News

3665 Articles

Massive Cyber Attack Cripples UK Hospitals, Spreads Globally

May 12, 2017 by 179 Comments

A massive ransomware attack is currently under way. It was first widely reported having crippled the UK hospital system, but has since spread to numerous other systems throughout the world including FedEx in the US, the Russian Interior Ministry, and telecommunications firms in Spain and Russia.

The virus is known by names WannaCrypt, WannaCry, and a few other variants. It spreads using the ExternalBlue exploit in unpatched Windows machines older than version 10. The tools used to pull off this attack were likely from an NSA toolset leaked by the Shadow Brokers.

So far the strongest resource for technical information that we’ve found is this factsheet hosted on GitHub.

NHS Services at a Standstill in the UK

NHS services across England and Scotland have been hit by the ransomware attack, crippling multiple hospitals and doctor’s practices. The UK has universal healthcare — the National Health Service  — covering Doctors, Hospitals and generally everything medical related is free at the point of service. but today they have had to turn away patients and cancel consultations.

NHS is unable to access medical records of patients unless they pay £230 ($300) in bitcoin for infected machines. There is no evidence patient data has been compromised, NHS Digital has said. The BBC has stated that up to 39 NHS organisations and some GP practices have been affected.

The National Cyber Security Centre (NCSC) was “working closely” with the NHS and that they will protect patient safety. We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

-Prime Minister Theresa May

Infected Systems Throughout the World

Computers in regions across the globe have been under attack today, including Telefonica (O2 in the UK), with at least 45,000 computers compromised in Russia, Ukraine, India, and Taiwan alone. There’s no indication of who is behind the attack yet.

The ransomware’s code takes advantage of an exploit called EternalBlue, made public in April by Shadow Brokers which was patched by Microsoft in March, It comes as a shock that an organisation the size of the NHS seem not to have kept their computers updated. This is perhaps just a taster of what is to come in the future as cyber crime and warfare become more and more commonplace.

[Ransomware screenshots via @UID_]

Automate The Freight: Medical Deliveries By Drone

May 12, 2017 by 26 Comments

Being a cop’s kid leaves you with a lot of vivid memories. My dad was a Connecticut State Trooper for over twenty years, and because of the small size of the state, he was essentially on duty at all times. His cruiser was very much the family vehicle, and like all police vehicles, it was loaded with the tools of the trade. Chief among them was the VHF two-way radio, which I’d listen to during long car rides, hearing troopers dispatched to this accident or calling in that traffic stop.

One very common call was the blood relay — Greenwich Hospital might have had an urgent need for Type B+ blood, but the nearest supply was perhaps at Yale-New Haven Hospital. The State Police would be called, a trooper would pick up the blood in a cooler, drive like hell down I-95, and hand deliver the blood to waiting OR personnel. On a good day, a sufficiently motivated and skilled trooper could cover that 45-mile stretch in about half an hour. On a bad day, the trooper might end up in an accident and in need of blood himself.

Continue reading “Automate The Freight: Medical Deliveries By Drone”

HP Laptops Turn Up Keylogger Where You Wouldn’t Expect It

May 12, 2017 by 58 Comments

Keyloggers are nasty little things that have the potential to steal the credit card numbers of you and everyone you care about. Usernames and passwords can be easily stolen this way, so they’re a useful tool for the black hats out there. One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.

The logger was found by Swiss security researchers modzero. The Conexant HD Audio Driver Package version 1.0.0.46 and earlier apparently logs keystrokes in order to monitor things like the laptop’s volume up and down keys. The real killer here is that it feels the need to log all keystrokes detected to a readily accessible file, for reasons we can’t possibly fathom. It’s a huge security risk, but it doesn’t stop there – the driver also exposes the keystrokes through an API as well, creating an even wider attack surface for malicious actors. One can in principle access the keystroke log remotely.

There’s no word from the company yet, but we really want to know – why save the keystrokes to a file at all? Code left over from debugging, perhaps? Speculate in the comments.

Templates Speed Up Arduino I/O

May 11, 2017 by 25 Comments

It is easy to forget, but the Arduino does use C++. Typically, the C++ part is in the libraries and the framework and most people just tend to code their main programs using a C-style just using the library objects like C-language extensions. [Fredllll] recently created a template library to speed up Arduino I/O and he shared it on GitHub.

If you’ve ever done anything serious with the Arduino, you probably know that while digitalWrite is handy, it does a lot of work behind the scenes to make sure the pin is setup and this adds overhead to every call. [Fredllll’s] template versions can switch a pin’s state in two cycles. You can cut that in half if you don’t mind bothering the state of other pins on the same port.

Continue reading “Templates Speed Up Arduino I/O”

Git Shell Bypass, Less Is More

May 10, 2017 by 4 Comments

We’ve always been a fans of wargames. Not the movie (well, also the movie) but I’m referring to hacking wargames. There are several formats but usually you have access to an initial shell account somewhere, which is level0, and you have to exploit some flaw in the system to manage to get level1 permissions and so forth. Almost always there’s a level where you have to exploit a legitimate binary (with some shady permissions) that does more than what the regular user thinks.

In the case of CVE-2017-8386, less is more.

[Timo Schmid] details how the git-shell, a restricted shell meant to be used as the upstream peer in a git remote session over a ssh tunnel, can be abused in order to achieve arbitrary file read, directory listing and somewhat restricted file write. The git-shell basic idea is to restrict the allowed commands in an ssh session to the ones required by git (git-receive-pack, git-upload-pack, git-upload-archive). The researcher realized he could pass parameters to these commands, like the flag –help:

$ ssh git@remoteserver "git-receive-pack '--help'"

GIT-RECEIVE-PACK(1)            Git Manual             GIT-RECEIVE-PACK(1)

NAME
 git-receive-pack - Receive what is pushed into the repository
[...]

What the flag does is make the git command open the man page of git, which is passed on to a pager program, usually less. And this is where it get interesting. The less command, if running interactively, can do several things you would expect like searching for text, go to a line number, scroll down and so on. What it can also do is open a new file (:e), save the input to a file (s) and execute commands (!). To make it run interactively, you have to force the allocation of a PTY in ssh like so:

$ ssh -t git@remoteserver "git-receive-pack '--help'"

GIT-RECEIVE-PACK(1) Git Manual GIT-RECEIVE-PACK(1)

NAME
 git-receive-pack - Receive what is pushed into the repository

 Manual page git-receive-pack(1) line 1 (press h for help or q to quit)
 

Press h for help and have fun. One caveat is that usual installations the code execution will not really execute arbitrary commands, since the current running login shell is the git-shell, restricted to only some white listed commands. There are, however, certain configurations where this might happen, such as maintaining bash or sh as a login shell and limit the user in ways that they can only use git (such as in shared environments without root access). You can see such example here.

The quickest solution seems to be to enable the no-pty flag server-side, in the sshd configuration. This prevents clients from requesting a PTY so less won’t run in an interactive mode.

$ man less

LESS(1) General Commands Manual LESS(1)

NAME
less - opposite of more

Ironic, isn’t it?

The SHA2017 Badge Revealed

May 8, 2017 by 19 Comments

It’s that excellent time of year in which one slowly comes to the realisation that the summer’s eagerly anticipated events are now no longer at some impossibly distant point in the future, but in fact only a matter of a few months or even weeks away. For our European readers, this means that August’s SHA2017 hacker camp is appearing on the horizon, four days of outdoor technological indulgence for our community in a scout camp on the Dutch polders.

As it is a tradition of such events to have an electronic badge incorporating ever more impressive levels of computing power, it follows that the pre-production announcement of an event badge has become an important milestone in the countdown to the day. SHA2017 is no exception, and thus today we see the announcement of their take on the essentials for a hacker camp badge in 2017.

The most immediately obvious thing about the badge is its 296×128 pixel e-ink display, which should provide an immediate benefit in terms of battery life. There are the usual plethora of interfaces, GPIOs, USB, and Neopixels, and the user input is via a set of capacitive buttons. Powering the device is an ESP32, and a key design goal was to have a network for the badges that does not put pressure on the 2.4GHz infrastructure. We’re guessing they’re doing this using raw WiFi packets in the same way as the MAGfest swadge. On the software front it will provide a straightforward development route via MicroPython, and there will be an app library for those without the inclination to code their own. You can get an early look at the schematic from the project repo (PDF).

Their target is to have the badge ready and with stable software on day 1 of the event, a laudable aim if they can manage it.

Members of the Hackaday team will be making the trip to the Netherlands for SHA2017, we look forward to seeing you if you attend too, and please show us anything interesting you do with your badges! Keep your eyes peeled for the Jolly Wrench, and come say hello. You’ll find me with the OxHack contingent and giving a talk on the kit biz which I have also published in the Project to Kit series of articles.

We’ve covered so many badges here at Hackaday that we could almost serve of a retrospective exhibition of the art form. Of particular interest to us though is our own [Voja Antonic]’s badge for last year’s Hackaday SuperConference.

Thanks [Sebastius] for the tip.

The Dangers Of Engineering While Unlicensed

May 8, 2017 by 243 Comments

Citizen engineers, beware the Beaver State. If you want to discuss engineering in a public setting, you’d better have a license. If you don’t, you could end up like Oregon resident Mats Järlström — paying a $500 fine and being threatened with even larger civil penalties and jail time.

The story of how Järlström became ensnared in this unfortunate series of events begins innocently enough, and it’s a story that any Hackaday reader can probably relate to. After his wife received a traffic ticket in the mail from a red-light camera in the town of Beaverton, Järlström began pondering the math of traffic signal timing. After a little digging, he found the formula used for calculating the time traffic signals stay in the yellow stage. Moreover, he found a flaw in the formula, which dates back to 1959, that could lead to incorrect violations issued by automated traffic cameras.

Continue reading “The Dangers Of Engineering While Unlicensed”