RSA SecurID Breach Leads To Intrusion At Lockheed Martin

May 28, 2011 by Mike Nathan 45 Comments

rsa_securid

It looks like Lockheed Martin is the latest victim in what seems to be an endless string of security breaches. This time however, it does not look like a lack of security measures led to the breach. In fact, it seems that Lockheed’s implementation of a widely-trusted security tool was the attack vector this time around.

Last month we reported on the apparent compromise of RSA’s SecurID product, and while many speculated that this intrusion could lead to subsequent attacks, the firm downplayed the breach. They stated that the stolen data was unlikely to affect their customers, but as usual, the problem appears to be far larger than originally estimated.

The breadth of the intrusion is currently unknown, and with both RSA and Lockheed officials keeping mum, it may be some time before anyone knows how serious it is. When military secrets are in question however, you know it can’t be good!

Extracting Secured Firmware From Freescale Zigbee Radios

May 25, 2011 by Mike Nathan 17 Comments

decapped_MC13224

[Travis Goodspeed] recently tore down the Freescale MC13224 wireless radio chip in an effort to demonstrate how the device’s firmware could be read, even when locked down in “secure” mode. While you might not recognize the Freescale MC13224 radio by name alone, you are certainly familiar with some of its practical applications. Found in the QuahogCon and Ninja Party badges among other consumer goods, the popular Zigbee radio turned out to be a fairly easy conquest.

[Travis] first used acid to decap one of the microcontrollers to see what was going on under the plastic casing. Inside, he discovered a discrete flash memory chip, which he removed and repackaged using a wedge wire bonder. He was easily able to extract the firmware, however decapping and repackaging a flash chip isn’t necessarily the most user-friendly process.

After digging further, he discovered that holding one of the chip’s pins low during boot would allow him to run custom code that recovers the firmware image once the pin is pulled high once again. This far more practical means of firmware recovery can be easily facilitated via a circuit board revision, as [Travis] mentions in his blog.

Send Email, Receive Surveilance Picture

May 20, 2011 by Caleb Kraft 31 Comments

This deathstar like ball is actually an autonomous surveillance camera. [Basil] wrote in to tell us about it. The body is custom designed for the project, then 3d printed. It can be dropped anywhere, as it is battery powered for up to a month, and communicates via cellar networks. It checks an email folder once an hour and responds to any requests with a snapshot of what is going on. In the video, which you can see after the break, he gets an immediate response. You can download the sourcecode as well as the files for the enclosure here.

If you wanted to reduce costs, that case could be done away with, but we suspect it helps with some moderate weather conditioning. We would also love to see a version that rotated around that equator on command for better pictures. Great job [Basil].

Continue reading “Send Email, Receive Surveilance Picture” →

Uber Keyboard Hides Security Tools In Plain Sight

May 18, 2011 by Mike Nathan 38 Comments

uber_keyboard

[EverestX] works in the Security industry and is often required to recover or penetrate various systems for a variety of reasons. He wanted to create an all-in-one tool that he could easily carry from job to job which would provide him with several essential functions. He required that the device house a bootable operating system through which he can perform his work, have an Internet connection capable of injection, and have enough storage capacity to back up passwords, images, etc.

He decided to build the system inside an old IBM M-type keyboard, which provides a solid typing experience and plenty of real estate for his various components. After converting the keyboard from PS/2 to USB, he installed a USB hub along with his flash drive and WiFi card.

Once he gets everything reassembled, it should prove to be a pretty stealthy and useful piece of equipment. A word to the wise – if you happen to see someone sneaking around your office with a 20-year old Type-M keyboard, be wary.

RFID Smart Card Reader

May 17, 2011 by Caleb Kraft 9 Comments

[Navic] wrote in to show us his latest project. This is a portable smart card reader with a nice LCD display. he just happened to have a Basic Stamp 2px, smart card reader, and smart card reader/writer sitting around waiting to be used. What better use than a hand held smart card reader? Tossing the bits together in a nice project enclosure, [Navic] scoured the code available to him and pieced together what he needed. Now, when you slide in a card, you get a nice readout of the data on that pretty blue screen. Unfortunately, if you pull the card before the read is finished, everything just freezes.

You can see the final video after the break, and you can also see some in-progress videos linked in youtube. He asks if he should add the ability to write, and we say YES. Store that data, then write (duplicate) to another device.

Continue reading “RFID Smart Card Reader” →

Cheap And Reliable Portable Face Recognition System

May 16, 2011 by Mike Nathan 16 Comments

faceaccess_portable_facial_recognition

For their senior ECE 4760 project, engineering students [Brian Harding and Cat Jubinski] put together a pretty impressive portable face recognition system called FaceAccess. The system relies on the eigenface method to help distinguish one user from another, a process that the pair carried out using MatLab.

They say that the system only needs to be hooked up to a computer once, during the training period. It is during this period that faces are scanned and processed in MatLab to create the eigenface set, which is then uploaded to the scanner.

Once programmed, the scanner operates independently of the computer, powered by its own ATmega644 micro controller. Users enroll their face by pressing one button on the system, storing their identity as a combination of eigenfaces in the onboard flash chip. Once an individual has been enrolled, a second button can be pressed to gain access to whatever resources the face recognition system is protecting.

The students say that their system is accurate 88% of the time, with zero false positives – that’s pretty impressive considering the system’s portability and cost.

Stick around to see a quick demo video of their FaceAccess system in action.

Continue reading “Cheap And Reliable Portable Face Recognition System” →

Modular Security System Is Portable Too

May 5, 2011 by Mike Nathan 11 Comments

diy_security_system

Hackaday reader [Oneironaut] wrote in to share a modular, portable security system he built for himself.

He likes visiting the Caribbean, but his favorite vacation spot is apparently rife with cat burglars. He enjoys sleeping with the windows open and wanted to find a way to scare off ne’er do wells. At home, there are a few different buildings on the property he owns, and he was looking to keep curious trespassers away.

The alarm system was built using a matrix keypad that interfaces with an ATMega88 micro controller. The micro controller handles all the logic for the system, triggering an attached “pocket alarm” when ever the sensor is tripped. Like most household alarms, it is armed and disarmed via the keypad, giving the user 60 seconds to enter the disarm code if the alarm has been mistakenly tripped. A wide array of trigger methods can be used, from mercury switches to motion detectors, since his alarm uses a simple plug interface that accepts any two-wire sensor.

Now, no one is claiming that this is high security by any means – the alarm addresses a couple of specific scenarios that apply to [Oneironaut], which may also be applicable to others out there. At the end of the day, the alarm is more meant to scare an intruder into fleeing than anything else, and in that respect, it works perfectly.

Continue reading to see a quick video demonstration of his alarm system in action.

Continue reading “Modular Security System Is Portable Too” →