LayerOne, the first level of security. [Brian Benchoff] and I are excited to take part in our first LayerOne conference this Saturday and Sunday in Monrovia California.
Anyone in the Los Angeles area this weekend needs to get out of whatever they have planned and try out this conference that has a soul. Get the idea of a mega-con out of your head and envision a concord of highly skilled and fascinating hackers gathering to talk all things computer security. Speakers will cover topics like researching 0day exploits, copying keys from pictures taken in public, ddos attacks, social engineering, and more.
It’s not just talks, there is a ton of hands-on at LayerOne as well. I plan to finally try my hand at lock picking. Yep, I’ve covered it multiple times and we’ve even had a session led by [Datagram] at the Hackaday 10th Anniversary but I’ve never found time to give it a roll. Of course electronics are my game and [Brian] and I will both be spending a fair amount of time in the hardware hacking village. We’ll have a bunch of dev boards along with us if you want to try out an architecture with which you’re unfamiliar. This year’s LayerOne badges are sponsored by Supplyframe; we’ll have something in store for the best badge hacks we see during the weekend.
See you there!
Getting past a locked door is easy if you have the right tools. It’s just a matter of knowing how to adjust the pins inside to an even level while turning the mechanism at the same time when everything is perfectly in place. That’s the beauty of a bump key. You never have to see the actual key or what it looks like. And with a simple hit to the back of the key, and bumping it just enough, the lock can magically be opened.
Lock picking items like this can be ordered online for a couple of dollars, or as [Jos Weyers] and [Christian Holler] showed in a recent Wired article, alternatively you can print your own at home. The video of these 3D printed keys (which can be viewed below) attempts to prove that a person can unlock a door with plastic, which was a little bit surprising to us because it seems like the edges would break off right away. But as it turns out, a thin plastic bump key can be made and does function. Not sure how long these keys can last though, but sometimes all you really need is a one time use when trying to open a specific, tricky lock.
As the article states, “Weyers and Holler aren’t trying to teach thieves and spies a new trick for breaking into high-security facilities; instead, they want to warn lockmakers about the possibility of 3-D printable bump keys so they might defend against it.” Although this information is geared towards lockmakers, we see our Hackaday readers finding this data useful as well. Organizers of hackerspaces who hold regular lock-picking events might want to print their own keys and teach classes centered around security. The uses for this are boundless in regards to educating the public about how locks truly work.
Continue reading “3D Printed Bump Keys”
Let’s start off with some lock picking. Can you be prosecuted if it was your bird that broke into something? Here’s video of a Cockatoo breaking into a puzzle box as part of an Oxford University study. [Thanks Ferdinand via Endandit]
[Augybendogy] needed a vacuum pump. He headed off to his local TechShop and machined a fitting for his air compressor. It uses the Venturi Effect to generate a vacuum.
Build your own Arduino cluster using this shield designed by [Bertus Kruger]. Each shield has its own ATmega328. Many can be stacked on top of an Arduino board, using I2C for communications.
[Bunnie Huang] has been publishing articles a few articles on Medium called “Exit Reviews”. As a treasured piece of personal electronics is retired he pulls it apart to see what kind of abuse it stood up to over its life. We found his recent article on his Galaxy S II quite interesting. There’s chips in the glass, scuffs on the bezel, cracks on the case, and pervasive gunk on the internals.
We’d love to see how this this paper airplane folder and launcher is put together. If you know of a post that shares more details please let us know.
Squeezing the most out of a tiny microcontroller was a challenge. But [Jacques] reports that he managed to get a PIC 10F322 to play a game of Pong (translated). It even generates an NTSC composite video signal! Watch the demo video here.
Can anyone argue against this being the least-secure hotel room lock on the market? Regular readers will recognize it as an Onity key card lock. A few months back a glaring flaw in the security was exposed that allows these locks to be opened electronically in less than a second. So we are not surprised to hear that a series of hotel room robberies in Houston are suspected to have been performed using this technique.
The image above is from a demonstration video we saw back in October. That hack used an Arduino-compatible chip inside of a dry erase marker as an end-run around the lock’s electronics. It reinforced the warning sound by [Cody Brocious] when he presented the exploit at this year’s Blackhat conference. The barrel jack on the outside of the door lock doubles as a 1-wire communications port and that is how an attacker can gain access. Investigators can find no other means of entry for these thefts.
We applaud one of the victims in this story. At the end of the article she is asked if the information about the Onity flaw should have been kept secret. She said that if there’s a vulnerability that’s not being fixed people have a right to know about it. Bravo [Janet Wolf]!
Emf Electromagnetic Field Camp is a three-day camping festival for people with an inquisitive mind or an interest in making things: hackers, geeks, scientists, engineers, artists, and crafters.
There will be people talking about everything from genetic modification to electronics, blacksmithing to high-energy physics, reverse engineering to lock picking, crocheting to carpentry, and quadcopters to beer brewing. If you want to talk, there’ll be space for you to do so, and plenty of people who will want to listen.
EMF is a volunteer effort by a non-profit group, inspired by European and US hacker camps like CCC, HAR, and toorcamp. This year on Friday 31st August – Sunday 2nd September 2012 Will hold the first Uk meeting of its kind.
Events and activities will run throughout the day and into the evening, everything else (chats, debates, impromptu circus performances, orbital laser launches) will run as long as your collective energy lasts.
The Event is to be held at Pineham Park, Milton Keynes, UK.
As a Hackaday viewer you can get discounted tickets.
The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.
The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.
We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?
Here’s the white paper on the exploit as well as the slides from his talk (PDF).
This year’s LayerOne Hacking and Security Conference is right around the corner. But it’s not too late to attend. You can still get a block-rate hotel room if you register by the end of April, and registration for the two-day event only costs a hundred bucks. It’s scheduled for May 26th and 27th in Anaheim California.
As usual, the Speaker lineup is quite impressive. Everything from Android Malware to embedded exploits and botnet adventures will be discussed. And then there’s the perennial favorite lock picking and hardware hacking villages. Did we mention badges? We’d bet it was this pick-and-place machine which helped assemble this year’s pile of badges. We haven’t seen any word on what they might include, but there’s a hacking contest so plan to pack your tools.