[Dan] set up this simple cell phone hack to disable his microphone when he’s not using his cell phone. He had read that the government can listen to you using your cell phone, even when it is off. This concerned him enough to hack into his phone. He removed the expansion port and wired the microphone to a magnetic reed switch. A strong magnet located in the screen side of his flip phone opens the circuit when he closes the phone. He notes that you could always just pop the battery out of your phone, but then you are left completely disconnected. This mod allows you to still receive phone calls.
Maybe you don’t want that one person that has barged into your life to know your private phone number? Could be a salesperson or a co-worker who you aren’t that impressed with, but have to get in contact with. Check out inumbr.
inumbr is a free online service that gives US users the ability to set up a unique phone number, have it forwarded to any number within the US and then have it set to expire without a trace when finished with it. The unique inumbr’s are never reused, and can be extended if longer terms are required. Users choose from a list of 22 area codes from major US cities like Chicago, Los Angeles and New York, select an expiry date and set a number that it should be forwarded to. When the term is up, the number is expired from the system, and never used again for any other user. If you wish to use the number at a later date, you can log into the inumbr system and reactivate it.
As we are becoming more and more mobile and security conscious, the desire for these types of services grows. A phone number can now be given out at will, with security and privacy remaining intact. Google Voice is a major player in this arena. A somewhat similar service, they allow for a unique number with voice mail to forward to other numbers at will, creating a masked or unidentified private number that can be used to give out to 3rd parties. inumbr makes this process simpler with the ability to cut off and reactivate numbers as desired.
We’ve covered this sort of thing before, but there is something to be said for the simplicity of this tiny GSM alarm system by [trax]. The alarm system is designed to send the owner a text message when a sensor is triggered. This alarm only works with Siemens phones, but it shouldn’t be too hard to find one. The alarm is configured via a dip switch on the board and can also be armed and disarmed by text. The brains of this system is a PIC16F84A. The code and schematics are included at the bottom of the page.
With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.
Hardware Keylogger solutions has released the plans and files for their wireless logger. It has a range of about 50 yard between the transmitting dongle and the receiver. It is based around an Atmel AT91SAM7S64 and the PCB is pretty tiny. In case you hadn’t noticed yet, they sell them as well. The cool thing about this is that key data is transmitted in real time, allowing you to see it as it happens instead of having to go retreive the log physically like you used to.
Maxim’s iButtons, which are small ICs in button-sized disks, are starting to show up in more and more places. They have a range of uses, from temperature loggers to identification, and all use the 1-wire protocol to communicate. Over a furrtek, they hacked an iButton used for buying things from vending machines and created an infinite money cheat. They built a small rig based on the ATmega8 to read and write data to the chip. The data was encrypted, so it wasn’t feasible to put an arbitrary amount on the card. Instead, they used a similar technique to the Boston subway hack and restored a previous state to the iButton after something was bought. They also created a hand-held device to backup and restore the contents of a button for portable hacking.
Lifehacker wrote a guide for cracking a WiFi network’s WEP password using BackTrack. BackTrack is a Linux live CD used for security testing and comes with the tools needed to break WEP. Not just any wireless card will work for this; you need one that supports packet injection. The crack works by collecting legitimate packets then replaying them several times in order to generate data. They point out that this method can be hit-or-miss, especially if there are few other users on the network, as the crack requires authenticated packets. We covered cracking WEP before, but using BackTrack should smooth out compatibility issues.
With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely. Conficker attempts to patch the MS08-067 vulnerability during infection. A flaw in the patch causes the machine to respond differently than both an unpatched system and an officially patched system. Using this knowledge, the team developed a proof of concept network scanner in python to find infected machines. You can find it in [Rich Mogull]’s initial post. [Dan Kaminisky] has packaged it as an EXE and has instructions for how to build the SVN version of Nmap, which includes the new signature. Other network scanner vendors are adding the code as well.
In conjunction with this detection code, the team has also released the whitepaper Know Your Enemy: Containing Conficker. It discusses ways to detect, contain, and remove Conficker. They’ve combined this with a tool release that covers Conficker’s dynamic domain generation among other things.
Researchers from Inverse Path showed a couple interesting techniques for sniffing keystrokes at CanSecWest. For their first experiments they used a laser pointed at the shiny back of a laptop. The keystrokes would cause the laptop to vibrate which they could detect just like they would with any laser listening device. They’ve done it successfully from anywhere between 50 to 100 feet away. They used techniques similar to those in speech recognition to determine what sentences were being typed.
In a different attack, they sniffed characters from a PS/2 keyboard by monitoring the ground line in an outlet 50 feet away. They haven’t yet been able to collect more than just single strokes, but expect to get full words and sentences soon. This leakage via power line is discussed in the 1972 Tempest document we posted about earlier. The team said it wasn’t possible with USB or laptop keyboards.
Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.
