Day: August 8, 2016

The Terrible Security Of Bluetooth Locks

August 8, 2016 by 53 Comments

Bluetooth devices are everywhere these days, and nothing compromises your opsec more than a bevy of smartphones, smart watches, fitbits, strange electronic conference badges, and other electronic ephemera we adorn ourselves with to make us better people, happier, and more productive members of society.

Bluetooth isn’t limited to wearables, either; deadbolts, garage door openers, and security systems are shipping with Bluetooth modules. Manufacturers of physical security paraphernalia are wont to add the Internet of Things label to their packaging, it seems. Although these devices should be designed with security in mind, most aren’t, making the state of Bluetooth smart locks one of the most inexplicable trends in recent memory.

At this year’s DEF CON, [Anthony Rose] have given a talk on compromising BTLE locks from a quarter-mile away. Actually, that ‘quarter mile’ qualifier is a bit of a misnomer – some of these Bluetooth locks are terrible locks, period. The Kwikset Kevo Doorlock – a $200 deadbolt – can be opened with a flathead screwdriver. Other Bluetooth ‘smart locks’ are made of plastic.

The tools [Anthony] used for these wireless lockpicking investigations included the Ubertooth One, a Bluetooth device for receive-only promiscuous sniffing, a cantenna, a Bluetooth USB dongle, and a Raspberry Pi. This entire setup can be powered by a single battery, making it very stealthy.

The attacks on these Bluetooth locks varied, from sniffing the password sent in plain text to the lock (!), replay attacks, to more advanced techniques such as decompiling the APK used to unlock these smart locks. When all else fails, brute forcing locks works surprisingly well, with quite a few models of smart lock using eight digit pins. Even locks with ‘patented security’ (read: custom crypto, bad) were terrible; this patented security was just an XOR with a hardcoded key.

What was the takeaway from this talk? Secure Bluetooth locks can be made. These locks use proper AES encryption, a truly random nonce, two factor authentication, no hard-coded keys, allow the use of long passwords, and cannot be opened with a screwdriver. These locks are rare. Twelve of the sixteen locks tested could be easily broken. The majority of Bluetooth smart locks are not built with security in mind, which, by the way, is the entire point of a lock.

[Anthony]’s work going forward will concentrate expanding his library of scripts to exploit these locks, and evaluate the Bluetooth locks on ATMs. Yes, ATMs also use Bluetooth locks. The mind reels.

Electroshock Timer Will Speed Up Every Game Of Settlers Of Catan

August 8, 2016 by 6 Comments

The fun of playing Settlers of Catan is only matched by the desire to punch your friend when their turn drags on with endless deliberating. [Alpha Phoenix] has solved that quandary of inefficient play by building the Settlers of Catan: Electroshock Therapy Expansion.

[Alpha Phoenix] is holding back on the details of the device to forestall someone trying this at home and injuring themselves or others, but there’s plenty to glean from his breakdown of how the device works. An Adafruit Trinket microcontroller connects to a single pole 12 throw switch — modified from a double pole six throw rotary switch — to select up to six different players (with the other six positions alternated in as pause spaces) and the shocks are delivered through a simple electrode made from a wire hot glued to HDPE plastic from a milk jug. The power supply is capable of delivering up to 1100V, but the actual output is much less than that, thanks to its built-in impedance of about 2.5M Ohms, as well as added resistance by [Alpha Phoenix].

To define what constitutes a ‘long turn,’ the Trinket calculates the mean of up to the first 100 turn lengths (instead of a static timer to accommodate for the relative skills of the players in each game) and zaps any offending player — and then repeatedly at a set time afterwards — to remind them that they need to pick up the pace.

Continue reading “Electroshock Timer Will Speed Up Every Game Of Settlers Of Catan”