Security Hacks

1538 Articles

Home Security Anyone Can Build And Install

August 2, 2012 by 9 Comments

We’ve been seeing quite a few home security hacks around here lately and we think they’re a lot of fun. This is one that we missed a few weeks ago. [Sharpk] used his existing home security system as inspiration for a completely DIY security system. Above you can see the tiny models he used to help visualize how the system would be installed.

The board at the center is a JeeNode, a development board that pairs an ATmega328 with a wireless module. There are three magnetic door sensors which you can easily find at the home, hardware, or electronics store around the corner. They’re basically a reed switch and a magnet; one mounts on the door, the other on the jamb. There is also a panic button and a PIR motion sensor. [Sharpk] has even been working on a UI for the system. He crafted a 3D model of his home’s floor plan in SketchUp and uses it to indicate which part of the system has been triggered.

Now he just needs to add a keypad for arming and disarming the system.

Getting Connected With Your Home Security System

July 30, 2012 by 24 Comments

This simple device, paired with some creating code will let you become your own home security monitoring service. It’s called the PhantomLink and [Adam] started the project as a commercial venture. He recently decided to go open source with the hardware and will soon be posting a guide on how to program your own web interface too.

We just looked in on a project which takes control of a security panel using an Arduino. The PhantomLink is focused on not just reusing the input hardware, but monitoring the whole system. It sounds like several different protocols are supported.

The DB9 jack is intended for use with an adapter you can wire yourself. Basically just tap into the terminal block on the alarm controller for your house, then route those connections to the proper pins. A PIC 12F683 monitors the alarm system, pushing data via the WiFi module mounted on the board. With that web connection you can do anything you want by catching and formatting the data.

Bending A Home Security Control Panel To Your Will

July 27, 2012 by 35 Comments

Does your home have a security system but you don’t subscribe to the monitoring service to make it work? Rip that baby off of the wall and do something with it, or just build your own system around it. If you have a DSC PC1500RK control panel [CaitSith2] shows us how easy it is to control the buttons, LEDs, and buzzer. If you’ve got a different model this is still a good jumping off point to start your own reverse engineering.

There are only four connections that need to be made. [CaitSith2] is using an Arduino for the demonstration. He connected the red wire to voltage, the black wire to ground, the yellow wire (clock) to digital pin 3 and the green wire (data) to digital pin 2. A communication cycle starts by setting the data line high, then clocking out eight bits to capture keypresses. 16-bits are then clocked in to set the LEDs and drive the buzzer. This is shown in the video after the break as well as documented in his sample code. We’ve embedded the sketch after the break to preserve it in case the pastebin code goes missing in the future.

Continue reading “Bending A Home Security Control Panel To Your Will”

Arduino, Resistor, And Barrel Plug Lay Waste To Millions Of Hotel Locks

July 25, 2012 by 63 Comments

The security flaws on this common hotel keycard lock are nothing short of face-palmingly stupid. Look closely at the picture above. This is a hotel room door swinging open. The device he holds in his hand is an Arduino connected to the OUTSIDE portion of the door lock. It takes approximately 200 milliseconds from the time an attacker plugs the device in, until the door can be opened. Yes, in less than 1/4 of one second an Arduino can open any of the millions of these locks in service.

The exploit in Onity programmable keycard locks was revealed by [Cody Brocious] at the Blackhat conference. Apparently the DC barrel jack on the outside of the lock serves as a one-wire protocol interface. Once communications are established a 32-bit sitecode can be read from any of the locks and immediately used to open the door. There is no authentication or encryption used to obfuscate this kind of attack. To make matters worse, you can even read out master key and skeleton key codes. These codes facilitate ‘magic’ keys used to open a variety of different doors through the system.

We’re no strangers to easy hotel beak-ins. But how can a digital lock possibly be sold with this type of vulnerability present? Really!?

Here’s the white paper on the exploit as well as the slides from his talk (PDF).

[via Reddit]

Power Pwn’s Price Tag Is As Dangerous As It’s Black-hat Uses

July 22, 2012 by 45 Comments

This rather normal-looking power strip hides a secret inside. It’s called the Power Pwn, and it conceals hardware which facilitates remote penetration testing of a network. It really is the ultimate in drop hardware as you can quickly swap it with existing power strip. Who’s going to question it?

It’s got almost all the bells and whistles. There’s dual Ethernet ports, Bluetooth with 1000′ range, and WiFi with a high gain antenna. The SoC inside comes with Debian 6 and all the exploit tools you might want pre-loaded. There’s even a 3G adapter, but it’s external and not pictured above. The thing is, for a pre-order price-tag of  $1,295 we think that 3G should have been internalized and come with a lifetime unlimited data plan! That could be a bit overboard… our heads are still spinning from the sticker shock.

This isn’t the first time we’ve seen hardware from this company. Their Pwn Plug was used in this project. We just didn’t catch the $595 price tag for that device until now.

[via Reddit via Zdnet]

Time-based One-Time Passwords With An Arduino

July 11, 2012 by 13 Comments

Get your feet wet with Time-based One-Time Password (TOTP) security by building your own Arduino OATH system. OATH is an open standard authentication system that provides a platform to generate tokens, making your login more secure than a password alone would.

The TOTP approach is what is used with many companies that issue hardware-based dongles for logging in remotely. This security may have been compromised but it’s still better than passwords alone. Plus, if you’re building it around an Arduino we’d bet you’re just trying to learn and not actually responsible for protecting industrial or state secrets.

The hardware setup requires nothing more than the Arduino board with one button and a screen as a user interface. Since the board has a crystal oscillator it keeps fairly accurate time (as long as it remains powered). It will push out a new token every thirty seconds. The video after the break shows that the Arduino-calculated value does indeed match what the test box is displaying.

Continue reading “Time-based One-Time Passwords With An Arduino”

Software-Defined Radio Remotely Using A Linux Wall wart

July 9, 2012 by 18 Comments

Here’s a interesting idea; if the hardware seen above is dropped at a location, you can monitor radio signals remotely via the Internet. [MS3FGX] has been toying with the idea for a little while now. He wanted to use a DVB dongle with a portable Linux solution to offer Software-Defined Radio (SDR) capability without the need to actually be there.

The white box is a PWN Plug, a branded version of the SheevaPlug. The black dongle that plugs into it is a DVB tuner dongle. It’s meant to receive television signals over the radio, but recently the hardware has been used as a simple way to implement SDR. Combine the two (along with the antenna), stir in a network connection, and you’ve got a remote listening post. What can you listen to? Just about anything that’s within the dongle’s bandwidth range. [MS3FGX] mentions walkie-talkie traffic and pager signals, to name just two.

He even wrote an installation script that gets you up and running in no time.