Security Hacks

1539 Articles

IPhone Watching Every Breath You Take, Every Move You Make

April 20, 2011 by 89 Comments

iphone_data

Most people tend to enjoy a certain modicum of privacy. Aside from the data we all share willingly on the web in the form of forum posts, Twitter activity, etc., people generally like keeping to themselves.

What would you think then, if you found out your iPhone (or any iDevice with 3G) was tracking and logging your every movement?

That’s exactly what two researchers from the UK are claiming. They state that the phone is constantly logging your location using cell towers, placing the information into a timestamped database. That database is not encrypted, and is copied to your computer each time you sync with iTunes. Additionally, the database is copied back to your new phone should you ever replace your handset.

We understand that many iPhone apps use location awareness to enhance the user experience, and law enforcement officials should be able to pull data from your phone if necessary – we’re totally cool with that. However, when everywhere you have been is secretly logged in plaintext without any sort of notification, we get a bit wary. At the very least, Apple should consider encrypting the file.

While this data is not quite as sensitive as say your Social Security number or bank passwords, it is dangerous in the wrong hands just the same. Even a moderately skilled thief, upon finding or swiping an iPhone, could easily dump the contents and have a robust dataset showing where you live and when you leave – all the makings of a perfect home invasion.

Continue reading to see a fairly long video of the two researchers discussing their findings.

[Image courtesy of Engadget]

Continue reading “IPhone Watching Every Breath You Take, Every Move You Make”

Defcon 19 Call For Workshops

April 20, 2011 by 6 Comments

defcon

The crew at Defcon is hard at work getting things ready for this year’s event, taking place over the first weekend in August. While the typical call for papers has been out for almost two months now, the extra space afforded by the RIO hotel has given the organizers a chance to shake things up a bit and try something new.

Along side the call for papers, they have issued a call for workshops. Since they have about 8 spare rooms on hand, they have decided to allow people who consider themselves a leader, ‘leet hacker, or ninja in their particular field to share their knowledge in a small (30 person) workshop setting.

The organizers are not strict on content, though it should be compelling. They cite examples such as teaching people to build an impenetrable Linux installation, PS3 hacking, or even helping people prep for a Ham radio license exam.

If you have something interesting to share with the community, be sure to swing by the Defcon site and get your application started!

High Voltage Rig Wipes CDs Clean

April 19, 2011 by 28 Comments

hv_cd_destruction

Here at Hackaday, we’re not against showing videos of gratuitous destruction just for the sake of it, though we try not to make it a habit. In this case we just couldn’t help ourselves. However, this video technically constitutes a security hack, as it does involve erasing sensitive information from CDs…

…with awesome!

This may be the coolest CD eraser we’ve seen yet. Positioned between two high-voltage transformers, the spinning CD has its data violently stripped off in just a matter of seconds. To be fair, the data isn’t erased per se, but the metallic substrate on which the data is recorded is flaked off by the aggressive application of electricity.

Having destroyed our fair share of AOL CDs in the microwave over the years, we are now a bit sad over the fact that they were disposed of in such a lackluster fashion – if only we had one of these around!

Since we’re on the topic of mindless destruction, you might as well take a few minutes and check out this thermite-roasted Thanksgiving turkey, this self-destructing hard drive, or perhaps this thermic lance built from spaghetti.

You know, for science.

Continue reading “High Voltage Rig Wipes CDs Clean”

Laser Tripwire Alarm System Uses Mirrors To Increase Coverage

April 18, 2011 by 15 Comments

laser_tripwire_alarm

Instructables user [EngineeringShock] has been hard at work building a laser trip wire security system, complete with a combination lock. The security system works just like you see in the movies, employing an array of mirrors to bounce the laser across an opening several times in order to secure the space.

A PIC18F1220 micro controller sits at the center of the alarm and handles the majority of its functions. It takes input from the laser detection circuit, triggers the buzzer, as well as arms and disarms the entire alarm system. An LS7222 digital lock handles the passcode verification side of things, taking input from a 16-button matrix keypad, and telling the PIC when the proper code has been entered.

As you can see in the video below, the alarm system works and the buzzer is quite loud. There is one small problem however – the alarm only arms itself after the proper code has been entered and the lights have been turned off. The light sensing circuit he uses is too sensitive and can only operate in darkness, though he discusses the ability to add a more accurate sensing solution.

If you are interested in reading more about laser tripwire security systems, check out this similar passcode-based system, this alarm system built into a toy, and this Arduino-based alarm system.

Continue reading “Laser Tripwire Alarm System Uses Mirrors To Increase Coverage”

Nixie Tube Conference Badge

April 18, 2011 by 13 Comments

troopers11_badge

Maker [Jeffrey Gough] was recently asked to construct a set of badges for the TROOPERS11 IT security conference held in Heidelberg last month. The badges were to reflect the overall theme of this year’s conference – personal progression, education, and striving to become better IT security professionals. To do this, he designed a badge that tracked a conference attendee’s participation in various activities.

The badge sports a center-mounted nixie tube that is used to show the attendee’s score. It is worn around the neck using a Cat-5 cable that acts as a LANyard as well serves as a power switch for the badge. The badge can be plugged in to a special programmer used by conference organizers, which updates the attendee’s score after completing each activity.

[Jeffrey] made sure to add all sorts of extra goodies to the badge, including a capacitive touch button that displays a secret message via the nixie, as well as plenty of hole and SMT pads so that hackers could get their game on.

Overall, the reception of the badge was extremely positive. All of the conference attendees had lots of fun exploiting the badges as well as adding components such as LEDs and speakers.

Continue reading to check out a quick demonstration video [Jeffrey] put together, highlighting the badge’s features.

Continue reading “Nixie Tube Conference Badge”

IP-based Engine Remote Enable Switch

April 17, 2011 by 28 Comments

remote_enable_switch

[Mariano] owns a late 90’s Jeep Wrangler, and had no idea just how easy it was to steal. Unfortunately for him, the guy who made off with his Jeep was well aware of the car’s vulnerabilities. The problem lies in the ignition – it can be broken out with a screwdriver, after which, the car can be started with a single finger. How’s that for security?

[Mariano] decided that he would take matters into his own hands and add a remote-controlled switch to his car in order to encourage the next would-be thief to move on to an easier target. He describes his creation as a “remote kill” switch, though it’s more of a “remote enable” switch, enabling the engine when he wants to start the car rather than killing it on command.

The switch system is made up of two pieces – a server inside the car’s engine bay, and a remote key fob. The server and the fob speak to one another using IPv6 over 802.15.4 (the same standard used by ZigBee modules). Once the server receives a GET request from the key fob, it authenticates the user with a 128-bit AES challenge/response session, allowing the car to be started.

It is not the simplest way of adding a remote-kill switch to a car, but we like it. Unless the next potential car thief digs under the hood for a while, we’re pretty sure [Mariano’s] car will be safe for quite some time.

Webcam Turned Security Cam With Motion Detected Email Notifications

April 17, 2011 by 27 Comments

[Sean] used his old webcam to assemble a closed circuit television feed for his home. He already had a server up and running, so this was just a matter of connecting a camera and setting up the software. He wasn’t satisfied by only having a live feed, so he decided to add a few more features to the system.

He started off by hanging a webcam near the front of his house. He mentions that he’s not sure this will last long exposed to the elements, but we think it’d be dead simple to build an enclosure with a resealable container and a nice piece of acrylic as a windows. But we digress…

The camera connects via USB to the server living in the garage. [Sean’s] setup uses Yawcam to create a live feed that can be access from the Internet. The software also includes motion detection capabilities. Since he wanted to have push notifications when there was action within the camera’s view he also set up Growl alert him via his iOS devices. You can see [Sean] demonstrate his completed CCTV system in the video below the fold.

Continue reading “Webcam Turned Security Cam With Motion Detected Email Notifications”