Security Hacks

1541 Articles

IP-based Engine Remote Enable Switch

April 17, 2011 by 28 Comments

remote_enable_switch

[Mariano] owns a late 90’s Jeep Wrangler, and had no idea just how easy it was to steal. Unfortunately for him, the guy who made off with his Jeep was well aware of the car’s vulnerabilities. The problem lies in the ignition – it can be broken out with a screwdriver, after which, the car can be started with a single finger. How’s that for security?

[Mariano] decided that he would take matters into his own hands and add a remote-controlled switch to his car in order to encourage the next would-be thief to move on to an easier target. He describes his creation as a “remote kill” switch, though it’s more of a “remote enable” switch, enabling the engine when he wants to start the car rather than killing it on command.

The switch system is made up of two pieces – a server inside the car’s engine bay, and a remote key fob. The server and the fob speak to one another using IPv6 over 802.15.4 (the same standard used by ZigBee modules). Once the server receives a GET request from the key fob, it authenticates the user with a 128-bit AES challenge/response session, allowing the car to be started.

It is not the simplest way of adding a remote-kill switch to a car, but we like it. Unless the next potential car thief digs under the hood for a while, we’re pretty sure [Mariano’s] car will be safe for quite some time.

Webcam Turned Security Cam With Motion Detected Email Notifications

April 17, 2011 by 27 Comments

[Sean] used his old webcam to assemble a closed circuit television feed for his home. He already had a server up and running, so this was just a matter of connecting a camera and setting up the software. He wasn’t satisfied by only having a live feed, so he decided to add a few more features to the system.

He started off by hanging a webcam near the front of his house. He mentions that he’s not sure this will last long exposed to the elements, but we think it’d be dead simple to build an enclosure with a resealable container and a nice piece of acrylic as a windows. But we digress…

The camera connects via USB to the server living in the garage. [Sean’s] setup uses Yawcam to create a live feed that can be access from the Internet. The software also includes motion detection capabilities. Since he wanted to have push notifications when there was action within the camera’s view he also set up Growl alert him via his iOS devices. You can see [Sean] demonstrate his completed CCTV system in the video below the fold.

Continue reading “Webcam Turned Security Cam With Motion Detected Email Notifications”

Long-range Bluetooth Wardriving Rig

April 15, 2011 by 56 Comments

bluetooth_wardriving

[Kyle] was digging through a box of junk he had lying around when he came across an old USB Bluetooth dongle. He stopped using it ages ago because he was unsatisfied with the limited range of Bluetooth communications.

He was going to toss it back into the box when an idea struck him – he had always been a fan of WiFi wardriving, why not try doing the same thing with Bluetooth? Obviously the range issue comes into play yet again, so he started searching around for ways to boost his Bluetooth receiver’s range.

He dismantled the dongle and found that the internal antenna was a simple metal strip. He didn’t think there would be any harm in trying to extend the antenna, so he soldered an alligator clip to the wire and connected the CB antenna in his truck. His laptop sprung to life instantly, picking up his phone located about 100 feet away in his house. He took the show on the road and was able to pick up 27 different phones set in discoverable mode while sitting in the parking lot of a fast food chain.

While it does work, we’re pretty sure that the CB antenna isn’t the most ideal extension of the Bluetooth radio. We would love to see what kind of range he would get with a properly tuned antenna.

Keep reading to see a quick demonstration of his improvised long-range Bluetooth antenna.

Continue reading “Long-range Bluetooth Wardriving Rig”

RSA SecurID Two-factor Authentication Comprimised

April 13, 2011 by 34 Comments


SecurID is a two-factor hardware-based authentication system. It requires you to enter the number displayed on a hardware fob like the one seen above, along with the rest of your login information. It’s regarded to be a very secure method of protecting information when users are logging into a company’s secure system remotely. But as with everything else, there’s always a way to break the security. It sounds like last month someone hacked into the servers of the company that makes SecurID.

You’ll need to read between the lines of that letter from RSA (the security division of EMC) Executive Chairman [Art Coviello]. He admits that someone was poking around in their system and that they got their hands on information that relates to the SecurID system. He goes on to say that the information that the attackers grabbed doesn’t facilitate direct attacks on RSA’s customers.

We’d guess that the attackers may have what they need to brute-force a SecurID system, although perhaps they have now way to match which system belongs to which customer. What’s you’re take on the matter? Lets us know by leaving a comment.

[via Engadget]

Do Your Projects Violate International Traffic In Arms Regulations?

April 12, 2011 by 57 Comments

From time to time we consider the ramifications of hacking prowess being used for evil purposes. Knowledge is a powerful thing, but alone it is not a dangerous thing. Malicious intent is what takes a clever project and turns it to a tragic end. Conscientious hackers realize this, and [George Hadley] is one of them. While working on a new project he wondered if there were guidelines as to what knowledge should and should not be shared. It turns out that the United States has a set of International Traffic in Arms Regulations that mention concepts we’ve seen in many projects. He wrote up an article which covers the major points of the ITAR.

The gist of it is that sharing certain knowledge, by posting it on the Internet or otherwise, can be considered arms trafficking. It’ll get you a not-so-friendly visit from government officials and quite possibly a sponsored stay in a secure facility. Information about DIY radar, communications jamming, spying devices, UAVs, and a few other concepts are prohibited from being shared. The one qualifying part of that restriction is that it only applies if the information is not publicly known.

Light-sensing Circuit For Power Saving Applications

April 8, 2011 by 6 Comments

light_sensing_circuit

Instructables user [MacDynamo] was thinking about home security systems and wondered how much electricity is being wasted while such systems are powered on, but not activated. He pondered it awhile, then designed a circuit that could be used to turn a security system on or off depending on the time of day, but without using any sort of clock.

His system relies on a 555 timer configured as a Schmitt trigger, with a photoresistor wired to the reset pin. When the ambient light levels drop far enough, the resistance on the reset pin increases, and the 555 timer breaks out of its reset loop. This causes the circuit to power on whatever is connected to it. When the sun rises, the resistance on the reset pin drops and the 555 timer continually resets until it gets dark again. He notes that this behavior can be easily reversed if you were to put the photoresistor on the trigger pin rather than the reset pin.

We like the idea, though we are a bit wary about using this for any sort of real security system. An errant insect or debris could cause the system to be turned on, and we’d feel pretty foolish if someone disabled our alarm with a flashlight. That said, this sort of circuit still has plenty of practical, power-saving applications outside the realm of home security.

Body Heat Sensing PC Security System

April 8, 2011 by 25 Comments

lockifnothot

[Didier Stevens] wrote in to tell us about a little piece of PC security software he put together recently. His application, LockIfNotHot, works in conjunction with your PC as well as an IR temperature sensor in order to lock your computer the moment you step away.

The theory behind the system is pretty simple. Basically, the IR temp sensor monitors when you are at your desk, sensing your presence by the heat your body gives off. As soon as you step away however, it locks the computer since the temperature of the surrounding area immediately drops. It’s pretty simple, but as you can see in the video below, it works quite well.

The software has configurable set points and timeout values, which make it flexible enough to adapt to your specific situation. He happens to use an off-the-shelf IR sensor, but we assume any USB temperature module will do the trick. If you happen to work with sensitive information but often forget to lock your workstation, this is the program for you!

Continue reading to see a quick demonstration of his software in action.

Continue reading “Body Heat Sensing PC Security System”