Chip And Pin Broken And Other Security Threats

February 12, 2010 by Mike Szczys 22 Comments

Another exploit has been found in the Chip and PIN system. The exploit is a man-in-the middle attack that wouldn’t take too much know-how to pull off. You can watch the BBC report on the issue or check out the paper (PDF) published by the team that found the vulnerability. A stolen card resides in a reader that connects to a dummy card via a small cable. When the dummy card is inserted into a card reader, any PIN can be used to complete the transaction. The chip on the original card gets confirmation that the sale was completed via signature and the vendor’s card reader gets confirmation that the pin was correct. The UK based Chip and PIN system seems like a great idea, but it has had its share of security loopholes. This makes us wonder how hard it is to roll out security patches to the hardware readers in the system. Obviously this needs to be patch but does it take a technician visiting each terminal to flash an upgrade?

Switching to the topic of wide-scale attacks, we caught the NPR interview with [James Lewis] on Wednesday when they discussed the growing threat of Cyberterroism. He feels an attack on the US electrical grid is currently the biggest threat and will happen in the next ten years. Obviously taking the grid down would endanger lives and bring things to a standstill; traffic lights, refrigeration, heat, etc. We’re just glad that when asked if he thinks there is already malicious code residing in the control system, he doesn’t think that’s the case.

[Thanks to Whatsisface and Mcinnes]

TPM Crytography Cracked

February 9, 2010 by Mike Szczys 36 Comments

Trusted Platform Module based cryptography protects your secrets as well as your government’s secrets. Well, it used to. [Christopher Tarnovsky] figured out how to defeat the hardware by spying on its communications. This requires physical access so it’s not quite as bad as it sounds, but this does reach beyond TPM to many of the security chips made by Infineon. This includes peripheral security chips for Xbox 360 and some chips used in cell phones and satellite TV.

[Christopher] revealed his hack during his presentation at Black Hat 2010. The method is wicked-hard, involving removal of the chip’s case and top layer, then tapping into a data bus to get at unencrypted data. The chip still has some tricks up its sleeve and includes firmware traps that keep a look out for this type of attack, shutting down if it’s detected. Infineon commented that they knew this was possible but regard it as a low threat due to the high skill level necessary for success.

[Thanks Greg]

PS3 Exploit Released

January 27, 2010 by Mike Szczys 53 Comments

You can now download the exploit package for the PlayStation 3. [Geohot] just posted the code you need to pull off the exploit we told you about on Sunday, making it available on a “silver platter” with just a bit of explanation on how it works. He’s located a critical portion of the memory to attack. By allocating it, pointing a whole bunch of code at those addresses, then deallocating it he causes many calls to invalid addresses. At the same time as those invalid calls he “glitches” the memory bus using a button on his FPGA board to hold it low for 40ns. This trips up the hypervisor security and somehow allows read/write access to that section of memory. Gentleman and Ladies, start your hacking. We wish you the best of luck!

[Thanks Phileas]

Coded Entry Using Your Wristwatch

January 21, 2010 by Mike Szczys 24 Comments

[Ziyan] and [Zach] built a door entry system that uses a code entered from your wristwatch. They’re using the TI eZ-430 Chronos that we saw in November. There is a project box mounted over the deadbolt lever. Inside, the wireless fob waits for the watch to connect. When a watch has connected and the correct code is received (using 128 bit encryption) the fob actuates a servo to turn the lock. On the user side of things the code is entered by tapping the watch. The built-in accelerometer picks up these taps and relays them to the door unit.

It’s a heck of a project! Check out their demonstration video after the break. We’d like to see a mechanical option for escaping the apartment in case the door unit fails but otherwise we think this is perfectly executed. We’re looking forward to seeing more projects that tap into this TI hardware.

Continue reading “Coded Entry Using Your Wristwatch” →

Buzzle: A Morse Code Puzzle Box

January 21, 2010 by Caleb Kraft 11 Comments

[lucasfragomeni] built the Buzzle after being inspired by the reverse geocache puzzle. The Buzzle was built as a gift to a friend. It’s a tricky gift too. His friend can’t open it until he decodes the words being displayed in morse code via an LED. A word is chosen at random, so you would have to decode it each time you want to open the box. That’s a pretty neat security feature. Sure it’s not the most secure, but it would keep casual peepers out. Unfortunately, the box was empty when his friend received it.

NES Console To Cartridge Security In Depth

January 20, 2010 by Mike Szczys 45 Comments

[Segher] has reverse engineered the hardware and command set for the NES CIC chips. These chips make up the security hardware that validates a cartridge to make sure it has been licensed by Nintendo. Only after authentication will the console’s CIC chip stop reseting the hardware at 1 Hz. The was no hardware information available for these chips (go figure) so [Segher] had to do some sleuthing with the tools at hand which include some rom dumps from the chip pairs. He was nice enough to share his findings with us. We’re betting they’re not of much use to you but we found it an interesting read.

[Thank ppcasm]

[Photo credit: Breaking Eggs and Making Omelets]

Russian Billboard Includes A “happy Ending”

January 16, 2010 by Mike Szczys 67 Comments

It seems someone hacked into one of LED billboards and added porn video clips to the rotation of advertisements. We caught a glimpse before YouTube yanked it. We’ve pixelated the shot above which already had some blackbox censorship from the OP but we assure you, it was hardcore porn.

The 9-by-6 meter billboard is in downtown Moscow. The AP is reporting that this caused something of a traffic jam and shocked passersby. We’ve seen porn before, but have to admit that even knowing what to expect in the video it was a bit shocking for us to see cars driving by a giant sex scene. This is certainly much more of a distraction than leaving clever messages on the side of the road.

Does anyone know what technology is used to update these billboards? We’re curious as to whether physical access to the unit is necessary for this kind of attack. Leave your insights in the comments.

[Thanks Sean]