Security Hacks

1523 Articles

High Voltage Rig Wipes CDs Clean

April 19, 2011 by 28 Comments

hv_cd_destruction

Here at Hackaday, we’re not against showing videos of gratuitous destruction just for the sake of it, though we try not to make it a habit. In this case we just couldn’t help ourselves. However, this video technically constitutes a security hack, as it does involve erasing sensitive information from CDs…

…with awesome!

This may be the coolest CD eraser we’ve seen yet. Positioned between two high-voltage transformers, the spinning CD has its data violently stripped off in just a matter of seconds. To be fair, the data isn’t erased per se, but the metallic substrate on which the data is recorded is flaked off by the aggressive application of electricity.

Having destroyed our fair share of AOL CDs in the microwave over the years, we are now a bit sad over the fact that they were disposed of in such a lackluster fashion – if only we had one of these around!

Since we’re on the topic of mindless destruction, you might as well take a few minutes and check out this thermite-roasted Thanksgiving turkey, this self-destructing hard drive, or perhaps this thermic lance built from spaghetti.

You know, for science.

Continue reading “High Voltage Rig Wipes CDs Clean”

Laser Tripwire Alarm System Uses Mirrors To Increase Coverage

April 18, 2011 by 15 Comments

laser_tripwire_alarm

Instructables user [EngineeringShock] has been hard at work building a laser trip wire security system, complete with a combination lock. The security system works just like you see in the movies, employing an array of mirrors to bounce the laser across an opening several times in order to secure the space.

A PIC18F1220 micro controller sits at the center of the alarm and handles the majority of its functions. It takes input from the laser detection circuit, triggers the buzzer, as well as arms and disarms the entire alarm system. An LS7222 digital lock handles the passcode verification side of things, taking input from a 16-button matrix keypad, and telling the PIC when the proper code has been entered.

As you can see in the video below, the alarm system works and the buzzer is quite loud. There is one small problem however – the alarm only arms itself after the proper code has been entered and the lights have been turned off. The light sensing circuit he uses is too sensitive and can only operate in darkness, though he discusses the ability to add a more accurate sensing solution.

If you are interested in reading more about laser tripwire security systems, check out this similar passcode-based system, this alarm system built into a toy, and this Arduino-based alarm system.

Continue reading “Laser Tripwire Alarm System Uses Mirrors To Increase Coverage”

Nixie Tube Conference Badge

April 18, 2011 by 13 Comments

troopers11_badge

Maker [Jeffrey Gough] was recently asked to construct a set of badges for the TROOPERS11 IT security conference held in Heidelberg last month. The badges were to reflect the overall theme of this year’s conference – personal progression, education, and striving to become better IT security professionals. To do this, he designed a badge that tracked a conference attendee’s participation in various activities.

The badge sports a center-mounted nixie tube that is used to show the attendee’s score. It is worn around the neck using a Cat-5 cable that acts as a LANyard as well serves as a power switch for the badge. The badge can be plugged in to a special programmer used by conference organizers, which updates the attendee’s score after completing each activity.

[Jeffrey] made sure to add all sorts of extra goodies to the badge, including a capacitive touch button that displays a secret message via the nixie, as well as plenty of hole and SMT pads so that hackers could get their game on.

Overall, the reception of the badge was extremely positive. All of the conference attendees had lots of fun exploiting the badges as well as adding components such as LEDs and speakers.

Continue reading to check out a quick demonstration video [Jeffrey] put together, highlighting the badge’s features.

Continue reading “Nixie Tube Conference Badge”

IP-based Engine Remote Enable Switch

April 17, 2011 by 28 Comments

remote_enable_switch

[Mariano] owns a late 90’s Jeep Wrangler, and had no idea just how easy it was to steal. Unfortunately for him, the guy who made off with his Jeep was well aware of the car’s vulnerabilities. The problem lies in the ignition – it can be broken out with a screwdriver, after which, the car can be started with a single finger. How’s that for security?

[Mariano] decided that he would take matters into his own hands and add a remote-controlled switch to his car in order to encourage the next would-be thief to move on to an easier target. He describes his creation as a “remote kill” switch, though it’s more of a “remote enable” switch, enabling the engine when he wants to start the car rather than killing it on command.

The switch system is made up of two pieces – a server inside the car’s engine bay, and a remote key fob. The server and the fob speak to one another using IPv6 over 802.15.4 (the same standard used by ZigBee modules). Once the server receives a GET request from the key fob, it authenticates the user with a 128-bit AES challenge/response session, allowing the car to be started.

It is not the simplest way of adding a remote-kill switch to a car, but we like it. Unless the next potential car thief digs under the hood for a while, we’re pretty sure [Mariano’s] car will be safe for quite some time.

Webcam Turned Security Cam With Motion Detected Email Notifications

April 17, 2011 by 27 Comments

[Sean] used his old webcam to assemble a closed circuit television feed for his home. He already had a server up and running, so this was just a matter of connecting a camera and setting up the software. He wasn’t satisfied by only having a live feed, so he decided to add a few more features to the system.

He started off by hanging a webcam near the front of his house. He mentions that he’s not sure this will last long exposed to the elements, but we think it’d be dead simple to build an enclosure with a resealable container and a nice piece of acrylic as a windows. But we digress…

The camera connects via USB to the server living in the garage. [Sean’s] setup uses Yawcam to create a live feed that can be access from the Internet. The software also includes motion detection capabilities. Since he wanted to have push notifications when there was action within the camera’s view he also set up Growl alert him via his iOS devices. You can see [Sean] demonstrate his completed CCTV system in the video below the fold.

Continue reading “Webcam Turned Security Cam With Motion Detected Email Notifications”

Long-range Bluetooth Wardriving Rig

April 15, 2011 by 56 Comments

bluetooth_wardriving

[Kyle] was digging through a box of junk he had lying around when he came across an old USB Bluetooth dongle. He stopped using it ages ago because he was unsatisfied with the limited range of Bluetooth communications.

He was going to toss it back into the box when an idea struck him – he had always been a fan of WiFi wardriving, why not try doing the same thing with Bluetooth? Obviously the range issue comes into play yet again, so he started searching around for ways to boost his Bluetooth receiver’s range.

He dismantled the dongle and found that the internal antenna was a simple metal strip. He didn’t think there would be any harm in trying to extend the antenna, so he soldered an alligator clip to the wire and connected the CB antenna in his truck. His laptop sprung to life instantly, picking up his phone located about 100 feet away in his house. He took the show on the road and was able to pick up 27 different phones set in discoverable mode while sitting in the parking lot of a fast food chain.

While it does work, we’re pretty sure that the CB antenna isn’t the most ideal extension of the Bluetooth radio. We would love to see what kind of range he would get with a properly tuned antenna.

Keep reading to see a quick demonstration of his improvised long-range Bluetooth antenna.

Continue reading “Long-range Bluetooth Wardriving Rig”

RSA SecurID Two-factor Authentication Comprimised

April 13, 2011 by 34 Comments


SecurID is a two-factor hardware-based authentication system. It requires you to enter the number displayed on a hardware fob like the one seen above, along with the rest of your login information. It’s regarded to be a very secure method of protecting information when users are logging into a company’s secure system remotely. But as with everything else, there’s always a way to break the security. It sounds like last month someone hacked into the servers of the company that makes SecurID.

You’ll need to read between the lines of that letter from RSA (the security division of EMC) Executive Chairman [Art Coviello]. He admits that someone was poking around in their system and that they got their hands on information that relates to the SecurID system. He goes on to say that the information that the attackers grabbed doesn’t facilitate direct attacks on RSA’s customers.

We’d guess that the attackers may have what they need to brute-force a SecurID system, although perhaps they have now way to match which system belongs to which customer. What’s you’re take on the matter? Lets us know by leaving a comment.

[via Engadget]