Build Your Own RFID Reader

April 19, 2010 by Mike Szczys 25 Comments

We asked for it and our readers delivered. [Klulukasz] left a comment pointing to this diy RFID reader that was a final project in 2006 for a class at Cornell University. It is well documented and includes not only a schematic and code, but an explanation of the design considerations used during the build. The project uses an ATmega32 and the parts list priced out at about $50 at the time. There were plenty of responses to the RFID spoofer post pointing out that there are readers available for $40, but we want the fun of building our own.

A bit more vague with the details but no less interesting is this other simple RFID reader design. Thanks to [Chuck] for his comment which pointed to that link.

Arduino RFID Spoofer

April 18, 2010 by Mike Szczys 36 Comments

An Arduino, a spent roll of toilet paper, magnet wire, and a few passive components are what’s needed to build this RFID spoofer. It’s quick, dirty, and best of all, simple. However, [SketchSk3tch’s] creation is not an RFID cloner. You must already know the hex code of the tag you want to spoof. That may or may not be as easy as using a separate tag reader.

We’ve seen some very simple RFID tag concepts. What we want is a DIY reader that is easy to build from cheap and readily available components. If you’ve got one, make with the details and tip us off about it.

Intruder Alarm McDonald’s Toy Hacking

April 8, 2010 by Caleb Kraft 14 Comments

[malikaii] needed to set up some kind of tripwire style alarm system for his office. His bosses kept sneaking in to find him slacking. So, like any loyal hacker, instead of just working harder he built an alarm system. After a failed attempt to recreate an IR alarm circuit he found on the web and built from old appliance parts, he found the Hack a Day article about harvesting McDonald’s toys. The end result was a fully functional IR detecting alarm for the office doorway. This is pretty simple really, the best kind of hack.

Program Your Own Mayhem-causing USB Dongle

April 5, 2010 by Mike Szczys 31 Comments

[Adrian Crenshaw] is up to no good with this programmable USB device. [Adrian’s] creation identifies itself as a USB keyboard and can be programmed to do whatever you want. That’s because it’s based around the Teensy board which sports an ATmega32 that will cost you only $18. He’s added a set of DIP switches for easy in-field changes to the firmware. There’s also a light sensor that can be used to activate a command once an unknowing victim has shut off the lights in the office and left for the day. Check out his talk after the break to see his proposed uses for such a device.

Continue reading “Program Your Own Mayhem-causing USB Dongle” →

Thwart Robbers With An Old Smoke Alarm.

February 28, 2010 by Mike Szczys 50 Comments

[Anders] tipped us off about his hack that re-purposes a smoke alarm as a burglar alarm. Unfortunately, he came home in the middle of a burglary but wanted to be ready the next time someone tries to break in. By cleverly patching into the test button on an old smoke detector he created a circuit-trip alarm. One side of each piece of wire is secured to the frame and jam of a window. A paper clip completes the circuit by pinching the two bare conductors. If the window is opened the connection is lost and the alarm sounds.

We see a few problems with this system. First off, never hack your ONLY smoke detector, you are putting lives at risk by doing so. But [Anders] says he’ll have a replacement detector and since these things need to be replace every ten years or so, chances are you can find an old one kicking around. We’d recommend disguising the case so that people aren’t confused about it being a smoke detector. Secondly, he’s mounted the alarm right in the window frame so most likely an invader will just smash the thing to bits.

Anyway, it’s still an interesting reuse of these ubiquitous, and life-saving, devices.

More Cellphone Controlled Door Locks

February 23, 2010 by Mike Szczys 16 Comments

[Tom Lee] and his colleagues just moved to a new office. The doors are setup like a security checkpoint with electronic strikes and buttons on the inside to allow entry. The button simply completes a low-voltage circuit, activating the strike which made it quite easy to patch into. They build an interface board with a small relay to complete that circuit. As we’ve seen before, Linksys routers have plenty of extra room in the case so there was no problem housing the new circuit in this tiny network device. Now [Nicko] and his friends can use a custom app to input an access code or to verify a device ID from a cell phone and gain entry. The door still has keyed locks in case of a power outage. In fact, the only change made to the system was the addition of two wires to the “door release” button as seen above. See the one-touch device ID authentication in the video after the break.

This hack is similar to the GSM door entry from last year. In this case, the phones are communicating with the door via web interface and not the GSM network.

Continue reading “More Cellphone Controlled Door Locks” →

Chip And Pin Broken And Other Security Threats

February 12, 2010 by Mike Szczys 22 Comments

Another exploit has been found in the Chip and PIN system. The exploit is a man-in-the middle attack that wouldn’t take too much know-how to pull off. You can watch the BBC report on the issue or check out the paper (PDF) published by the team that found the vulnerability. A stolen card resides in a reader that connects to a dummy card via a small cable. When the dummy card is inserted into a card reader, any PIN can be used to complete the transaction. The chip on the original card gets confirmation that the sale was completed via signature and the vendor’s card reader gets confirmation that the pin was correct. The UK based Chip and PIN system seems like a great idea, but it has had its share of security loopholes. This makes us wonder how hard it is to roll out security patches to the hardware readers in the system. Obviously this needs to be patch but does it take a technician visiting each terminal to flash an upgrade?

Switching to the topic of wide-scale attacks, we caught the NPR interview with [James Lewis] on Wednesday when they discussed the growing threat of Cyberterroism. He feels an attack on the US electrical grid is currently the biggest threat and will happen in the next ten years. Obviously taking the grid down would endanger lives and bring things to a standstill; traffic lights, refrigeration, heat, etc. We’re just glad that when asked if he thinks there is already malicious code residing in the control system, he doesn’t think that’s the case.

[Thanks to Whatsisface and Mcinnes]