HTML Link Tag Hack Sends You To The Wrong Place

March 23, 2013 by Mike Szczys 16 Comments

hacking-html-a-tag

We consider ourselves fairly cautions Internet warriors. We know when to watch out for malicious links and tread lightly during those times. But this hack will still bite even the most cautions of link followers. It’s a hack that changes where a link is sending you after you click on it.

The concept is driven home right away by a link in the post which lists PayPal as the target when you hover over it with your mouse. Clicking on it will give you a warning that it could have been a malicious page you were redirected to. Of course the address line of the page shows that you were sent somewhere else, but it’s still an interesting issue. The hack is accomplished with just a few lines of JavaScript. In fact, the original example was 100 characters but a revision boils that down to just 67.

So who’s vulnerable to this kind of thing? It sounds like everyone that’s not using the Opera browser, which has been patched against the exploit. There are also some updates at the bottom of the post which mention that Firefox has been notified about it and Chrome is working on a patch.

[via Reddit]

Stealing Cars And Ringing Doorbells With Radio

March 14, 2013 by Brian Benchoff 25 Comments

The cheap software defined radio platforms that can be built out of a USB TV tuner aren’t getting much love on the Hackaday tip line of late. Thankfully, [Adam] sent in a great guide to cracking sub-GHz wireless protocols wide open, and ringing doorbells, opening cars, and potentially setting houses on fire in the process.

The first wireless hack [Adam] managed to whip up is figuring out how a wireless doorbell transmitter communicates with its receiver. [Adam] connected a FUNcube software defined radio dongle (although any one of the many USB TV tuner dongles we’ve seen would also work) and used GNU Radio to send the radio signals received to a WAV file. When looking at this audio file in Audacity, [Adam] saw the tell-tale signs of digital data, leaving with a string of 1s and 0s that would trigger his wireless doorbell.

The FUNcube dongle doesn’t have the ability to transmit, though, so [Adam] needed a more capable software defined radio to emulate the inner workings of a doorbell transmitter. He found one in the Ettus Research USRP, a software designed radio that’s doing a good job of keeping [Balint], Hackaday SDR extraordinaire, very busy. By sending the data [Adam] decoded with the FUNcube dongle over the USRP, he was able to trigger his wireless doorbell using nothing but a few hundred dollars of radio equipment and software ingenuity.

Doorbells are a low-stakes game, so [Adam] decided to step things up a little and unlock his son’s car by capturing and replaying the signals from a key fob remote. Modern cars use a rolling code for their keyless entry, so that entire endeavour is just a party trick. Other RF-enabled appliances, such as a remote-controlled mains outlet, are a much larger threat to home and office security, but still one [Adam] managed to crack wide open.

A Clever Solution For Constantly Locking Workstations

March 12, 2013 by Brian Benchoff 57 Comments

ROBOT

[Vasilis] works at CERN, and like any large organization that invented the World Wide Web, they take computer security pretty seriously. One ‘feature’ the IT staff implemented is locking the desktop whenever the screen saver runs. When [Vasilis] is in his office but not at his battlestation, the screen saver invariably runs, locking the desktop, and greatly annoying [Vasilis].

The usual Hackaday solution to this problem would be a complex arrangement of RFID tags, webcams, and hundreds, if not thousands of lines of code. [Vasilis] came up with a much better solution: have the computer ping his phone over Bluetooth. If the phone is detected by the computer, kill the screen saver.

The code is up on Github. It’s not much – just 20 lines of a Bash script – but it’s just enough to prevent the aggravation of typing in a password dozens of times a day.

Quick Wallet Hack Adds Pickpocket Alarm

March 8, 2013 by Caleb Kraft 60 Comments

Recently there were a bunch of videos going around the net about some of the greatest pickpockets in the world. Simply put, if they wanted something you had, they were going to take it and you probably wouldn’t notice. I’ve always kept my wallet in my front pocket, and usually with my hand on it, but they even showed them getting around that in the video (you can’t always be vigilant).

I had the idea to make some kind of alarm that would go off if anyone but me removed the wallet from my pocket. A quick google search revealed tons of wallet alarms, but I noticed that they all had a credit card form factor(that’s good) and would make noise when exposed to light(that’s bad). This represents a problem since the pickpockets in the videos tended not to open the wallets till later at another location. I needed something that would make noise as it was removed from my pocket. Most importantly, I needed the alarm to be located inside the wallet. This immediately makes the wallet undesirable and will hopefully make someone drop it like hot coals.

Continue reading “Quick Wallet Hack Adds Pickpocket Alarm” →

PwnPad, The Pentesting Tablet

March 1, 2013 by Brian Benchoff 46 Comments

pwnpad3_1024x1024

Over the last few months, we’ve seen our fair share of pentesting appliances. Whether they’re in the form of a Raspberry Pi with a custom distro, or an innocuous looking Internet-connected wall wart, they’re all great tools for investigating potential security vulnerabilites at home, in the workplace, or in someone else’s workplace. Pwnie Express, manufacturers of pentesting equipment, are now releasing one of the best looking and potentially most useful piece of pentesting equipment we’ve ever seen. It’s called the PwnPad, and it allows you to get your pentesting on while still looking stylish.

Based on Google’s Nexus 7 tablet, the PwnPad combines all the goodies of a really great tablet – the ability to read NFC tags and multiband radios – with open source tools and a USB OTG cable with USB Ethernet, Bluetooth, and WiFi adapters. Everything in the PwnPad is designed for maximum utility for pentesting applications.

Of course, for those of us that already have a $200 Nexus 7, Pwnie Express says they’ll be giving away the source for their software, enabling anyone with knowledge of make to have the same functionality of the PwnPad. Of course you’ll need to get yourself a USB OTG cable and the WiFi, Bluetooth, and Ethernet adapters, but that should only add up to about $100; combined with a $200 Nexus 7, building your own is more than just a bit cheaper than Pwnie Express’ asking pre-order price of $795.

Hacking A Radio Controlled Spy Device For Overly Attached Girlfriend.

February 27, 2013 by Caleb Kraft 47 Comments

This is the first in our series of videos meant to spread the hacking goodness far and wide on the net. As you can see, it is a pretty silly video, hopefully you enjoyed the humor. This wouldn’t be hackaday without an appropriate writeup though!

Initially the idea was to make this as a device that my boss could deploy from his Tesla Model S. Ultimately, we missed the release of SkyFall, so the whole 007 theme seemed a little flat. However, we did just happen to have a wonderful woman in the office that agreed to be an “overly attached girlfriend”. Here’s a link to the meme for those who are unfamiliar. Even though we made her look like a crazy person, she was a great sport about it (Thanks [Stephanie]!).

The Goal was to have a radio controlled device that would send live video and audio to someone and had the ability to plant a small GPS tracker on the undercarriage of a car.

Continue reading “Hacking A Radio Controlled Spy Device For Overly Attached Girlfriend.” →

Mac EFI PIN Lock Brute Force Attack (unsuccessful)

February 26, 2013 by Mike Szczys 82 Comments

[Oliver] wiped the hard drive from a Macbook Pro using the ‘dd’ command on another machine. This does a great job of getting everything off the drive, but he was still faced with the EFI PIN lock protection when he tried to put it back into the Mac. You used to be able to clear the NVRAM to get around this issue, but that exploit has now been patched. So [Oliver] set out to use a microcontroller to brute-force the EFI PIN.

You can read his back story at the link above. He had the chance to enter a 4-digit pin before the format process. Now that he’s wiped the drive the code is at least 6 characters long, which is a lot more possibilities (at least it’s numeric characters only!). To automate the process he programmed this Teensy board to try every possible combination. It worked great on a text editor but sometimes the characters, or the enter command wouldn’t register. He guesses this was some type of protection against automated attackers. To get around the issue he added different delays between the key presses, and between entering each code. This fixed the issue, as you can see in the clip after the break. Unfortunately after two 48-hour runs that tried every code he still hasn’t gained access!

Continue reading “Mac EFI PIN Lock Brute Force Attack (unsuccessful)” →