Easily Movable RFID Door Lock Is Great For Dorm Rooms

September 19, 2011 by Mike Nathan 15 Comments

One of the first things that [Eric] hacked together when he got to college was an RFID door locking system. He found that he was often in a rush to get in and out of his dorm room, and that using a simple wireless key was a great way to streamline his days.

Over the years, he has refined his design, and while his original prototype was functional, it was a bit rough around the edges. In the video posted on his site, he thoroughly explains how his system was built, and shows off the revisions he has made over time. One key consideration when building this system was the fact that the installation had to be non-permanent. Since schools typically frown on physically altering your rooms, he found a non-intrusive means to mount his system in the way of zip ties and foam board.

His RFID door lock looks to work quite nicely, and we especially like the inclusion of the reed switch to ensure that the system knows if the door has been opened or not. If you have about half an hour to spare and are interested in building an RFID entry system of your own, be sure to check out [Eric’s] video below for all the details.

Continue reading “Easily Movable RFID Door Lock Is Great For Dorm Rooms” →

Security System Gives You A Call When It Senses Intruders

September 8, 2011 by Mike Nathan 13 Comments

gsm_motion_detector_alarm_system

[Dimitris] decided to build a homemade alarm system, but instead of triggering a siren, sending an SMS message, or Tweeting about an intrusion, he preferred that his system call him when there was trouble afoot. He says that he preferred a call over text messaging because there are no charges associated with the call if the recipient does not pick up the line, which is not the case with SMS.

The system is based around an off the shelf motion detector that was hacked to work with an old mobile phone. The motion detector originally triggered a siren, but he stripped out the speaker and wired it to a bare bones Arduino board he constructed. The Arduino was in turn connected to the serial port of an unused Ericssson T10s mobile phone. This allows the Arduino to call his mobile phone whenever the motion detector senses movement.

The system looks to be quite useful, and while [Dimitris] didn’t include all of the code he used, he says others should be able to replicate his work without too much trouble.

Intel’s New Way Of Creating Randomness From Digital Orderliness

September 2, 2011 by Mike Szczys 43 Comments

Random number generation is a frequent topic of discussion in projects that involve encryption and security. Intel has just announced a new feature coming to many of their processors that affect random number generation.

The random number generator, which they call Bull Mountain, marks a departure from Intel’s traditional method of generating random number seeds from analog hardware. Bull Mountain relies on all-digital hardware, pitting two inverters against each other and letting thermal noise tip the hand in one direction or the other. The system is monitored at several steps along the way, tuning the hardware to ensure that the random digits are not falling more frequently in one direction or the other. Pairs of 256-bit sequences are then run through a mathematical process to further offset the chance of predictability, before they are then used as a pseudorandom number seed. Why go though all of this? Transitioning to an all-digital process makes it easier and cheaper to reduce the size of microchips.

A new instruction has been added to access this hardware module: RdRand. If it works as promised, this should remove the need for elaborate external hardware as a random number source.

[via Reddit]

Knock Lock With Logic Chips

August 30, 2011 by Brian Benchoff 13 Comments

[Eric] needed a project for his digital logic design class, and decided on a lock that open in response to a specific pattern of knocks. This is a fairly common project that we’ve seen a few builds with ‘knock locks,’ but this one doesn’t use a microcontroller. Instead, it uses individual logic chips.

The lock senses the knocks with a piezo, just like every other build we’ve seen. Unlike the other builds, the knock pattern is then digitized and stored in an EEPROM. [Eric] only used 12 chip for this build, a feat he could accomplish with a few digital tricks, like making an inverter by tying one XOR input high.

We’ve seen a 555-based knock lock before, but getting the timing right with that seems a little maddening. [Eric]’s build seems much more user-friendly, and has the added bonus of being programmed by knocking instead of turning potentiometers. Check out [Eric]’s knock lock after the break.

Continue reading “Knock Lock With Logic Chips” →

Project 25 Digital Radios (law Enforcement Grade) Vulnerable To The IM-ME

August 18, 2011 by Mike Szczys 73 Comments

Would you believe you can track, and even jam law enforcement radio communications using a pretty pink pager? It turns out the digital radios using the APCO-25 protocol can be jammed using the IM-ME hardware. We’ve seen this ‘toy’ so many times… yet it keeps on surprising us. Or rather, [Travis Goodspeed’s] ability to do amazing stuff with the hardware is what makes us perk up.

Details about this were presented in a paper at the USENIX conference a few weeks ago. Join us after the break where we’ve embedded the thirty-minute talk. There’s a lot of interesting stuff in there. The IM-ME can be used to decode the metadata that starts each radio communication. That means you can track who is talking to whom. But for us the most interesting part was starting at about 15:30 when the presenter, [Matt Blaze], talked about directed jamming that can be used to alter law enforcement behavior. A jammer can be set to only jam encrypted communications. This may prompt an officer to switch off encryption, allowing the attackers to listen in on everything being said to or from that radio.

Continue reading “Project 25 Digital Radios (law Enforcement Grade) Vulnerable To The IM-ME” →

Gyroscope-based Smartphone Keylogging Attack

August 18, 2011 by Mike Nathan 31 Comments

smartphone_keylogging_with_gyroscopes

A pair of security researchers have recently unveiled an interesting new keylogging method (PDF Research Paper) that makes use of a very unlikely smartphone component, your gyroscope.

Most smart phones now come equipped with gyroscopes, which can be accessed by any application at any time. [Hao Chen and Lian Cai] were able to use an Android phone’s orientation data to pin down what buttons were being pressed by the user. The attack is not perfect, as the researchers were only able to discern the correct keypress about 72% of the time, but it certainly is a good start.

This side channel attack works because it turns out that each button on a smart phone has a unique “signature”, in that the phone will consistently be tilted in a certain way with each keypress. The pair does admit that the software becomes far less accurate when working with a full qwerty keyboard due to button proximity, but a 10 digit pad and keypads found on tablets can be sniffed with relatively good results.

We don’t think this is anything you should really be worried about, but it’s an interesting attack nonetheless.

[Thanks, der_picknicker]

PS2 To USB Keyboard Converter Also Logs Your Keystrokes

August 16, 2011 by Mike Szczys 15 Comments

[Shawn McCombs] is up to no good with his first Teensy project. The board you see above takes the input from a PS2 keyboard and converts it to a USB connection. Oh, and did we mention that it also keeps track of everything you type as well?

From the beginning the project was intended to be a keylogger. It’s a man-in-the-middle device that could be hidden inside the case of a keyboard, making it appear to be a stock USB keyboard. Data is stored to an SD card so an attacker would need to gain access to the hardware after the data he’s targeting has been typed.

It works mostly as [Shawn] expected. He is, however, having trouble handling the CTRL, ALT, Windows, and Caps Lock keys. If this were actually being used maliciously it would be a dead giveaway. Many secure Windows machine require a CRTL-ALT-DELETE keystroke to access the login screen.