Physical Security Hack Chat With Deviant Ollam

June 1, 2020 by 1 Comment

Join us on Wednesday, June 3 at noon Pacific for the Physical Security Hack Chat with Deviant Ollam!

You can throw as many resources as possible into securing your systems — patch every vulnerability religiously, train all your users, monitor their traffic, eliminate every conceivable side-channel attack, or even totally air-gap your system — but it all amounts to exactly zero if somebody leaves a door propped open. Or if you’ve put a $5 padlock on a critical gate. Or if your RFID access control system is easily hacked. Ignore details like that and you’re just inviting trouble in.

Once the black-hats are on the inside, their job becomes orders of magnitude easier. Nothing beats hands-on access to a system when it comes to compromising it, and even if the attacker isn’t directly interfacing with your system, having him or her on the inside makes social engineering attacks that much simpler. System security starts with physical security, and physical security starts with understanding how to keep the doors locked.

join-hack-chatTo help us dig into that, Deviant Ollam will stop by the Hack Chat. Deviant works as a physical security consultant and he’s a fixture on the security con circuit and denizen of many lockpicking villages. He’s well-versed in what it takes to keep hardware safe from unauthorized visits or to keep it from disappearing entirely. From CCTV systems to elevator hacks to just about every possible way to defeat a locked door, Deviant has quite a bag of physical security tricks, and he’ll share his insights on keeping stuff safe in a dangerous world.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 3 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Side-Channel Attack Turns Power Supply Into Speakers

May 11, 2020 by 12 Comments

If you work in a secure facility, the chances are pretty good that any computer there is going to be stripped to the minimum complement of peripherals. After all, the fewer parts that a computer has, the fewer things that can be turned into air-gap breaching transducers, right? So no printers, no cameras, no microphones, and certainly no speakers.

Unfortunately, deleting such peripherals does you little good when [Mordechai Guri] is able to turn a computer power supply into a speaker that can exfiltrate data from air-gapped machines. In an arXiv paper (PDF link), [Guri] describes a side-channel attack of considerable deviousness and some complexity that he calls POWER-SUPPLaY. It’s a two-pronged attack with both a transmitter and receiver exploit needed to pull it off. The transmitter malware, delivered via standard methods, runs on the air-gapped machine, and controls the workload of the CPU. These changes in power usage result in vibrations in the switch-mode power supply common to most PCs, particularly in the transformers and capacitors. The resulting audio frequency signals are picked up by a malware-infected receiver on a smartphone, presumably carried by someone into the vicinity of the air-gapped machine. The data is picked up by the phone’s microphone, buffered, and exfiltrated to the attacker at a later time.

Yes, it’s complicated, requiring two exploits to install all the pieces, but under the right conditions it could be feasible. And who’s to say that the receiver malware couldn’t be replaced with the old potato chip bag exploit? Either way, we’re glad [Mordechai] and his fellow security researchers are out there finding the weak spots and challenging assumptions of what’s safe and what’s vulnerable.

Continue reading “Side-Channel Attack Turns Power Supply Into Speakers”

Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup

March 9, 2020 by 13 Comments

What do potato chips and lost car keys have in common? On the surface, it would seem not much, unless you somehow managed to lose your keys in a bag of chips, which would be embarrassing enough that you’d likely never speak of it. But there is a surprising link between the two, and Samy Kamkar makes the association in his newly published 2019 Superconference talk, which he called “FPGA Glitching and Side-Channel Attacks.

Continue reading “Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup”

Take Security Up A Notch By Adding LEDs

January 12, 2020 by 14 Comments

All computers are vulnerable to attacks by viruses or black hats, but there are lots of steps that can be taken to reduce risk. At the extreme end of the spectrum is having an “air-gapped” computer that doesn’t connect to a network at all, but this isn’t a guarantee that it won’t get attacked. Even transferring files to the computer with a USB drive can be risky under certain circumstances, but thanks to some LED lights that [Robert Fisk] has on his drive, this attack vector can at least be monitored.

Using a USB drive with a single LED that illuminates during a read OR write operation is fairly common, but since it’s possible to transfer malware unknowingly via USB drives, one that has a separate LED specifically for writing operations will help alert a user to any write operations that might be trying to fly under the radar. A recent article by [Bruce Schneier] pointed out this flaw in USB drives, and [Robert] was up to the challenge. His build returns more control to the user by showing them when their drive is accessed and in what way, which can also be used to discover unique quirks of one’s chosen operating system.

[Robert] is pretty familiar with USB drives and their ups and downs as well. A few years ago he built a USB firewall that was able to decrease the likelihood of BadUSB-type attacks. Be careful going down the rabbit hole of device security, though, or you will start seeing potential attacks hidden almost everywhere.

Twelve Circuit Sculptures We Can’t Stop Looking At

January 15, 2019 by 25 Comments

Circuits are beautiful in their own way, and a circuit sculpture takes that abstract beauty and makes it into a purposeful art form. Can you use the wires of the circuits themselves as the structure of a sculpture, and tell a story with the use and placement of every component? Anyone can exercise their inner artist using this medium and we loved seeing so many people give it a try. Today we announce the top winners and celebrate four score of entries in the Hackaday Circuit Sculpture Contest.

Let’s take a look at twelve outstanding projects that caught (and held) our eye:

Continue reading “Twelve Circuit Sculptures We Can’t Stop Looking At”

Wireless Charging Without So Many Chargers

January 15, 2019 by 11 Comments

[Nikola Tesla] believed he could wirelessly supply power to the world, but his calculations were off. We can, in fact, supply power wirelessly and we are getting better but far from the dreams of the historical inventor. The mainstream version is the Qi chargers which are what phones use to charge when you lay them on a base. Magnetic coupling is what allows the power to move through the air. The transmitter and receiver are two halves of an air-core transformer, so the distance between the coils exponentially reduces efficiency and don’t even think of putting two phones on a single base. Well, you could but it would not do any good. [Chris Mi] at San Diego State University is working with colleagues to introduce receivers which feature a pass-through architecture so a whole stack of devices can be powered from a single base.

Efficiency across ten loads is recorded at 83.9% which is phenomenal considering the distance between each load is 6 cm. Traditional air-gap transformers are not designed for 6 cm, much less 60 cm. The trick is to include another transmitter coil alongside the receiving coil. By doing this, the coils are never more than 6 cm apart, even when the farthest unit is a long ways from the first supply. Another advantage to this configuration is that tuned groups continue to work even when a load changes in the system. For this reason, putting ten chargeables on a single system is a big deal because they don’t need to be retuned when one finishes charging.

We would love to see more of this convenient charging and hope that it catches on.

Via IEEE Spectrum.

A Cleverly Concealed Magnetic Loop Antenna

June 23, 2018 by 39 Comments

We’re sure all radio amateurs must have encountered the problem faced by [Alexandre Grimberg PY1AHD] frequently enough that they nod their heads sagely. There you are, relaxing in the sun on the lounger next to the crystal-blue pool, and you fancy working a bit of DX. But the sheer horror of it all, a tower, rotator, and HF Yagi would ruin the aesthetic, so what can be done?

[Alexandre]’s solution is simple and elegant: conceal a circular magnetic loop antenna beneath the rim of a circular plastic poolside table. Construction is the usual copper pipe with a co-axial coupling loop and a large air-gapped variable capacitor, and tuning comes via a long plastic rod that emerges as a discreet knob on the opposite side of the table. It has a 10 MHz to 30 MHz bandwidth, and should provide a decent antenna for such a small space. We can’t help some concern about how easy to access that capacitor is, on these antennas there is induced a surprisingly large RF voltage across its vanes, and anyone unwary enough to sit at the table to enjoy a poolside drink might suffer a nasty RF burn to the knee. Perhaps we’d go for a remotely tuned model instead, for this reason.

[Alexandre] has many unusual loop projects under his belt, as well as producing commercial loops. Most interesting to us on his YouTube feed is this one with a capacitor formed from co-axial soft drink cans.

Thanks [Geekabit] for the tip.