Security Hacks

1527 Articles

Power Pwn’s Price Tag Is As Dangerous As It’s Black-hat Uses

July 22, 2012 by 45 Comments

This rather normal-looking power strip hides a secret inside. It’s called the Power Pwn, and it conceals hardware which facilitates remote penetration testing of a network. It really is the ultimate in drop hardware as you can quickly swap it with existing power strip. Who’s going to question it?

It’s got almost all the bells and whistles. There’s dual Ethernet ports, Bluetooth with 1000′ range, and WiFi with a high gain antenna. The SoC inside comes with Debian 6 and all the exploit tools you might want pre-loaded. There’s even a 3G adapter, but it’s external and not pictured above. The thing is, for a pre-order price-tag of  $1,295 we think that 3G should have been internalized and come with a lifetime unlimited data plan! That could be a bit overboard… our heads are still spinning from the sticker shock.

This isn’t the first time we’ve seen hardware from this company. Their Pwn Plug was used in this project. We just didn’t catch the $595 price tag for that device until now.

[via Reddit via Zdnet]

Time-based One-Time Passwords With An Arduino

July 11, 2012 by 13 Comments

Get your feet wet with Time-based One-Time Password (TOTP) security by building your own Arduino OATH system. OATH is an open standard authentication system that provides a platform to generate tokens, making your login more secure than a password alone would.

The TOTP approach is what is used with many companies that issue hardware-based dongles for logging in remotely. This security may have been compromised but it’s still better than passwords alone. Plus, if you’re building it around an Arduino we’d bet you’re just trying to learn and not actually responsible for protecting industrial or state secrets.

The hardware setup requires nothing more than the Arduino board with one button and a screen as a user interface. Since the board has a crystal oscillator it keeps fairly accurate time (as long as it remains powered). It will push out a new token every thirty seconds. The video after the break shows that the Arduino-calculated value does indeed match what the test box is displaying.

Continue reading “Time-based One-Time Passwords With An Arduino”

Software-Defined Radio Remotely Using A Linux Wall wart

July 9, 2012 by 18 Comments

Here’s a interesting idea; if the hardware seen above is dropped at a location, you can monitor radio signals remotely via the Internet. [MS3FGX] has been toying with the idea for a little while now. He wanted to use a DVB dongle with a portable Linux solution to offer Software-Defined Radio (SDR) capability without the need to actually be there.

The white box is a PWN Plug, a branded version of the SheevaPlug. The black dongle that plugs into it is a DVB tuner dongle. It’s meant to receive television signals over the radio, but recently the hardware has been used as a simple way to implement SDR. Combine the two (along with the antenna), stir in a network connection, and you’ve got a remote listening post. What can you listen to? Just about anything that’s within the dongle’s bandwidth range. [MS3FGX] mentions walkie-talkie traffic and pager signals, to name just two.

He even wrote an installation script that gets you up and running in no time.

Keyless BMW Cars Prove To Be Very Easy To Steal

July 7, 2012 by 84 Comments

A lot of higher end cars are now coming out with RF fobs that unlock and start the car. There is no longer a physical key that is inserted in the ignition. It turns out that for BMW this means stealing the cars is extremely easy for a sophisticated criminal. We always liked the idea of metal keys that ALSO had a chip in them. The two-tiered security system makes sense to us, and would have prevent (or at least slowed down) the recent  rash of BMW thefts that are going on in the UK.

So here’s the deal. A device like the one seen above can be attached to the On-Board Diagnostic (ODB) port of the vehicle. It can then be used to program a new keyfob. This of course is a necessary feature to replace a lost or broken device, but it seems the criminals have figured out how to do it themselves. Now the only hard part is getting inside the car without setting off the alarm. According to this article there are ultrasonic sensors inside which are designed to detect intrusion and immobilize the vehicle. But that’s somehow being circumvented.

You can check out a keyfob programming demo, as well as actual theft footage, after the break.

Continue reading “Keyless BMW Cars Prove To Be Very Easy To Steal”

Building A Moat For Your Hackerspace; Alligators, Piranhas Not Included

July 4, 2012 by 11 Comments

There has to be something tainting the water supply over at the Louisville Hackerspace LVL1. They’re building a freaking moat in front of their building, ostensibly to keep the black knight and zombies at bay.

After digging a 14-foot deep trench in front of their building – a hazard mitigated by a few steel plates and orange cones generously donated by the Louisville city workers – the members of LVL1 started moving pipes around in preparation for their moat.

Officially, the Louisville city council thinks this project will be a fountain and reflecting pool. City hall seems very friendly; the Louisville chamber of commerce asked about including LVL1 in next year’s Derby tour.

The barely-zombie proof moat build is the latest in a series of builds to improve the security of LVL1. Previous builds included a robotic overlord guarding the building and a robotic arm to cajole members into doing its bidding. Like we said, there’s probably something in the water supply.

Penetration Testing With The Raspberry Pi

June 28, 2012 by 28 Comments

PwnPi is a penetration testing distribution rolled up for the Raspberry Pi platform. This should come as no surprise to anyone. The RPi board has a beefy processor, it’s relatively low power, has the option of the on-board NIC or a USB WiFi dongle, and it already has Linux kernel and desktop sources available to start from.

Now we will admit we’re a bit disappointed from this tip. Don’t get us wrong, the distro looks like it’s well done, and we’re sure there are a lot of folks out there who will be happy to have these tools to help test their network security. But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet (SheevaPlug style), or a battery-powered module that can be plugged into an Ethernet port and hidden away.

Now you know what we want, don’t forget to send in a link once you pull it off.

[Thanks Scott]

Encrypted Drive Attack Hints At Original Xbox Hacking

June 27, 2012 by 10 Comments

[Thice] discovered a vulnerability in encrypted portable storage a few years ago. He’s just pointing about the exploit now. He mentions that he notified manufacturers long ago and we’d guess the wait to publish is to give them a chance to patch the exploit.

He calls it the Plug-Over Attack and for those who were involved with original Xbox hacking, this technique will sound very familiar. The Xbox used hard drive keys to lock the device when not in use. When you booted up the console it checked the hardware signature to make sure it was talking to the right motherboard. But if you booted up the device, then swapped the IDE cable over to a computer without cutting the power you could access the drive without having the password.

This attack is pretty much the same thing. Plug in a drive, unlock it on the victim system the normal way, then replug into the attacking system. In the image above you can see that a USB hub will work for this, but you can also use a hacked USB cable that patches a second jack into the power rail. For some reason the encryption system isn’t able to lock itself when the USB enumerates on the new system, only when power is cycled. Some of them have a timer which watches for drive idle but that still doesn’t protect from this exploit.