Intel made an appearance at the recent summer X Games in Austin, TX with the Curie, a gadget for sensing the motion and position of skateboarders and BMXers. The Curie, attached to the bikes or helmets, measured the dynamics of the tricks performed by the participants.
An Intel 32 bit Quark SE system on a chip sent the telemetry data in real-time using Bluetooth. The module contains an accelerometer and gyroscope to capture all the twists, turns, and tumbles of the athletes. An analysis of the data was presented as part of the on-screen graphic displays of the events.
One of the biggest challenges for a company that holds invaluable data is protecting it. At first, this task would seem fairly straightforward. Keep the data on an encrypted server that’s only accessible via the internal network. The physical security of the server can be done with locks and other various degrees of physical security. One has to be thoughtful in how the security is structured, however. You need to allow authorized humans access to the data in order for the company to function, and there’s the rub. The skilled hacker is keenly aware of these people, and will use techniques under the envelope of Social Engineering along with her technical skills to gain access to your data.
Want to know how secure your house is? Lock yourself out. One of the best ways to test security is to try and break in. Large companies routinely hire hackers, known as penetration testers, to do just this. In this article, we’re going to dissect how a hired penetration tester was able to access data so valuable that it could have destroyed the company it belonged to.
The start of any hack involves information gathering. This is usually pretty easy for larger companies. Their website along with a few phone calls can reveal quite a bit of useful information. However, you can be assured that any company who has hired a pen tester has taken the necessary precautions to limit such information.
And such was the case for our hacker trying to gain access to the ACME Corp. servers. Her first target was the dumpsters – dumpster dives have been proven to unearth a trove of valuable information in the past. But the dumpsters were inside the complex, which was guarded by a contracted security firm. Through a bit of website snooping and a few phone calls, she was able to find out the department that was in charge of trash removal for the company. She then placed a phone call to this department. Using a social engineering (SE) technique known as pretexting, she pretended to be with a trash removal company and wanted to submit a quote to service their business. Using another SE technique called elicitation, she was able to find out:
that trash collection took place on Wednesdays and Thursdays
the total number of dumpsters
that there was a special dumpster for paper and technology trash
the name of the current waste removal company – Waster’s Management
the name of the employee in charge of the waste removal – [Christie Smith]
Dumpster Dive
Armed with this information, she went to the Waster’s Management website and grabbed their JPEG logo. Within a few days, she had a shirt and hat with the logo in her hands. She called the security department and said she was with Waster’s Management, and that [Christie Smith] had told her one of the dumpsters was damaged, and she needed to take a look at it before the next trash removal.
The next day, wearing the shirt and hat she had ordered online, she was given a badge from security and allowed access to the dumpsters. Now, any hacker worth her weight in PIC16F84’s already knows what dumpster she dove into. It didn’t take her long to walk away with several hard drives, a few USB drives and some useful documents. She was able to gain knowledge of an upcoming IT contract work, the name of the CFO, and the name of a server with some level of importance – prod23.
Hacking the Server
With some more SE, she was able to find out when the IT work was scheduled. It was after hours. She showed up a bit late and was able to walk right through the front door by claiming she worked for the IT contract company. She then shifted roles and pretended to be an employee. She approached one the real IT contract guys, and said she worked for the CFO, [Mr. Shiraz], and asked if he knew to be careful with the prod23 server. With more SE, she was able to find out the prod23 server was off-limits, encrypted, and only accessible by specific admins.
She was able to access an admin office, and it was there she would don her black hat. She booted the computer with BackTrack via USB and installed a key logger. She made an SSH tunnel to her personal server where she could dump the contents of the key logger, along with some other shells. Now, this is where things get interesting. She opened Virtual Box and used the computer’s hard drive as the boot medium. The VM booted the OS, and she hid all of the screen decorations to make it look like the target OS was running. The admin would log in without a clue, and our hacker would get their username and password through the key logger.
Once the login information came in, she was able to access the admin’s computer, and from there the prod23 server. You can imagine the look on the faces of the top executives for ACME Corp when our hacker handed them a copy of the keys to their kingdom.
Social engineering is human hacking, and a dark art in itself. Our hacker in this story would have never been able to even get close to the server if she did not have SE skills. No matter how secure you make something, so long as you allow humans access to it, it’s vulnerable to attack. And then it’s down to how well-trained your people are in repelling these kinds of intrusions.Just ask Target.
You can find the full story in the source below.
Sources
Social Engineering, The Art of Human Hacking, Chapter 8, by Christopher Hadnagy, ISBN-13: 860-1300286532
Quick: What’s the forward voltage drop on a conducting diode? If you answered something like 0.6 to 0.7 V, you get a passing grade, but you’re going to have to read on. If you answered where T0 and k are device-specific constants to be determined experimentally, you get a gold Jolly Wrencher.
[Jakub] earned his Wrencher, and then some. Because not only did he use the above equation to make a temperature sensor, he did so with a diode that you might have even forgotten that you have on hand — the one inside the silicon of a MOSFET — the intrinsic body diode.
[Jakub]’s main project is an Arduino-controlled electronic load that he calls the MightWatt, and a beefy power MOSFET is used as the variable resistance element. When it’s pulling 20 or 30 A, it gets hot. How hot exactly is hard to measure without a temperature sensor, and the best possible temperature sensor would be one that was built into the MOSFET’s die itself.
There’s a bunch of detail in his write-up about how he switches the load in and out to measure the forward drop, and how he calibrates the whole thing. It’s technical, but give it a read, it’s good stuff. This is a great trick to have up your sleeve.
The must-have toy of the moment last winter was the “Hoverboard”. We all probably secretly wished them to be the boards from the Back to the Future series of films made real, but the more achievable reality is a self-balancing scooter somewhat akin to a miniature Segway. It seemed every child wanted one, schools banned them, and there was a media frenzy over some of the cheaper models that lacked protection circuitry for their li-ion batteries and thus had a tendency for self-incineration.
[Drew Dibble] is interested in the Power Racing Series (PRS), in which toy electric cars are souped up for competition. Casting around for a source of cheap and relatively powerful motors he lit upon the self-balancing scooters, and waited on Craigslist for the inevitable cast-offs. His resulting purchase had two 350W brushless hub motors and all the associated circuit boards for motor control, gyroscope, and oddly a Bluetooth speaker. The motor control board received an unknown two-wire digital feed from the scooter’s control board, so he set to work investigating its protocol. His write-up of how he did it is an interesting primer in logic line detective work.
Hooking up his logic analyzer he was quickly able to rule out the possibility of the control signal being PWM because all signals followed the same timing. Both lines had data so he was able to rule out I2C, for in that case one line would carry a clock. He was therefore left with a serial line, and taking the 38 microsecond timing interval, he was able to calculate that it had a rather unusual bitrate of 26315 BPS. Each packet had a multiple of 9 bits so he either had 9-bit or 8-bit with parity, and trying all possible parity schemes resulted in parity errors. Therefore the boards used a highly unusual 9-bit non-standard bitrate serial port. Some experimentation led him to an Arduino library, and he was able to get some movement from his motors. Some clever timing detective work later and he could make them move at will, success!
It’s a boat! It’s a hackerspace! It’s a DIY research platform and an art gallery! It’s Boat Lab!
[Andrew Quitmeyer] lead a project in the Philippines that was nominally charged with making an art and technology space. After a few days brainstorming, four groups formed and came up with projects as wide-ranging as a water-jet video screen and a marine biology lab. What did they have in common? They were all going to take place on a floating raft hackerspace in a beautiful body of water in Manila.
This is a really crazy meta-project, and any of the sub-projects would be worth their own blog post. Even more so is the idea itself — building a floating hackerspace is just cool. The write-up on Hackaday.io linked above is pretty comprehensive, and the “Waterspace” book talks a bit more about the overarching process. Boat Lab is a great entry into the Citizen Science phase of the Hackaday Prize 2016.
But we also love the idea of hackerspaces in non-traditional places. The Cairo Hackerspace is working on a van-based space. And now we’ve seen a boat. What other mobile hackerspace solutions are out there? We’d love to hear!
We’ve all made rash and impulsive online purchasing decisions at times. For [Drygol] the moment came when he was alerted to an Atari 1040STe 16-bit home computer with matching monitor at a very advantageous price.
He did have one lucky break, the seller had carefully wrapped everything in shrink-wrap so no fragments had escaped. So carefully applying acetone to stick the ABS together he set to work on assembling his unexpected 3D jigsaw puzzle. The result needed a bit of filler and some sanding, but when coupled with a coat of grey paint started to look very like an ST case that had just left the factory. Adding modern SD card and USB/Ethernet interfaces to the finished computer delivered a rather useful machine as you can see in the video below the break. Continue reading “An Atari ST Rises From The Ashes”→
It’s great to hear from people who say they’re inspired to fix stuff by reading about hacks here on Hackaday. [Michael Lüftenegger] from Salzburg is one of them. About a year back, he snagged a digital horn from eBay that turned out to be dead-er than advertised and he wrote a post about how he fixed it and gave it a second life.
The Casio DH-100 is an electronic MIDI digital wind controller/synthesizer musical instrument. Your breath flows through the instrument, making it feel pretty similar to acoustic wind instruments. [Michael]’s unit had already seen some attempted, but unsuccessful repairs. Nothing that could not be fixed, except that the main pressure sensor was missing. Without the sensor, the instrument was practically useless. The eBay seller wasn’t lying when he described the unit as working with breath mode turned off! Continue reading “Reviving A Dead Zanzithophone”→
Within a few days, she had a shirt and hat with the logo in her hands. She called the security department and said she was with Waster’s Management, and that [Christie Smith] had told her one of the dumpsters was damaged, and she needed to take a look at it before the next trash removal.
where 
