Month: August 2019

This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More

August 23, 2019 by 12 Comments

Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and discovered a problem they call the KNOB attack, Key Negotiation Of Bluetooth.

This is actually one of the simpler vulnerabilities to understand. Randomly generated keys are only as good as the entropy that goes into the key generation. The Bluetooth specification allows negotiating how many bytes of entropy is used in generating the shared session key. By necessity, this negotiation happens before the communication is encrypted. The real weakness here is that the specification lists a minimum entropy of 1 byte. This means 256 possible initial states, far within the realm of brute-forcing in real time.

The attack, then, is to essentially man-in-the-middle the beginning of a Bluetooth connection, and force that entropy length to a single byte. That’s essentially it. From there, a bit of brute forcing results in the Bluetooth session key, giving the attacker complete access to the encrypted stream.

One last note, this isn’t an implementation vulnerability, it’s a specification vulnerability. If your device properly implements the Bluetooth protocol, it’s vulnerable.

CenturyLink Unlinked

You may not be familiar with CenturyLink, but it maintains one of the backbone fiber networks serving telephone and internet connectivity. On December 2018, CenturyLink had a large outage affecting its fiber network, most notable disrupting 911 services for many across the United States for 37 hours. The incident report was released on Monday, and it’s… interesting.
Continue reading “This Week In Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, And More”

Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised

August 23, 2019 by 83 Comments

It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.

The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.

With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.

The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.

Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised”

When Toothbrushes, Typewriters, And Credit Card Machines Form A Band

August 23, 2019 by 5 Comments

Many everyday objects make some noise as a side effect of their day job, so some of us would hack them into music instruments that can play a song or two. It’s fun, but it’s been done. YouTube channel [Device Orchestra] goes far beyond a device buzzing out a tune – they are full fledged singing (and dancing!) performers. Watch their cover of Take on Me embedded after the break, and if you liked it head over to the channel for more.

The buzz of a stepper motor, easily commanded for varying speeds, is the easiest entry point into this world of mechanical music. They used to be quite common in computer equipment such as floppy drives, hard drives, and flatbed scanners. As those pieces of equipment become outdated and sold for cheap, it became feasible to assemble a large number of them with the Floppotron being something of a high-water mark.

After one of our more recent mentions in this area, when the mechanical sound of a floppy drive is used in the score of a motion picture, there were definite signs of fatigue in the feedback. “We’re ready for something new” so here we are without any computer peripherals! [Device Orchestra] features percussion by typewriters, vocals by toothbrushes, and choreography by credit card machines with the help of kitchen utensils. Coordinating them all is an impressive pile of wires acting as stage manager.

We love to see creativity with affordable everyday objects like this. But we also see the same concept done with equipment on the opposite end of the price spectrum such as a soothing performance of Bach using the coils of a MRI machine.

[Thanks @Bornach1 for the tip]

Continue reading “When Toothbrushes, Typewriters, And Credit Card Machines Form A Band”

Easy Direction Finding Thanks To Quad SDRs

August 22, 2019 by 7 Comments

Direction finding has long been a pastime of the ham radio community. Fox hunts and other DF events have entertained many, as they swept their antennas hunting for a transmitter. As with rock and roll and flared pants, time changes all things, and [Corrosive] has been experimenting with a very modern way to go about direction finding with SDR.

The work is made possible through the use of Kerberos SDR, a device which is essentially four RTL-SDR radios operating in unison. By fitting these with the appropriate antennas and running the right calibrations, the hardware can be used as a powerful direction finding tool.

[Corrosive] demonstrates this ably, by fitting the rig to his car and driving around on the hunt for a transmitter. Hunting for a P25 control station, he demonstrates the configuration of the hardware to help find the FM modulated signal. The software part of the equation is integrated with GPS maps, so one can follow the bearing towards the signal source while data is collected. Over time, the software takes more samples until it builds up an expected location for the transmitter.

The setup is remarkably effective, and largely does all of the heavy lifting, leaving the user to simply handle driving the car. The heat mapping feature is also incredibly cool, and would look great in your next spy movie. We’ve featured Kerberos SDR before, and fully expect to see more great work on this platform. Video after the break.

Continue reading “Easy Direction Finding Thanks To Quad SDRs”

Qt Arrives For Small Computers

August 22, 2019 by 26 Comments

There was a time when writing embedded systems meant never having to deal with graphical user interfaces, and spending long hours trying to free up a dozen bytes of ROM to add a feature. Nowadays, an embedded system is likely to have a screen and what would have been a huge amount of memory even for a PC a scant decade ago. Qt has long been a popular choice for building software on desktop platforms, and — while not as popular — has even run on phones for a while. Now there’s Qt for MCUs which is clearly targeting the IoT market that everyone is trying to capture. You can see the glitzy video for the new product, below.

We generally like Qt, and the move recently has been towards an HTML-like markup language called QML instead of directly manipulating widgets. We guess that’s a good thing. However, Qt isn’t just for user interfaces. It provides a wide range of services in a straightforward way

Continue reading “Qt Arrives For Small Computers”

Temperature Logging On The Last Frontier

August 22, 2019 by 36 Comments

In Alaska, the impact of climate change is easy to see. Already the melting permafrost is shifting foundations and rocking roads. Hotter summers are also turning food caches from refrigerators into ovens.

A permanent food cache. Via Wikipedia

[rabbitcreek]’s friend builds food caches with kids as part of a program to teach them traditional native activities. Food caches are usually inside buried boxes or small cabins raised on poles. Both are designed to keep hangry bears out. As you might expect, monitoring the temperature at these remote sites is crucial, so the food doesn’t spoil. His friend wanted a set-and-forget temperature monitoring system that could collect data for eight months over the winter.

The Alaska Datalogger carried a pretty serious list of requirements. It has to be waterproof, especially as ice and snow turn to water. Ideally, it should sip power and have a long battery life anyway. Most importantly, it has to be cheap and relatively easy for kids to build.

This awesome little data spaceship is designed around an O-ring used in domestic water purifiers. The greased up O-ring fits between two 3D printed enclosure halves that are shut tight with nylon bolts. Two waterproof temperature probes extend from the case—one inside the cache and the other outside in the elements. It’s built around an Adafruit Feather Adalogger and powered by an 18650 cell. The data is collected by visiting the site and pulling the SD card to extract the text file. There’s really no other way because the sites are far out of cell coverage. Or is there?

Though it probably wouldn’t survive the last frontier, this self-sufficient weather station is a simple solution for sunnier situations.

UbaBOT Mixes Up 50 Cocktails To Quench CCCamp Thirst

August 22, 2019 by 11 Comments

[Steffen Pfiffner’s] tent during the Chaos Communication Camp is full of happiness delivered by something greater than alcohol alone. He’s brought a robot bartender that serves up a show while mixing up one of about 50 cocktail recipes.

The project is the work of five friends from Lake Constance (Bodensee) in southern Germany, near the borders with Switzerland and Austria. It started, as many projects do, with some late night drinking. The five were toiling to mix beverages more complex than your most common fare, and decided to turn their labors instead to robot making.

Since 2012, the project has gone through five revisions, the most recent of which the team calls Uba BOT. Delightfully, the cup tray which moves left and right on the front of the machine is connected using a strain gauge. This provides a way for the robot to sense the presence of a cup to avoid dispensing ingredients all over the bar itself. It also provides a feedback loop that verifies the amount of liquids and volume of ice added to the cup. Once everything’s in the cup, a rotary milk frother lowers itself into position to stir things up a bit.

A Raspberry Pi is in control of eighteen pumps that dispense both liquor and mixers. The team is still trying to work out a way to reliably dispense carbonated mixers, which so far have been a challenge due to over-excited foam. The software was originally based on Bartendro, but has since taken on a life of its own as these things often do. The first time you want a drink, you register an RFID tag and record your height, weight, and age which keeps track of your estimated blood alcohol content based on time and your number of visits to the robot. The firmware also tracks the state of each ingredient to alert a meat-based bar attendant of when a bottle needs replacing.

Join us after the break to see an explanation of what’s under the hood and to watch Uba BOT mix up a Mai Tai.

Continue reading “UbaBOT Mixes Up 50 Cocktails To Quench CCCamp Thirst”