Security Hacks

1534 Articles

Knock Lock With Logic Chips

August 30, 2011 by 13 Comments

[Eric] needed a project for his digital logic design class, and decided on a lock that open in response to a specific pattern of knocks. This is a fairly common project that we’ve seen a few builds with ‘knock locks,’ but this one doesn’t use a microcontroller. Instead, it uses individual logic chips.

The lock senses the knocks with a piezo, just like every other build we’ve seen. Unlike the other builds, the knock pattern is then digitized and stored in an EEPROM. [Eric] only used 12 chip for this build, a feat he could accomplish with a few digital tricks, like making an inverter by tying one XOR input high.

We’ve seen a 555-based knock lock before, but getting the timing right with that seems a little maddening. [Eric]’s build seems much more user-friendly, and has the added bonus of being programmed by knocking instead of turning potentiometers. Check out [Eric]’s knock lock after the break.

Continue reading “Knock Lock With Logic Chips”

Project 25 Digital Radios (law Enforcement Grade) Vulnerable To The IM-ME

August 18, 2011 by 73 Comments

Would you believe you can track, and even jam law enforcement radio communications using a pretty pink pager? It turns out the digital radios using the APCO-25 protocol can be jammed using the IM-ME hardware. We’ve seen this ‘toy’ so many times… yet it keeps on surprising us. Or rather, [Travis Goodspeed’s] ability to do amazing stuff with the hardware is what makes us perk up.

Details about this were presented in a paper at the USENIX conference a few weeks ago. Join us after the break where we’ve embedded the thirty-minute talk. There’s a lot of interesting stuff in there. The IM-ME can be used to decode the metadata that starts each radio communication. That means you can track who is talking to whom. But for us the most interesting part was starting at about 15:30 when the presenter, [Matt Blaze], talked about directed jamming that can be used to alter law enforcement behavior. A jammer can be set to only jam encrypted communications. This may prompt an officer to switch off encryption, allowing the attackers to listen in on everything being said to or from that radio.

Continue reading “Project 25 Digital Radios (law Enforcement Grade) Vulnerable To The IM-ME”

Gyroscope-based Smartphone Keylogging Attack

August 18, 2011 by 31 Comments

smartphone_keylogging_with_gyroscopes

A pair of security researchers have recently unveiled an interesting new keylogging method (PDF Research Paper) that makes use of a very unlikely smartphone component, your gyroscope.

Most smart phones now come equipped with gyroscopes, which can be accessed by any application at any time. [Hao Chen and Lian Cai] were able to use an Android phone’s orientation data to pin down what buttons were being pressed by the user. The attack is not perfect, as the researchers were only able to discern the correct keypress about 72% of the time, but it certainly is a good start.

This side channel attack works because it turns out that each button on a smart phone has a unique “signature”, in that the phone will consistently be tilted in a certain way with each keypress. The pair does admit that the software becomes far less accurate when working with a full qwerty keyboard due to button proximity, but a 10 digit pad and keypads found on tablets can be sniffed with relatively good results.

We don’t think this is anything you should really be worried about, but it’s an interesting attack nonetheless.

[Thanks, der_picknicker]

PS2 To USB Keyboard Converter Also Logs Your Keystrokes

August 16, 2011 by 15 Comments

[Shawn McCombs] is up to no good with his first Teensy project. The board you see above takes the input from a PS2 keyboard and converts it to a USB connection. Oh, and did we mention that it also keeps track of everything you type as well?

From the beginning the project was intended to be a keylogger. It’s a man-in-the-middle device that could be hidden inside the case of a keyboard, making it appear to be a stock USB keyboard. Data is stored to an SD card so an attacker would need to gain access to the hardware after the data he’s targeting has been typed.

It works mostly as [Shawn] expected. He is, however, having trouble handling the CTRL, ALT, Windows, and Caps Lock keys. If this were actually being used maliciously it would be a dead giveaway. Many secure Windows machine require a CRTL-ALT-DELETE keystroke to access the login screen.

Hacking QR Codes For Fun And Profit

August 9, 2011 by 45 Comments

QR codes are everywhere these days, from being printed onto receipts to chiseled into granite tombstones. [Will] came up with a way to modify existing QR codes, and his hack has the potential to cause quite a bit of harmless mischief.

[Will]’s hack involves a little photo editing, transparency film, and some white-out/Liquid Paper/Tippex. After the ‘target’ and ‘destination’ QR codes have been imported into Gimp, the differences are found and the result printed out on a transparency sheet. After that,  hang the transparency over the original and the QR code now goes to the URL of your choice.

Continue reading “Hacking QR Codes For Fun And Profit”

Home Automation Systems Easily Hacked Via The Power Grid

August 8, 2011 by 40 Comments

x10_home_automation_hacked

As home automation becomes more and more popular, hackers and security experts alike are turning their attention to these systems, to see just how (in)secure they are.

This week at DefCon, a pair of researchers demonstrated just how vulnerable home automation systems can be. Carrying out their research independently, [Kennedy] and [Rob Simon] came to the same conclusion – that manufacturers of this immature technology have barely spent any time or resources properly securing their wares.

The researchers built tools that focus on the X10 line of home automation products, but they also looked at ZWave, another commonly used protocol for home automation communications. They found that ZWare-based devices encrypted their conversations, but that the initial key exchange was done in the open, allowing any interested 3rd party to intercept the keys and decrypt the communications.

While you might initially assume that attacks are limited to the power lines within a single house, [Kennedy] says that the signals leak well beyond the confines of your home, and that he was able to intercept communications from 15 distinct systems in his neighborhood without leaving his house.

WASP UAV Gets Some New Toys, Now Intercepts Your Phone Calls Too

August 1, 2011 by 34 Comments

wasp_drone

If you had the pleasure of attending last year’s DEFCON conference, you are no doubt familiar with [Mike Tassey] and [Richard Perkins]. There, the pair showed off a work in progress DIY aerial drone named WASP. Short for Wireless Aerial Surveillance Platform, WASP was impressive when we brought it to your attention last year, but the duo has spent some time completing their project, adding a few extra features in the process.

The drone still packs the same pico-ITX computer which now runs Backtrack5, and utilizes a 340 million word dictionary for cracking WiFi networks (pardon the pun) on the fly. While updated pen testing tools are well and good, the most impressive update is that the drone can now act as a standalone GSM tower. This allows the pair to trick nearby phones into routing calls through WASP before being relayed to their carrier’s network.

Once WASP is launched, the plane flies autonomously along a preset route, sniffing, hacking, cracking and gathering data until [Tassey and Perkins] summon it back to Earth. The drone is as impressive as it is scary, and we can’t wait to hear what the pair has to say about it this time around.

Continue reading to watch a video demo of WASP taking to the skies and doing its thing.

[via PopSci]

[Thanks, DainBramage1991]

Continue reading “WASP UAV Gets Some New Toys, Now Intercepts Your Phone Calls Too”