iOS keyboard exploit allows brute force iPad lock screen attack

iOS-external-keyboard-brute-force

It’s quite common to have a timed lockout after entering several bad passwords. This simple form of security makes automated brute force attacks unfeasible by ballooning the time it would take to try every possible permutation. The lock screen on iOS devices like iPad and iPhone have this built in. Enter your code incorrectly several times and the system will make you wait 1, 5, 15, and 60 minutes between entries as you keep inputting the wrong code. But there is an exploit that gets around this. [Pierre Dandumont] is showing off his hardware-based iPad lock screen attack in the image above.

He was inspired to try this out after reading about some Mac EFI attacks using the Teensy 3. That approach used the microcontroller to spoof a keyboard to try every PIN combination possible. By using the camera kit for iPad [Pierre] was able to do the same. This technique lets you connect wired keyboards to the iPad, but apparently not the iPhone. A bluetooth keyboard can also be used. These external keyboards get around the timing lockout associated with the virtual lockscreen keyboard.

We’re of the opinion that this is indeed a security vulnerability. If you forget your passcode you can simply restore the device to remove it. That wipes all of your personal data which can then be loaded from an iTunes backup. Lockscreens are paramount if a device is stolen. They will give you the time you need to change any online credentials which might be remembered by the device.

[Read more...]

Benchmarking USB transfer speeds

boards

[Paul Stoffregen], creator of the Teensy series of microcontroller dev boards, noticed a lot of project driving huge LED arrays recently and decided to look into how fast microcontroller dev boards can receive data from a computer. More bits per second means more glowey LEDs, of course, so his benchmarking efforts are sure to be a hit with anyone planning some large-scale microcontroller projects.

The microcontrollers [Paul] tested included the Teensy 2.0, Teensy 3.0, the Leonardo and Due Arduinos, and the Fubarino Mini and Leaflabs Maple. These were tested in Linux ( Ubuntu 12.04 live CD ), OSX Lion, and Windows 7, all running on a 2012 MacBook Pro. When not considering the Teensy 2.0 and 3.0, the results of the tests were what you would expect: faster devices were able to receive more bytes per second.  When the Teensys were thrown into the mix, though, the results changed drastically. The Teensy 2.0, with the same microcontroller as the Arduino Leonardo, was able to outperform every board except for the Teensy 3.0.

[Paul] also took the effort to benchmark the different operating systems he used. Bottom line, if you’re transferring a lot of bytes at once, it really doesn’t matter which OS you’re using. For transferring small amounts of data, you may want to go with OS X. Windows is terrible for transferring single bytes; at one byte per transfer, Windows only manages 4kBps. With the same task, Linux and OS X manage about 53 and 860 (!) kBps, respectively.

So there you go. If you’re building a huge LED array, use a Teensy 3.0 with a MacBook. Of course [Paul] made all the code for his benchmarks open source, so feel free to replicate this experiment.

Reverse engineering challenge starts off simple

img_20130326_102537

We love seeing hard-core firmware reverse engineering projects, but the number of hackers who can pull those off is relatively small. It’s possible to grow the ranks of the hacker elite though. A hackerspace is a great place to have a little challenge like this one. [Nicolas Oberli] put together a capture the flag game that requires the contestants to reverse engineer Teensy 3.0 firmware.

He developed this piece of hardware for the Insomni’hack 2013 event. It uses the Teensy 3.0 capacitive touch capabilities to form a nine-digit keypad with a character LCD screen for feedback. When the correct code is entered the screen will display instructions on how to retrieve the ‘flag’.

To the right you can see the disassembly of the .elf file generated by the Arduino IDE. This is what [Nicolas] gave to the contestants, which gets them past the barrier of figuring out how to dump the code from the chip itself. But it does get them thinking in assembly and eventually leads to figuring out what the secret code is for the device. This may be just enough of a shove in the right direction that one needs to get elbow deep into picking apart embedded hardware as a hobby.

[Read more...]

Meet the Teensy 3.0

[Paul Stoffregen], the brains behind the popular and very capable Arduino-compatible Teensy development board, has offered his contribution to the explosion of ARM-powered boards with the Teensy 3.0.

The original Teensy is an AVR-based development board that goes far beyond the official Arduino offerings. The new and improved Teensy 3.0 improves upon an already wonderful platform with a 32 bit ARM Cortex-M4 microcontroller running at 48 MHz. There’s also a lot of pins available for whatever project you have in mind: the Teensy 3.0 supports 14 analog inputs, 10 PWM outputs, a USB host mode, and an I2S audio interface that will be very useful when accessing the microcontroller’s DSP functions.

There are a couple neat features on the Teensy 3.0 [Paul] somehow managed to work in. In addition to supporting a real-time clock, there are also a few extra IO pins in the middle of the board. [Paul] says the extra pins are due to Kinetis not releasing a 48 pin version of the microcontroller in time for production. It may not be what [Paul] originally had in mind, but we’ll take the upgraded board just the same.

Of course the Teensy 3.0 will be compatible with the Teensyduino Arduino IDE add-on, so if you’d like to run your Arduino sketches on a very powerful piece of hardware, this will be the board to use.