Security Hacks

1538 Articles

Hard Drive Destruction Plan

July 4, 2010 by 56 Comments

[youtube=http://www.youtube.com/watch?v=jhfF2Et77aw]

[Wolf] emailed us to show us his Self destructing Hard Drive tutorial. He’s using thermite, like we did, but he’s put a little more effort into the delivery system. In the video, you can see a huge spray molten iron. This is because his “jet”, the block of wood hollowed out to focus the thermite on to the hard drive didn’t hold a seal at the top. Not too bad for try #1. He could probably build this to be more contained, but even then it will most likely turn into “entire self destructing office” if it were to actually be used. A little common sense goes a long way here folks, this is molten metal and is extremely hot and dangerous.

Free Laundry Redux

July 3, 2010 by 53 Comments

[Koala] was worried his pseudo smart card trick wouldn’t be considered a HackaDay worthy. We’re more worried the internet police will find this article and have us all tarred and feathered.

Jokes aside, it seems Laundromat owners sure aren’t learning. Long story short, using a Bus Pirate and a few techniques we’ve seen before for smart card hacking [Koala] is able to write whatever amount he needs onto his pseudo smart card; thus giving him a free load of laundry.

Now You See Me, Now You Don’t, Face Detection Scripts

June 27, 2010 by 19 Comments

Straight out of Ghost in the Shell, the Laughing Man makes his appearance in these security camera shots. [William Riggins] wrote us to let us know about his teams Famicam scripts. After taking a screen shot, faces are detected and counted, ‘anonymized’, and the final image is uploaded to Twitter.

The process is rather simple, and sure beats wearing a bunch of white reflective camouflage. All that’s left is detecting specific faces to make anonymous, and of course uploading the script to every camera in the world. Easy, right?

SOAP Compatibility For SQLmap

June 25, 2010 by 11 Comments

[_coreDump] was doing some database vulnerability testing using SQLmap to automate the process. To his dismay, the package was unable to test using the Simple Object Access Protocol. Faced with having to manually test all of the SOAP vulnerabilities he decided to work some Python magic and add support. His solution allows SQLmap 0.8 to parses XML data from the SOAP protocol by modifying three files from the package. He’s made the diff files available if you need this functionality for your own security testing.

Win At Hangman, Gain Entry

June 16, 2010 by 16 Comments

Do not put anything in this box that you will need in a rush. You’ll have to successfully guess the word in a game of hangman to gain entry. He’s using an Atmega328 as the brains of this project with a rotary dial and an LCD for input and display. If you win, the box is unlocked and you can open it up to get whatever is inside. There are links to various tutorials along the way to help with each step, including the Arduino source code he used to build it. We think he should bump it up a notch and have the box destroy the contents if you fail. Sounds like fun, right?

Ground Your Car To Make It Go

June 14, 2010 by 27 Comments

[youtube=http://www.youtube.com/watch?v=FFb5_mKfnR8]

This security system called G-spot requires that you touch a special place on the car prior to attempting to start it. This is pretty slick as it could be completely un-obvious and doesn’t require any special fobs or minor surgery. With the right placement, no one would ever notice that you had touched it.

[via HackedGadgets]

Modern Car Data Systems Lack Security

May 18, 2010 by 65 Comments

Tomorrow a team of researchers will present their paper on Experimental Security Analysis of a Modern Automobile (PDF) at the IEEE Symposium on Security & Privacy. Much like the racing simulators we’ve seen they’re exploiting the ODB-II port to get at the vehicle’s Controller-area network, or CAN-bus. We’re not surprised at all that they can display custom text on the dashboard display or read sensor data from the car. What does surprise us is their exposé on how truly unsecured the system is. It seems that access to any device on the CAN-bus gives them unobstructed control of the car’s systems. Any device can send commands to any other device. They’ve even found a way to write malicious code to the car’s computer which can be programmed to erase itself in the event of a crash.

Much like RFID the security risks here are basically nill for the vast majority of consumers. We just find it a bit surprising that there’s apparently been little thought put into fortifying the communications between the safety systems such as the brakes on the vehicle. For instance, team experimented with sending random packets over the CAN-bus and stumbled across a way to lock the brake on just one wheel. To us it’s conceivable that a malfunctioning device on the network could start sending out damaged packets and cause a dangerous malfunction like this one.

The 14-page PDF linked above is a page-turner, check it out on your hacked ereader during lunch.