Long-range Bluetooth Wardriving Rig

April 15, 2011 by Mike Nathan 56 Comments

bluetooth_wardriving

[Kyle] was digging through a box of junk he had lying around when he came across an old USB Bluetooth dongle. He stopped using it ages ago because he was unsatisfied with the limited range of Bluetooth communications.

He was going to toss it back into the box when an idea struck him – he had always been a fan of WiFi wardriving, why not try doing the same thing with Bluetooth? Obviously the range issue comes into play yet again, so he started searching around for ways to boost his Bluetooth receiver’s range.

He dismantled the dongle and found that the internal antenna was a simple metal strip. He didn’t think there would be any harm in trying to extend the antenna, so he soldered an alligator clip to the wire and connected the CB antenna in his truck. His laptop sprung to life instantly, picking up his phone located about 100 feet away in his house. He took the show on the road and was able to pick up 27 different phones set in discoverable mode while sitting in the parking lot of a fast food chain.

While it does work, we’re pretty sure that the CB antenna isn’t the most ideal extension of the Bluetooth radio. We would love to see what kind of range he would get with a properly tuned antenna.

Keep reading to see a quick demonstration of his improvised long-range Bluetooth antenna.

Continue reading “Long-range Bluetooth Wardriving Rig” →

RSA SecurID Two-factor Authentication Comprimised

April 13, 2011 by Mike Szczys 34 Comments

SecurID is a two-factor hardware-based authentication system. It requires you to enter the number displayed on a hardware fob like the one seen above, along with the rest of your login information. It’s regarded to be a very secure method of protecting information when users are logging into a company’s secure system remotely. But as with everything else, there’s always a way to break the security. It sounds like last month someone hacked into the servers of the company that makes SecurID.

You’ll need to read between the lines of that letter from RSA (the security division of EMC) Executive Chairman [Art Coviello]. He admits that someone was poking around in their system and that they got their hands on information that relates to the SecurID system. He goes on to say that the information that the attackers grabbed doesn’t facilitate direct attacks on RSA’s customers.

We’d guess that the attackers may have what they need to brute-force a SecurID system, although perhaps they have now way to match which system belongs to which customer. What’s you’re take on the matter? Lets us know by leaving a comment.

[via Engadget]

Do Your Projects Violate International Traffic In Arms Regulations?

April 12, 2011 by Mike Szczys 57 Comments

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

Light-sensing Circuit For Power Saving Applications

April 8, 2011 by Mike Nathan 6 Comments

light_sensing_circuit

Instructables user [MacDynamo] was thinking about home security systems and wondered how much electricity is being wasted while such systems are powered on, but not activated. He pondered it awhile, then designed a circuit that could be used to turn a security system on or off depending on the time of day, but without using any sort of clock.

His system relies on a 555 timer configured as a Schmitt trigger, with a photoresistor wired to the reset pin. When the ambient light levels drop far enough, the resistance on the reset pin increases, and the 555 timer breaks out of its reset loop. This causes the circuit to power on whatever is connected to it. When the sun rises, the resistance on the reset pin drops and the 555 timer continually resets until it gets dark again. He notes that this behavior can be easily reversed if you were to put the photoresistor on the trigger pin rather than the reset pin.

We like the idea, though we are a bit wary about using this for any sort of real security system. An errant insect or debris could cause the system to be turned on, and we’d feel pretty foolish if someone disabled our alarm with a flashlight. That said, this sort of circuit still has plenty of practical, power-saving applications outside the realm of home security.

Body Heat Sensing PC Security System

April 8, 2011 by Mike Nathan 25 Comments

lockifnothot

[Didier Stevens] wrote in to tell us about a little piece of PC security software he put together recently. His application, LockIfNotHot, works in conjunction with your PC as well as an IR temperature sensor in order to lock your computer the moment you step away.

The theory behind the system is pretty simple. Basically, the IR temp sensor monitors when you are at your desk, sensing your presence by the heat your body gives off. As soon as you step away however, it locks the computer since the temperature of the surrounding area immediately drops. It’s pretty simple, but as you can see in the video below, it works quite well.

The software has configurable set points and timeout values, which make it flexible enough to adapt to your specific situation. He happens to use an off-the-shelf IR sensor, but we assume any USB temperature module will do the trick. If you happen to work with sensitive information but often forget to lock your workstation, this is the program for you!

Continue reading to see a quick demonstration of his software in action.

Continue reading “Body Heat Sensing PC Security System” →

Thinkpad Dock-Picking

April 4, 2011 by Caleb Kraft 15 Comments

Hackers at the “RaumZeitLabor” hackerspace in Mannheim Germany have noticed that the locking mechanism on the thinkpad mini dock is extremely easy to circumvent. Sold as an additional layer of security, the mechanism itself is not really secured in any way. The button that actuates it is locked by a key, but the latch isn’t secured and can be accessed via a vent on the side. They are using a lockpicking tool in the video, but they say that even a long paperclip would suffice.

We know that no security device is perfect, and if someone really really wants it, they’ll take it, but this seems a bit too easy. Maybe the next version will have a little plastic wall protecting the latch from being actuated manually. Hopefully if security is your main concern you are using something a little more robust that a dock-lock.

[via the RaumZeitLabor hackerspace (google translated)]

Continue reading “Thinkpad Dock-Picking” →

Hardware-based Security Keypad Keeps It Simple

March 19, 2011 by Mike Nathan 5 Comments

hardware_keypad_lock

Instructables user [trumpkin] recently built an all-hardware based keypad lock for a contest he was entering, and we thought it was pretty neat. The lock uses mostly NAND gates and 555 timers to get the job done, which makes it a nice alternative to similar software-based projects we have seen in the past.

The lock has 6 keys on the keypad, which is connected to the main logic board. The keycode is set using a series of headers at the bottom of the board, and you get 10 chances to enter the proper code before the board locks up completely. If this occurs, a “manual” reset via a button built into the main board is required before any more attempts can be made.

As you can see in the video below, the lock works quite well, but suffers from one shortcoming. Any permutation of the key code can be used to deactivate the lock, which is something [trumpkin] says he would like to improve in the future.

If you are looking for some more security-related reading, be sure to check out these other hacks we have featured in the past.

Continue reading “Hardware-based Security Keypad Keeps It Simple” →