machine. Python can then be used to send USB commands in real time. Think of this as doing the same thing the Bus Pirate does for SPI and i2c, except that it’s doing it on the USB protocol itself. This way you can feel your way through all of the road-bumps of developing a new device (or testing an exploit) without the need to continually compile and flash your hardware.

Sony Google TV devices running unsigned kernels

The proud cry of “I am root” rings true once again, this time on Sony Google TV devices. Although a low-level exploit was found on previous firmware versions, a downgrade process lets you run unsigned kernels on updated TV or Bluray models of the Internet streaming devices.

These systems are Android-based, which currently run version 3.1 Honeycomb. This version patches the previous exploit, but with three different USB sticks you can downgrade, exploit, and upgrade to an altered and unsigned hack of the most recent kernel. This gives you the root access you may have been longing for, but other than the features discussed in the forum thread there’s not a whole lot of changes rolled into the exploit yet.

We’re always looking out for open source projects running on living-room devices and hope that someday we’ll see a branch of XBMC for the GTV. Until then we’ll just have to keep our fingers crossed for the viability of a RaspberryPI XBMC.

The future of cyberattacks

[Dino A. Dai Zovi] gave a talk in the earlier part of 2010 where he shares his thoughts on the future of malicious exploits. You can watch it on Ustream and he’s also posted a set of slides (PDF) that goes along with it. We find the 48 minute video to be quite interested. Instead of going into mundane detail, he covers the broader picture; what has been done in the past, what will happen in the future, and how are we currently ill-equipped to respond to future threats? That last question is covered throughout the video, but seems to come back to the concept that we are stuck in a rut of terminology and past practice that is impeding our ability to innovate security strategies at the same rate that the bad guys are coming up with the next nasty thing to come down the pipeline.

The new Apple TV

You’ve probably already heard about the Apple TV 2. It retails for $99 and packs a punch with HD video, optical audio, and WiFi in that tiny package. But as always, we like it for its hackability. Even though it’s just starting to ship, the hacks are already rolling in. The firmware is available from Apple’s servers and has already been unlocked with the yet-to-be-release SHAtter exploit. [Das_coach] even sent us a link to a video of the new Frontrow ported for the iPod touch (embedded after the break).

But the holy grail has to be XBMC. We’ve seen it on the first generation Apple TV and it was good. The second generation switches to the A4 processor which is an ARM Cortex-A8. Not quite as easy to port for as the Intel chip on the first generation was. But there is hope, one of the 2010 Google Summer of Code projects worked to port XBMC to another ARM device, it’s just a matter of inspiring some developers to take on the quest to make it happen. We can’t wait for the day that we can just velcro one of these to the back of our TV and be done with it, that first generation Xbox isn’t going to last forever.

[Read more...]

DRM causes vulnerabilities

This image is from Microsoft's DRM page.

We often hear people touting the evilness of DRM, but usually they are talking about the idea of ownership. In this case, DRM is actually causing harm. It turns out that Microsoft’s msnetobj.dll, which is supposed to enforce DRM on your computer, stopping you from doing certain things like saving files you don’t “own” is open to 3 attacks.  Vulnerable to buffer overflow, integer overflow, and denial of service, this sucker is riddled with issues.

The vulnerabilities in this file aren’t groundbreaking. Buffer overflow is a common method to get to many systems. The problem here, according to some commenters at BoingBoing, is the fact that this DLL is called every time you open a media file.

[via BoingBoing]

PSGroove on a PIC microcontroller

There’s now a method of using PIC microcontrollers to exploit the PlayStation 3. This is centered around a PIC 18F2550 which has been popular in past hacks because of its built-in USB serial port. This again makes use of the PSGroove open source exploit code and, like the TI calculator version, seeks to expand the selection of hardware the code runs on.

In addition to the chip and a PIC programmer you’ll need the CCS compiler as others cannot successfully compile this code. A licensed copy is necessary because the demo version of the CCS compiler doesn’t support this particular chip. Add to that the fact that because of the timing it may take several tries to achieve the exploit and you may find yourself disappointed by this development. But there’s always room for improvement and this is a proven first step on the new architecture.

[Thanks das_coach via PS3Hax via Elotrolado]


Get every new post delivered to your Inbox.

Join 94,037 other followers