Bringing An IWallet Back To Life

July 18, 2011 by Mike Nathan 43 Comments

iwallet_bluetooth_hack

The iWallet is a slick little device if you’ve got a big wad of cash burning a hole in your pocket. The $600 price tag was a little much for [cmw] to swallow, so he bought a water damaged iWallet on eBay with hopes of repairing it. Once took a close look, he knew that repairing it was a lost cause, so he decided to hack it instead.

He pulled out most of the wallet’s electronics save for the motor that opens the device, and replaced the damaged parts with his own. He installed an Arduino pro as well as a Bluetooth module, powering the pair with a small rechargeable LiPo battery. The iWallet’s fingerprint reader was then replaced with a series of LEDs that show the device’s Bluetooth connectivity status.

[cmw] can now connect his wallet to his phone, issuing unlock commands via Bluetooth. If you don’t want to fork out the cash, his version is nearly as good as the real thing.

Continue reading to see a quick video of [cmw’s] iWallet hack in action.

Continue reading “Bringing An IWallet Back To Life” →

IPhone To Arduino Communications Sans Jailbreak

July 18, 2011 by Mike Nathan 13 Comments

iphone_to_arduino

When Google released their ADK allowing Android smart phones to interact with Arduino-based devices, we’re sure there were at least one or two iPhone users who felt left out. Thanks to the folks over at Redpark, those people can now interact with an Arduino without having to jailbreak their phone.

For anyone looking to do any sort of iPhone/Arduino interaction, this is a good thing – except for the price. The 30-pin to serial cable is currently available over at Make for $59, which honestly seems pretty steep to us. When we first saw this announced, our initial thoughts were that we would see an open-source version in no time.

Unfortunately, that idea was short-lived, as we were quickly reminded of Apple’s MFI program. If you are not familiar, MFI (aka Made for iStuff) program limits what can be connected to an iDevice via licensing fees and a boatload of legal agreements. While we won’t be picking up this dongle any time soon, we’re all ears if someone has done any reverse-engineering of those pesky MFI chips.

Shoulder Surfing With OpenCV

July 12, 2011 by Mike Nathan 14 Comments

shoulder_surfing_with_shoulder_pad

While it seems that many people are wise to shoulder surfing, keeping a lookout for anyone spying on their passwords, [Haroon] wrote in to remind us that the threat is just as real today as it ever was.

The subjects of his research are touch screen phones and tablets, which utilize on-screen keyboards for data entry. He says that while nearly all password entry boxes on these devices are obscured with the traditional line of asterisks, the keyboards themselves are quite an interesting vulnerability.

Since touch screen technology can be finicky at times, most vendors ship their devices with some sort of key press verification system. On the iPhone and iPad, for instance, each key is highlighted in blue following a button press. This functionality makes it quite easy for shoulder surfers to casually steal your password if you’re not paying attention.

But what if you are well aware of your surroundings? [Haroon] has developed a piece of software he calls shoulderPad, which is based on openCV that does the surfing for him. The application can monitor a video stream, live or recorded, extracting the user’s password from the highlighted button presses. His demonstrations show the recording taking place at a relatively close distance, but he says that it would be quite easy to use surveillance footage or zoom lenses to capture key presses from afar.

He does say that the button highlighting can be easily disabled in the iPhone’s options pane, which should negate this sort of attack for the most part.

Continue reading to see a quick video of shoulderPad in action.

Continue reading “Shoulder Surfing With OpenCV” →

Excuse Me IPad, May I Cut In?

June 14, 2011 by Mike Szczys 13 Comments

[LostSpawn] loves his clamshell keyboard for the iPad, but he had one major beef with the design. When the tablet is installed in the landscape orientation there’s no way to plug in a dock connector for charging or other uses. He pulled out the cutting tools and altered the case to meet his needs.

The case is a Rocketfish iCapsule which provides a Bluetooth keyboard when you need to do a lot of typing. The hard shell does a great job of protecting the iPad, but who wants to pull it out to charge it? The thing that we can’t believe is that there’s a slot milled in the other side of the bezel so that you can plug in headphones. How did they overlook the dock connector?

To add it himself, [LostSpawn] started by drilling a dotted line along the portion that he wanted to remove. He finished shedding material with a Dremel and then set about sanding it flat. To make sure it didn’t look too much like a hack he used Bondo to build up the working edge and then sanded and painted for a factory finish. Now he can plug in the cable or an SD card adapter like the one seen to the right of the keyboard.

Adding Remote Touch Control To The Kaoss Pad

May 2, 2011 by Mike Nathan 8 Comments

touchosc_kaoss

[Munki] enjoys using his Kaoss Pad MIDI controller to add a new dimension to his music while playing guitar. The only thing that bothers him about the Kaoss Pad interface is that it can be difficult to trigger or alter effects in the middle of a bitchin’ guitar solo. He started looking around to see if there was a way to control the Kaoss Pad wirelessly via a touchscreen and found that with a little tweaking, his iPhone was a perfect candidate for the job.

He grabbed a copy of TouchOSC from the AppStore and configured it to communicate with his computer. After building an interface for his iPhone, he taped it to his guitar and gave it a try. Everything seemed to work pretty well, but he didn’t stop there – he also wanted to control Ableton Live and Max MSP from his iPhone. It took a bit of research and some tinkering with the Live API, but he eventually got everything working together nicely as you can see in the video below.

If you are interested in trying this out yourself, he has several useful links throughout his article, and he has made his TouchOSC/Max MSP patch available for download as well.

Continue reading “Adding Remote Touch Control To The Kaoss Pad” →

Location Tracking? ‘Droid Does

April 25, 2011 by Mike Nathan 40 Comments

i_spy

Last week, the Internet was alight with stories of iPhone location tracking. While this wasn’t exactly breaking news in security circles, it was new information to many people out there. Lots of blogs were full of commentary on the situation, including ours, with many Android users chiming in saying, “Android doesn’t do that”.

Well, that’s not entirely true – the playing field is far more level than most people would like to admit.

Android does have the same tracking capability, as do Windows Mobile phones for that matter. Both companies also monitor the cell towers you have connected to, as well as which Wi-Fi hotspots you have passed by. All three companies anonymize the data, though they do assign a unique ID to your location details in order to tell you apart from other users.

Where things really differ is in regards to how much information is stored. Microsoft claims that they only store the most recent location entry, while Andriod systems store the 200 most recent Wi-Fi hotspot locations as well as the most recent 50 cell towers.

At the end of the day each vendor does allow you to opt out of the tracking services, and if you are seriously concerned about the data they are tracking, you can always periodically wipe the information from your handset, should you desire.

[Image via TheTelecomBlog]

IPhone Watching Every Breath You Take, Every Move You Make

April 20, 2011 by Mike Nathan 89 Comments

iphone_data

Most people tend to enjoy a certain modicum of privacy. Aside from the data we all share willingly on the web in the form of forum posts, Twitter activity, etc., people generally like keeping to themselves.

What would you think then, if you found out your iPhone (or any iDevice with 3G) was tracking and logging your every movement?

That’s exactly what two researchers from the UK are claiming. They state that the phone is constantly logging your location using cell towers, placing the information into a timestamped database. That database is not encrypted, and is copied to your computer each time you sync with iTunes. Additionally, the database is copied back to your new phone should you ever replace your handset.

We understand that many iPhone apps use location awareness to enhance the user experience, and law enforcement officials should be able to pull data from your phone if necessary – we’re totally cool with that. However, when everywhere you have been is secretly logged in plaintext without any sort of notification, we get a bit wary. At the very least, Apple should consider encrypting the file.

While this data is not quite as sensitive as say your Social Security number or bank passwords, it is dangerous in the wrong hands just the same. Even a moderately skilled thief, upon finding or swiping an iPhone, could easily dump the contents and have a robust dataset showing where you live and when you leave – all the makings of a perfect home invasion.

Continue reading to see a fairly long video of the two researchers discussing their findings.

[Image courtesy of Engadget]

Continue reading “IPhone Watching Every Breath You Take, Every Move You Make” →