Malicious Raspberry Pi Power Strip Looks A Bit Scary

October 4, 2012 by Mike Szczys 28 Comments

What you see here is a Raspberry Pi shoehorned into a power strip. The idea is to leverage the power and low-cost of this board into a stealthy network observation device. It packs a similar punch as the Power Pwn but should cost at least $1100 less!

The fact that when you plug your Ethernet into this ‘surge protector’ it starts sniffing your traffic doesn’t really scare us. It’s the mains wiring that traverses the RPi itself that’s a bit unnerving. Call us overly-protective, but we like to see some shielding between our high-voltage and low-voltage components. But that aside, the rest of the hack is pretty solid. That item wrapped in electrical tape is a power converter for the board itself. It’s not shown here, but the NIC is patched into the surge protector’s RJ-45 connector. The one thing that might be nice to include is a WiFi nub so that you can access the strip wirelessly. This would open the door for other snooping items, like a small microphone.

Disassembling And Reprogramming Webkeys

October 2, 2012 by Mike Szczys 13 Comments

Webkeys are small, inexpensive USB devices which launch a web browser when plugged into a computer. They’re given out as a promotional item, but they can be fun to hack as well. [Brad Antoniewicz] recently got his hands on one and decided to crack it open to see what he could accomplish.

The majority of the device was packaging but it didn’t take him long to get down to the guts seen here. There are two units shown in the image above so that we can get a look at both sides of the circuit board. As you can see, there’s a chip-on-board processor (that black blob) that handles the USB connectivity. But the data which is pushed to a computer is stored in that EEPROM chip at the top. It’s got legs which are just begging to be probed. [Brad] wasn’t able to find the exact datasheet but he got some clues as to the pinout. Using his Bus Pirate he was able to establish communications and sniff the i2c traffic. With that success he went on to overwrite that data. You can see a quick demonstration of it after the break.

[Brad] hopes to do a bit more with the hardware. He thinks those four pads can be used to reprogram the MCU. We’ll keep our eyes out for updates as he moves along on that mission.

Continue reading “Disassembling And Reprogramming Webkeys” →

Dry Erase Marker Opens All Hotel Room Doors

October 2, 2012 by Mike Szczys 50 Comments

If you’re carrying around an exposed circuit board and a bunch of wires people are going to notice you. But a dry erase marker won’t turn any heads. And this one holds its own little secret. It acts as a master key for hotel room door locks.

This is really more of a repackaging hack. The exploit is already quite well-known. The Onity brand of key card locks most commonly used in hotels have a power jack on the bottom that doubles as a 1-wire communications port. The first published proof of concept used an Arduino board and a simple adapter to unlock any door in under one second. Now that hardware has been reduced in size so that it fits in the hollow shell of a dry erase marker. Even better, the felt tip has been replaced with the appropriately sized barrel jack. Check out the ultra-fast and inconspicuous use of it after the break. We think using this is no more obvious than actually having the key card.

Continue reading “Dry Erase Marker Opens All Hotel Room Doors” →

Cryptography – Learn What It’s All About

September 25, 2012 by Mike Szczys 8 Comments

The concept of cryptography touches our lives many times per day, and that’s probably a conservative estimate. We have a pretty good idea of how it works, having dealt with public-key cryptography for things like remote git repositories or ssh tunneling without a password. But we still enjoyed reading [Tiberiu Barbu’s] primer on the subject which he calls From 0 to Cryptography.

He begins the discussion with a definition of terms but quickly moves to the topic of key distribution. If you’re using a key to decipher data, how can you make sure that key only makes it to the person whom you want reading the data? One way is to use a Diffie-Hellman key exchange. The diagram above illustrates the trade, which uses an agreed upon value (color in this example) as a common starting point, then goes from there. After working our way through the key exchange scenario [Tiberiu] then runs the gammut of other options, include Public-Key, RSA, Hash, Digital Certificate, and a few others. It’s not a long post considering how many topics it covers. If you don’t have time today, make sure to save it for the weekend.

[via Reddit]

Key Code Door Lock Won’t Endanger Your Security Deposit

September 20, 2012 by Mike Szczys 13 Comments

College students have returned in droves to dorms and apartments at campuses everywhere. So this is the time of year we usually start seeing some coded entry hacks. [Charmonkey] recently took on the challenge at his new apartment. There were some caveats though. He needed to ensure the Landlord could still enter using a key, and he didn’t want to alter the door or the jamb in any way. What he came up with is a coded entry system that can turn the deadbolt.

In order to mount some hardware on the door he removed the inner part of the dead bolt assembly and used the pair of threaded tubes on the adjoining lock section as anchor points. This holds the Pokemon tin he’s using as a project box securely in place. The rest of the components all mount to it. These include the stepper motor that actuates the deadbolt, a switch for manual operation, an Arduino, and a motor driver board.

He got really creative with the keypad. The wires connecting it travel through the door’s peephole and into the smaller plastic project box that hosts the rest of the hardware.

[via Reddit]

Token Authentication For Gmail Using A EZ430 Chronos Watch

September 20, 2012 by Mike Szczys 11 Comments

Two-factor authentication allows you to use your chosen password, as well as a one-time password to help keep your services secure. The one-time passwords traditionally come from a dedicated piece of hardware, but there are also solutions for smart phones. [Patrick Schaumont] shows how a TI eZ430 Chronos Watch can be used to generate authentication tokens. After walking through the process he uses it to beef up his gmail login.

This method of token authentication is often called Time-based One Time Passwords (TOTP). It’s part of the Open Authentication (OATH) initiative, which seeks to sort out the password-hell that is modern computing. A portable device generates a password by applying an algorithm and a private encryption key to an accuarte time-stamp. On the server side of things a public key is used to verify the one-time password entered based on the server’s own time-stamp. In this case the portable device is the Chronos watch and the server is Google’s own TOTP service.

You can do this with other simple microcontrollers, we’ve even seen an Arduino implementation. But the wrist-watch form factor seen here is by far the most convenient — as long as you always remember to wear the watch.

[Thanks Oxide]

Investigating The Strength Of The 4-digit PIN

September 18, 2012 by Mike Szczys 46 Comments

If we wanted to take a look at the statistics behind 4-digit pin numbers how could we do such a thing? After all, it’s not like people are just going to tell you the code they like to use. It turns out the databases of leaked passwords that have been floating around the Internet are the perfect source for a little study like this one. One such source was filtered for passwords that were exactly four digits long and contained only numbers. The result was a set of 3.4 million PIN numbers which were analysed for statistical patterns.

As the cliché movie joke tells us, 1234 is by far the most commonly used PIN to tune of 10% (*facepalm*). That’s followed relatively closely by 1111. But if plain old frequency were as deep as this look went it would make for boring reading. You’ll want to keep going with this article, which then looks into issues like ease of entry; 2580 is straight down the center of a telephone keypad. Dates are also very common, which greatly limits what the first and last pair of the PIN combination might be.

We’ll leave you with this nugget: Over 25% of all PINs are made of just 20 different number (at least from this data set).

[Thanks Awjlogan]