THP Semifinalist: Secure Your Internets with Web Security Everywhere

[Arcadia Labs] has created a great little device in Web Security Everywhere, a semifinalist in The Hackaday Prize. At the center of it all is UnJailPi, a Raspberry Pi device which can act as a secure router between a protected network and the unprotected internet. UnJailPi can create OpenVPN and Tor connections on the fly from its touch screen interface. The full details are right up on [Arcadia’s] Hackaday.io project page.

One of the most amazing things about the project is its creator, [Arcadia Labs]. [Arcadia] started from square one learning python just 1 year ago. Since then he’s become a proficient python coder, and created UnJailPi’s  entire user interface with pygame.

[Arcadia] is also working with simple hand tools. He has no access to the CNC routers, 3D printers, or milling machines used in many of the projects we see here on Hackaday. All the work on UnJailPi’s acrylic case was done with a handsaw, a file, and a heck of a lot of patience.

Currently [Arcadia’s] biggest hurdle is finding a good power supply for his project. UnJailPi is designed to work both on AC or an internal battery. His current power circuit throws off enough heat that the Raspberry Pi resets while the battery is charging.

We’re sure [Arcadia] will figure out his power issues, but if you have any suggestions, leave a comment here, or head over to the project page and let him know!


SpaceWrencherThe project featured in this post is a semifinalist in The Hackaday Prize.

Arduino-Powered Alarm System Has All The Bells And Whistles

Put aside all of the projects that use an Arduino to blink a few LEDs or drive one servo motor. [IngGaro]’s latest project uses the full range of features available in this versatile microcontroller and has turned an Arduino Mega into a fully-functional home alarm system.

The alarm can read RFID cards for activation and control of the device. It communicates with the front panel via an I2C bus, and it can control the opening and closing of windows or blinds. There is also an integrated GSM antenna for communicating any emergencies over the cell network. The device also keeps track of temperature and humidity.

The entire system can be controlled via a web interface. The Arduino serves a web page that allows the user full control over the alarm. With all of that, it’s hard to think of any more functionality to get out of this tiny microcontroller, unless you wanted to add a frickin’ laser to REALLY trip up the burglars!

Stupid Security In A Security System

alarm

[Yaehob]’s parents have a security system in their house, and when they wanted to make a few changes to their alarm rules – not arming the bathroom at night – an installer would come out, plug a box into the main panel, press a few buttons, and charge 150 €. Horrified at the aspect of spending that much money to flip a few bits, [yaehob] set out to get around the homeowner lockout on the alarm system, and found security where he wasn’t expecting.

Opening the main panel for the alarm system, [yaehob] was greeted with a screeching noise. This was the obvious in retrospect tamper-evident seal on the alarm box, easily silenced by entering a code on the keypad. The alarm, however, would not arm anymore, making the task of getting ‘installer-level’ access on the alarm system a top priority.

After finding a DE-9 serial port on the main board, [yaehob] went to the manufacturer’s website thinking he could download some software. The website does have the software available, but only for authorized distributors, installers, and resellers. You can register as one, though, and no, there is no verification the person filling out a web form is actually a distributor, installer, or reseller.dist

Looking at the installer and accompanying documentation, [yaehob] could see everything, but could not modify anything. To do that would require the installer password, which, according to the documentation was between four and six characters. The system also responded quickly, so brute force was obviously the answer here.

After writing up a quick script to go through all the possible passwords, [yaehob] started plugging numbers into the controller board. Coming back a bit later, he noticed something familiar about what was returned when the system finally let him in. A quick peek at where his brute force app confirmed his suspicions; the installer’s code was his postal code.

From the installer’s point of view, this somewhat makes sense. Any tech driving out to punch a few numbers into a computer and charge $200 will always know the postal code of where he’s driving to. From a security standpoint, holy crap this is bad.

Now that [yaehob]’s parents are out from under the thumb of the alarm installer, he’s also tacked on a little bit of security of his own; the installer’s code won’t work anymore. It’s now changed to the house number.

DEFCON: Blackphone

Despite being full of techies and people doing interesting things with portable devices, you don’t want to have an active radio on you within a quarter-mile of DEFCON. The apps on your phone leak personal data onto the Internet all the time, and the folks at DEFCON’s Wall Of Sheep were very successful in getting a few thousand usernames and passwords for email accounts.

Blackphone is designed to be the solution to this problem, so when we ran into a few members of the Blackphone crew at DEFCON, we were pretty interested to take a quick peek at their device.

The core functionality for the Blackphone comes from its operating system called PrivatOS. It’s a fork of Android 4.4.2 that is supposed to seal up the backdoors found in other mobile phones. There’s also a bundle of apps from Silent Circle that give the Blackphone the ability to make encrypted phone calls, texts (with file sharing), and encrypted and password protected contact lists.

The hardware for the Blackphone is pretty impressive; a quad-core Nvidia Tegra provides all the power you need for your apps, video, and playing 2048, a 2000mAh battery should provide enough juice to get you through a day or two (especially since you can turn off cores), and the usual front/rear cameras, GPS, 802.11bgn and GSM and HSPA+/WCDA radios means this phone will be useable on most networks.

The ChipWhisperer At Defcon

We’ve seen [Colin]’s entry to The Hackaday Prize before. After seeing his lightning talk at Defcon, we had to get an interview with him going over the intricacies of this very impressive piece of hardware.

The ChipWhisperer is a security and research platform for embedded devices that exploits the fact that all security measures must run on real hardware. If you glitch a clock when a microcontroller is processing an instruction, there’s a good probability something will go wrong. If you’re very good at what you do, you can simply route around the code that makes up the important bits of a security system. Power analysis is another trick up the ChipWhisperer’s sleeve, analyzing the power consumption of a microcontroller when it’s running a bit of code to glean a little information on the keys required to access the system. It’s black magic and dark arts, but it does work, and it’s a real threat to embedded security that hasn’t had an open source toolset before now.

Before our interview, [Colin] did a few short and sweet demos of the ChipWhisperer. They were extraordinarily simple demos; glitching the clock when a microcontroller was iterating through nested loops resulted in what can only be described as ‘counter weirdness’. More advanced applications of the ChipWhisperer can supposedly break perfectly implemented security, something we’re sure [Colin] is saving for a followup video.

You can check out [Colin]’s 2-minute video for his Hackaday Prize entry below.

Continue reading “The ChipWhisperer At Defcon”

EFF Launches Open Router Firmware

Open Wireless Movement logo

The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.

We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.

Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.

The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.

Homebrew NSA Bugs

NSA

Thanks to [Edward Snowden] we have a huge, publicly available catalog of the very, very interesting electronic eavesdropping tools the NSA uses. Everything from incredibly complex ARM/FPGA/Flash modules smaller than a penny to machines that can install backdoors in Windows systems from a distance of eight miles are available to the nation’s spooks, and now, the sufficiently equipped electronic hobbyist can build their own.

[GBPPR2] has been going through the NSA’s ANT catalog in recent months, building some of the simpler radio-based bugs. The bug linked to above goes by the codename LOUDAUTO, and it’s a relatively simple (and cheap) radar retro-reflector that allows anyone with the hardware to illuminate a simple circuit to get audio back.

Also on [GBPPR2]’s build list is RAGEMASTER, a device that fits inside a VGA cable and allows a single VGA color channel to be viewed remotely.

The basic principle behind both of these bugs is retroreflection, described by the NSA as a PHOTOANGLO device. The basic principle behind these devices is a FET in the bug, with an antenna connected to the drain. The PHOTOANGLO illuminates this antenna and the PWM signal sent to the gate of the FET modulates the returned signal. A bit of software defined radio on the receiving end, and you have your very own personal security administration.

It’s all very cool stuff, but there are some entries in the NSA catalog that don’t deal with radio at all. One device, IRATEMONK, installs a backdoor in hard drive controller chips. Interestingly, Hackaday favorite and current Hackaday Prize judge [Sprite_TM] did something extremely similar, only without, you know, being really sketchy about it.

While we don’t like the idea of anyone actually using these devices, the NSA ANT catalog is still fertile ground for project ideas.

Continue reading “Homebrew NSA Bugs”