Security Hacks

1521 Articles

Spy On Your Office

January 7, 2010 by 30 Comments

[Garagedeveloper] sent us his custom surveillance system, part 1, part 2, and part 3 after needing a way to find out why some cables at work were becoming unplugged (spoiler, the cleaners were messing up the wiring). At the base of the system is a web cam glued to a stepper motor. However, it gets much more in depth with a web front-end that allows the user to stream the feed and control the position of the stepper. We’re not particularly fond of how many different parts the project takes, while it all could be accomplished under C# with ASP.NET and parallel port library instead of including Arduino and excess code, but to each their own and the project turned out a success anyway.

Arduino Security With Frickin’ Laser

January 3, 2010 by 15 Comments

[over9k] used his Arduino to set up a laser trip wire. The laser is mounted along side the Arduino, reflects off of a mirror, and shines on a photoresistor that interfaces via a voltage divider. The signal from the voltage divider is monitored for a change when the laser beam is broken. [over9k] set things up so that a webcam snaps a picture of the intruder and Twitters the event for easy notification. Video after the break walks through each of these steps.

This build is a bit rough around the edges but unlike other laser trip wires this keeps all the electronics in one place. The laser interface could be a bit more eloquent, and we’re wondering just how much current it is pulling off of the Arduino pins. But if you’re bored and have this stuff on hand it will be fun to play around with it. Continue reading “Arduino Security With Frickin’ Laser”

Lightning Rod: Keeps You Safe From Dirty Flashers

January 1, 2010 by 9 Comments

A new open source package called Lightning Rod will help to close security exploits in Adobe’s dirty Flash code. A presentation made at the 26th Chaos Communication Congress showed that the package does its job by reviewing incoming code before the browser executes it. Heise Online is reporting that this method can block over 20 different known attacks and can even be used to filter out malicious JPG attacks. As more vulnerabilities are discovered they can be added to Lightning Rod to close the breach. This amounts to a virus scanner for Flash code. It’s great to have this type of protection but why can’t Adobe handle its security problems?

[Photo Credit]

[Thanks das_coach]

GSM Cracked

December 30, 2009 by 14 Comments

[Karsten Nohl], with a group of security researchers has broken the A5/1 Stream Cipher behind GSM. Their project web site discusses their work and provides slides(pdf) presented at 26C3. A5/1 has had known vulnerabilities for some time now and is scheduled to be phased out for the newer KASUMI or A5/3 block cipher. This should be an interesting time in the cell phone business.

Thanks to [Tyco] and [MashupMark] for pointing us to this story.

http://online.wsj.com/article/SB10001424052748703510304574626451948722542.html?mod=rss_Today%27s_Most_Popular

Kindle DRM Cracked

December 24, 2009 by 19 Comments

Ding-dong, the DRM is gone. But not in the way we really want. The copy protection scheme that is used for most Kindle books has been cracked. We’d much prefer it hadn’t been there in the first place but then there’d be no challenge for security hackers.

Giving credit for the advancement gets a little messy. Apparently two folks figured this out at approximately the same time. [Labba] posted about his discoveries while [I (heart) Cabbages] wrote about his exploits in a blog entry. Either way, you can now strip the protection and use your legally-purchased books on any device you choose by using this Python script.

This means that both Kindle and Nook have had their DRM broken. Are these companies really trying to prevent copying (fair use) or do they just want to be able to tell the publishers that there are copy protections while turning a blind eye to what happens in the privacy of your personal computer?

[Thanks Sanchoooo via Slashdot]

Terminate RFID Tags

December 22, 2009 by 49 Comments

This gun hunts only RFID tags.[mnt], who brought us laser gesture control, built this RFID Zapper but included so much more. Any good weapon has to sound mean, a feat he’s accomplished by incorporating an MP3 player into the rifle. The coil that zaps the RFID tag is powered by a photo-flash unit, but for visual feedback he’s got a second unit that flashes light to signal the demise of your German passport (see the video after the break).

It’s hard to believe we haven’t covered RFID Zappers yet. The concept came out of the Chaos Communication Congress a few years back. This method works by sending a very strong electromagnetic field through the RFID tag that causes it to burn out. There’s a wiki post on RFID Zappers but Firefox threw a certificate warning when we loaded it up; read at your own risk.

Continue reading “Terminate RFID Tags”

Rhythmic Combo-lock

December 22, 2009 by 13 Comments

[MusashiAharon’s] dorm room door was practically begging to be hacked. There was already an electronic strike plate in place as well as junction boxes on the inside and out that were connected by conduit. Jumping on the bandwagon after seeing some other door lock hacks here, he built one that uses a rhythmic combination.

The control panel on the outside is a blank faceplate with two buttons and a status LED. Theses are wired to a jack and connected with a cable traveling through the conduit to a breadboard on the inside of the door. Seeing a large breadboard hanging on an outlet cover is a bit comical but it does the job. From there, a Teensy microcontroller waits for the code and if correct, actuates the strike plate via a relay.

The rhythmic nature of this lock reminds us of the knock-based system. One button signals the start and end of the code, the other is used to input the rhythmic sequence. This does seem a little more discreet and we’d imagine it’s quite hard to eavesdrop on the correct combination.