Researchers Discover That Cars Can Be Hacked With Music

March 17, 2011 by Mike Nathan 32 Comments

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

Passcode Protected Laser Tripwire Alarm System

March 11, 2011 by Mike Nathan 13 Comments

laser_tripwire

Sometimes security doesn’t need to be overly complex to be effective. Instructables user [1234itouch] recently built a simple laser tripwire alarm that can be mounted virtually anywhere, complete with a keypad for disarming the device.

He mounted a photo cell in a project box, along with an Arduino and a 12-button key pad. A laser pointer is aimed at the photo cell from across a gap, which results in a steady voltage being read by the Arduino. When the laser beam is broken, a drop in voltage is detected, and the alarm sounds until you enter the proper pre-configured passcode. Entering the passcode triggers a 15 second grace period during which the the alarm cannot be tripped again.

It might not be built with triple-thick steel doors and thermo-sensors, but it’s a simple device for simple needs. In its current form it could be pretty useful, and with a little reworking, there are a wide range of things it could be used for.

Continue reading to see a demo video of the tripwire alarm, and be sure to check out these other tripwire-based security systems.

Continue reading “Passcode Protected Laser Tripwire Alarm System” →

Microsoft Points Algorithm Cracked… They’re Out $1M

March 11, 2011 by Mike Szczys 44 Comments

Looks like someone figured out the algorithm that Microsoft uses to generate unique codes for their alternative currency: Microsoft Points. We were always a bit baffled by the need to do this sort of thing (Disney dollars, tokens at arcades, etc.) but figured it’s just a grift to get you to spend more dough. Looks like this time it may have come back to bite them in the ass with early loss projections somewhere in the $1-$1.2 million range.

But as most of you know, it’s not just an algorithm that can cause this kind of havoc. Whomever figured out how to crunch the numbers apparently packaged the method into a nice GUI and distributed it over the Internet. Check out the video after the break to see that not only will it give you a code, but you can verify that it works at the click of a button. Microsoft is taking steps to invalidate all of the ill-gotten redemption codes, but we wonder how effective they can be at it. Surely they already had contingency plans for this and we wonder if the company didn’t also carry insurance against this kind of loss.

Try as we might, we couldn’t turn up a press release on the subject. If you know of any, please be kind and leave a link in the comments.

Continue reading “Microsoft Points Algorithm Cracked… They’re Out $1M” →

DIY Wireless Keylogger Makes You Feel Like James Bond (In Your Own Little World)

March 9, 2011 by Mike Nathan 15 Comments

wireless_keylogger

Do you need to keep tabs on the kids while they browse the Internet? How about your husband/wife – do you suspect they are dabbling in extra-curriculars on the side? Hey, you’ve got your ~~insecurities~~ reasons, we won’t judge. We will however, show you what [Jerry] over at Keelog has been working on lately.

While the company sells hardware keylogger kits online, [Jerry] has relied on, and understands the importance of open source. Since we all benefit from things being open, he is giving away all of the details for one of his most recent projects, a wireless keylogger. The keylogger plugs in to a PC’s PS/2 port, and wirelessly sends data to a nearby USB dongle up to 20 yards away, all in real-time.

A detailed parts list is provided, as are schematics, PCB masks, firmware, and assembly instructions. However, if you prefer the easier route, you can always buy the completed product or a DIY kit.

This isn’t the first open source keylogger he has released, so be sure to check out his previous work if you prefer a wired keylogging solution.

Automatic Lock Cracker Makes Breaking And Entering A Breeze

March 9, 2011 by Mike Nathan 43 Comments

automatic_lockcracker

For most people, forgetting the combination on a lock means breaking out the bolt cutters and chopping off the lock. Some students at the [Olin College of Engineering] decided there was a far more elegant way to do the job, so they built an automated lock-cracking machine.

The machine consists of a clamp to hold the lock, a solenoid to pull the lock open, and a stepper motor to run through the combinations. Most of the processing is done on the attached computer, using software they created. The application will brute-force all of the possible combinations if you request it, but it also allows you to enter the first, second, or third numbers of the combination if you happen to remember them.

Once the machine is started, the motor begins spinning the lock and the solenoid yanks on the latch until the combination is discovered, which takes a maximum of about two hours to complete. The opening of the latch trips a limit switch and causes the mechanism to stop. A simple button press then returns the lock’s combination to the user.

Be sure to check out the video embedded below of the lock cracker in action.

[via Wired]

Continue reading “Automatic Lock Cracker Makes Breaking And Entering A Breeze” →

Laptop BIOS Password Recovery Using A Simple Dongle

March 8, 2011 by Mike Nathan 49 Comments

laptop_bios_reset

In his line of work, Instructables user [Harrymatic] sees a lot of Toshiba laptops come across his desk, some of which are protected with a BIOS password. Typically, in order to make it past the BIOS lockout and get access to the computer, he would have to open the laptop case and short the CMOS reset pins or pull the CMOS battery. The process is quite tedious, so he prefers to use a simpler method, a parallel loopback plug.

The plug itself is pretty easy to build. After soldering a handful of wires to the back of a standard male D-sub 25 connector in the arrangement shown in his tutorial, he was good to go. When a laptop is powered on with the plug inserted, the BIOS password is cleared, and the computer can be used as normal.

It should be said that he is only positive that this works with the specific Toshiba laptop models he lists in his writeup. It would be interesting to see this tried with other laptop brands to see if they respond in the same way.
Since no laptops are manufactured with parallel ports these days, do you have some tips or tricks for recovering laptop BIOS passwords? Be sure to share them with us in the comments.

ICE Uses Wide Set Of Tools To Hunt For Media Pirates

March 5, 2011 by Mike Szczys 51 Comments

If you’re rebroadcasting copyrighted video streams how will the authorities ever track you down? Well it looks like you don’t even need to be the content originator, and they’ll track you down because you didn’t really cover your tracks in the first place. [Brian McCarthy] found this out the hard way when his domain name was seized by Immigrations and Customs Enforcement earlier this year.

So how did they find him? They started by getting the records from the domain name registrar. He had used an alias instead of his real name so the next step in the investigation was to get a name from Comcast to go with the IP which had logged into the name registrar’s interface. They matched the Comcast account holder’s home address with the one given during domain registration, then matched the Gmail account registration infor from the registrar to the same person. The final piece of the puzzle was to stake out his house (no kidding) to confirm that [Brian] lived at the address uncovered by investigators.

ICE really went the whole nine yards. Especially if consider that the website they seized provided links to copyrighted media but didn’t actually host any of it. Nonetheless, [Brian] could find himself spending five years in the clink… ouch.