Radio Controlled Hard Drive Security

December 7, 2010 by Caleb Kraft 46 Comments

[Samimy] has put together this really neat video tutorial on building a Radio Controlled secure hard drive. How can a hard drive be radio controlled? That’s the first thing we thought too. He has torn apart a remote-controlled car and is using the guts to remotely switch on power to the drive. This means that the drive is only active if you boot the computer after you put the fob in the hidden security system. It looks like it would be fairly effective. We’re curious though, if he is putting the entire drive assembly inside his PC, why rely on batteries for the circuit? Why not pull from the PC power supply? Another neat upgrade might be connecting to an internal USB connection on the motherboard so a reboot isn’t necessary.

Check out the entire video after the break.
Continue reading “Radio Controlled Hard Drive Security” →

RFID Spoofer With Code And Instructions

November 28, 2010 by Mike Szczys 11 Comments

Here’s a field-programmable RFID spoofer developed by [Doug Jackson]. He was inspired by the spoofers we looked at near the end of September that didn’t have source code available. With the idea seeded in his mind he figured he could develop his own version, and then decided to share the build details with the rest of us.

The tags that he purchased for testing and developing the spoofer have a code printed on the back of them. A bit of sleuthing at the data from a tag reader and he managed to crack the code. From there he built this tag spoofer with a keypad on which you enter the number from the back of any 125 kHz tag and the device becomes that tag. If you have been waiting to test your RFID hacking skills there should be nothing holding you back now that [Doug] shared the details of his own adventure.

Surprisingly Simple Magnetic Card Spoofer

November 27, 2010 by Mike Szczys 5 Comments

[Craig’s] magnetic card spoofer is both simple and brilliant. There are two parts to spoofing these cards and he took care of both of them. The first part is getting the actual card data. He designed the spoofer board with a header that connects to a card reader for doing this. The second part is the spoofing itself, which is done with an electromagnet. As with past spoofers, he wrapped a shim with enamel-coated magnet wire. An old knife blade was picked for its thickness and ferromagnetism. This magnet is driven by an ATtiny2313 which stores the data, and is protected by a transistor driving the coil. There were a few design flaws in his board, but [Craig] was able to get the same track data out of the spoof as the original card despite the LED being used as a protection diode and an ‘aftermarket’ resistor on the transistor base.

Cheap Audio Equipment Makes ATM Theft Easier

November 26, 2010 by Mike Szczys 17 Comments

ATM information theft is nothing new. Neither is the use of skimmers to gain access to the data. But it’s a little surprising just how easy it has become to hack together the devices using audio equipment. The images above are samples of a skimmer for sale from an Eastern-European do-no-good. It is the magnetic stripe sniffer portion of the attack which captures card data as an audio recording. That is later turned into the binary code that was read from the card. We’re just speculating, but that looks an awful lot like the PCB from a pen recorder, something you can pick up for just a couple of bucks.

Of course this is used in conjunction with a camera to capture PIN data as the second part of the security protocol, but it really underscores the need for new ATM technology. Some skimmers don’t even require retrieval of the hardware, and you never know where the sketchy machines might pop up next.

[via Engadget and Slashdot]

Hopefully Detect Trolls Before They Devour You

November 25, 2010 by Joseph Thibodeau 24 Comments

In the cold and mysterious wilderness of Norway, it pays to be ready for anything–especially heavy-walking trolls. The team at [nullohm] decided to prepare thoroughly for their trek into the woods to witness the Leonids meteor shower by putting together an Arduino-based “troll detector”.

The device is based on the superstition of hammering a steel spike into a tree to keep trolls away from camp. This goes one step further by including an accelerometer and LED indicators so that you can tell exactly what type of troll is just about to feast upon your tender human flesh.

When the detector is installed into a nearby tree, it takes an average seismic measurement and then looks for telltale footfalls. Even if you’re not concerned with perpetuating superstitions, you might find a use for the source code for simple seismic activity monitoring at home to supplement your miniature seismic reflector.

Debug Mode Lurking Inside AMD Chips

November 13, 2010 by Mike Szczys 50 Comments

Looks like some hardware enthusiasts have worked out a method to enable debug mode within AMD processors. The original site isn’t loading for us, but the text has been mirrored in this comment. Getting the chip into debug mode requires access passwords on four control registers. We’ve read through the writeup and it means very little to us but we didn’t pull out a datasheet to help make sense of the registers being manipulated. It shouldn’t be hard to find an old AMD system to try this out on. We’d love to hear about anything you do with this debug system.

[via Slashdot]

Exploit Bait And Switch

November 7, 2010 by James Munns 31 Comments

When a new virus or other piece of malware is identified, security researchers attempt to get a hold of the infection toolkit used by malicious users, and then apply this infection into a specially controlled environment in order to study how the virus spreads and communicates. Normally, these toolkits also include some sort of management console commonly used to evaluate successfulness of infection and other factors of the malware application. In the case of the EFTPS Malware campaign however, the admin console had a special trick.

This console was actually a fake, accepting a number of generic passwords and user accounts, and provide fake statistics to whoever looked in to it. All the while, the console would “call home” with as much data about the researcher as possible. By tricking the researchers in this way, the crooks would be able to stay one step ahead of anti-virus tools that would limit the effectiveness of any exploit. Thankfully though, the researchers managed to come out on top this time.

[via boingboing]