Do Your Projects Violate International Traffic In Arms Regulations?

April 12, 2011 by Mike Szczys 57 Comments

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

Light-sensing Circuit For Power Saving Applications

April 8, 2011 by Mike Nathan 6 Comments

light_sensing_circuit

Instructables user [MacDynamo] was thinking about home security systems and wondered how much electricity is being wasted while such systems are powered on, but not activated. He pondered it awhile, then designed a circuit that could be used to turn a security system on or off depending on the time of day, but without using any sort of clock.

His system relies on a 555 timer configured as a Schmitt trigger, with a photoresistor wired to the reset pin. When the ambient light levels drop far enough, the resistance on the reset pin increases, and the 555 timer breaks out of its reset loop. This causes the circuit to power on whatever is connected to it. When the sun rises, the resistance on the reset pin drops and the 555 timer continually resets until it gets dark again. He notes that this behavior can be easily reversed if you were to put the photoresistor on the trigger pin rather than the reset pin.

We like the idea, though we are a bit wary about using this for any sort of real security system. An errant insect or debris could cause the system to be turned on, and we’d feel pretty foolish if someone disabled our alarm with a flashlight. That said, this sort of circuit still has plenty of practical, power-saving applications outside the realm of home security.

Body Heat Sensing PC Security System

April 8, 2011 by Mike Nathan 25 Comments

lockifnothot

[Didier Stevens] wrote in to tell us about a little piece of PC security software he put together recently. His application, LockIfNotHot, works in conjunction with your PC as well as an IR temperature sensor in order to lock your computer the moment you step away.

The theory behind the system is pretty simple. Basically, the IR temp sensor monitors when you are at your desk, sensing your presence by the heat your body gives off. As soon as you step away however, it locks the computer since the temperature of the surrounding area immediately drops. It’s pretty simple, but as you can see in the video below, it works quite well.

The software has configurable set points and timeout values, which make it flexible enough to adapt to your specific situation. He happens to use an off-the-shelf IR sensor, but we assume any USB temperature module will do the trick. If you happen to work with sensitive information but often forget to lock your workstation, this is the program for you!

Continue reading to see a quick demonstration of his software in action.

Continue reading “Body Heat Sensing PC Security System” →

Thinkpad Dock-Picking

April 4, 2011 by Caleb Kraft 15 Comments

Hackers at the “RaumZeitLabor” hackerspace in Mannheim Germany have noticed that the locking mechanism on the thinkpad mini dock is extremely easy to circumvent. Sold as an additional layer of security, the mechanism itself is not really secured in any way. The button that actuates it is locked by a key, but the latch isn’t secured and can be accessed via a vent on the side. They are using a lockpicking tool in the video, but they say that even a long paperclip would suffice.

We know that no security device is perfect, and if someone really really wants it, they’ll take it, but this seems a bit too easy. Maybe the next version will have a little plastic wall protecting the latch from being actuated manually. Hopefully if security is your main concern you are using something a little more robust that a dock-lock.

[via the RaumZeitLabor hackerspace (google translated)]

Continue reading “Thinkpad Dock-Picking” →

Hardware-based Security Keypad Keeps It Simple

March 19, 2011 by Mike Nathan 5 Comments

hardware_keypad_lock

Instructables user [trumpkin] recently built an all-hardware based keypad lock for a contest he was entering, and we thought it was pretty neat. The lock uses mostly NAND gates and 555 timers to get the job done, which makes it a nice alternative to similar software-based projects we have seen in the past.

The lock has 6 keys on the keypad, which is connected to the main logic board. The keycode is set using a series of headers at the bottom of the board, and you get 10 chances to enter the proper code before the board locks up completely. If this occurs, a “manual” reset via a button built into the main board is required before any more attempts can be made.

As you can see in the video below, the lock works quite well, but suffers from one shortcoming. Any permutation of the key code can be used to deactivate the lock, which is something [trumpkin] says he would like to improve in the future.

If you are looking for some more security-related reading, be sure to check out these other hacks we have featured in the past.

Continue reading “Hardware-based Security Keypad Keeps It Simple” →

Researchers Discover That Cars Can Be Hacked With Music

March 17, 2011 by Mike Nathan 32 Comments

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

Passcode Protected Laser Tripwire Alarm System

March 11, 2011 by Mike Nathan 13 Comments

laser_tripwire

Sometimes security doesn’t need to be overly complex to be effective. Instructables user [1234itouch] recently built a simple laser tripwire alarm that can be mounted virtually anywhere, complete with a keypad for disarming the device.

He mounted a photo cell in a project box, along with an Arduino and a 12-button key pad. A laser pointer is aimed at the photo cell from across a gap, which results in a steady voltage being read by the Arduino. When the laser beam is broken, a drop in voltage is detected, and the alarm sounds until you enter the proper pre-configured passcode. Entering the passcode triggers a 15 second grace period during which the the alarm cannot be tripped again.

It might not be built with triple-thick steel doors and thermo-sensors, but it’s a simple device for simple needs. In its current form it could be pretty useful, and with a little reworking, there are a wide range of things it could be used for.

Continue reading to see a demo video of the tripwire alarm, and be sure to check out these other tripwire-based security systems.

Continue reading “Passcode Protected Laser Tripwire Alarm System” →