Security Hacks

1430 Articles

Sony Google TV Devices Running Unsigned Kernels

February 20, 2012 by 18 Comments

The proud cry of “I am root” rings true once again, this time on Sony Google TV devices. Although a low-level exploit was found on previous firmware versions, a downgrade process lets you run unsigned kernels on updated TV or Bluray models of the Internet streaming devices.

These systems are Android-based, which currently run version 3.1 Honeycomb. This version patches the previous exploit, but with three different USB sticks you can downgrade, exploit, and upgrade to an altered and unsigned hack of the most recent kernel. This gives you the root access you may have been longing for, but other than the features discussed in the forum thread there’s not a whole lot of changes rolled into the exploit yet.

We’re always looking out for open source projects running on living-room devices and hope that someday we’ll see a branch of XBMC for the GTV. Until then we’ll just have to keep our fingers crossed for the viability of a RaspberryPI XBMC.

RFID Reader Gets User Inputs And Smart Card Write Capability

February 9, 2012 by 4 Comments

[Navic] added a slew of abilities to his RFID reader. It’s now a full-featured RFID reader and smart card writer with extras. When we looked at it last time the unit was just an RFID and smart card reader in a project enclosure. You could see the RFID code of a tag displayed on the LCD screen, but there wasn’t a lot more to it than that.

The upgrade uses the same project enclosure but he’s added four buttons below the display. These allow him to access the different features that he’s implemented. The first one, which is shown in the video after the break, allows him to store up to six tags in the EEPROM of the Basic Stamp which drives the unit. He can dump these tag codes to a smart card (pictured above), but also has the option of interfacing with a PC to read from and write to that card.

We don’t think you can directly write RFID tags with the device, but we could be wrong.

Continue reading “RFID Reader Gets User Inputs And Smart Card Write Capability”

Cheap WiFi Bridge For Pen Testing Or Otherwise

January 12, 2012 by 18 Comments

Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it. [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.

No hardware hacking is necessary to connect the three components. The only other preparation needed is to reflash the router firmware with OpenWRT and load it up with common pen-testing software packages like Netcrack and Airhack.

[Kevin] calls this a drop box, because you find an Ethernet jack, plug it in, and drop it there. You can then connect to the router via Wifi and begin testing the wired network security measures. We’re sure images of espionage pop into your head from that description, but we’re certain this can be useful in other ways as well. If you ever find yourself with an Ethernet connection but no access to Wifi this is a quick way to setup an AP.

Unshredding Paper

January 10, 2012 by 50 Comments

[Roel] had read that people won the DARPA shredder challenge, but that their technology was kept a secret, interested in this concept he also remembered an episode of the X-Files where they had reconstructed shredded paper using a computer system. Unlike most computer based TV show BS this did not seem to be too far fetched so he went about trying it himself.

First a note is written, and then cut up into strips, the strips are then scanned into a computer where the magic happens. Next each strip outlined in polygons and then the software is to follow the polygon outline looking for a change in color at the pixel level. The software then goes into a pattern matching mode and reassembles the paper based on a scoring system.

While not many people use old fashioned strip shredders anymore, the basic idea works and if you really wanted to expand it could be applied to cross cut or particle shredders.

Custom Screensaver On The Non-touch Kindle 4

January 5, 2012 by 98 Comments

[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.

Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.

After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980’s.

Continue reading “Custom Screensaver On The Non-touch Kindle 4”

A Chink In The Armor Of WPA/WPA2 WiFi Security

December 29, 2011 by 59 Comments

Looks like your WiFi might not be quite as secure as you thought it was. A paper recently published by [Stefan Viehböck] details a security flaw in the supposedly robust WPA/WPA2 WiFi security protocol. It’s not actually that protocol which is the culprit, but an in-built feature called Wi-Fi Protected Setup. This is an additional security protocol that allows you to easily setup network devices like printers without the need to give them the WPA passphrase. [Stephan’s] proof-of-concept allows him to get the WPS pin in 4-10 hours using brute force. Once an attacker has that pin, they can immediately get the WPA passphrase with it. This works even if the passphrase is frequently changed.

Apparently, most WiFi access points not only offer WPS, but have it enabled by default. To further muck up the situation, some hardware settings dashboards offer a disable switch that doesn’t actually do anything!

It looks like [Stephan] wasn’t the only one working on this exploit. [Craig] wrote in to let us know he’s already released software to exploit the hole.

Rooting A Motorola Actv (Android Wristwatch)

December 27, 2011 by 22 Comments

[Chris’] family made the mistake of giving him a hackable Christmas gift. We’d bet they didn’t see much of him for the rest of the day as he set about rooting this Android wristwatch.

This thing has some pretty powerful hardware under the hood. It’s sporting an OMAP3 processor running at 600 MHz along with 256 MB of RAM. [Chris] needed to get his hands on a firmware image in order to look for security holes. He found a way to spoof the update application in order to intercept an upgrade image from the Internet.

He dumped the firmware locations and got to work searching for a way to exploit the device. Details are a bit scarce about want exactly he did, but you can download his modified image, letting you root your own Motorola Actv using the Android Debug Bridge.

We’ve embedded a demo video after the break. The OS is pretty snappy on the tiny device. We’re not sure what will come of this functionality, but we assume [Chris] was really only interested in the challenge of rooting process itself.

Continue reading “Rooting A Motorola Actv (Android Wristwatch)”