The EFF’s Privacy Agenda

November 10, 2008 by Eliot 17 Comments

eff_privacy1

With a new administration coming into power, the Electronic Frontier Foundation feels that it’s time for a change (see what we did there). They’ve posted an agenda that covers fixing privacy issues that have come to the forefront in the last eight years. It involves repairing amendments that prevent corporations from being sued for warrantless wiretapping. They would also modernize the Electronic Communications Privacy Act so that it would cover modern technology. The heavily abused State Secrets Privilege needs reform as well. Their final issue is with REAL ID and datafarming that many state governments have already rejected. If even a bit of this gets fixed, we’ll be happy. In any case, it’ll be good to have a more tech focused administration that doesn’t need the internet explained to it in terms of dumptrucks and tubes.

[photo: Jake Appelbaum]

Impressioning At LockCon

November 10, 2008 by Eliot 5 Comments

impressioning

[Steffen Wernéry] has published a video of the impressioning contest at LockCon. We learned about key impressioning at this year’s HOPE conference. You start the process by inserting a key blank into the lock. By turning the lock until it stops and then moving the key up and down you create marks on the blank’s face. Take a file to those marks to remove the extra material and then repeat the process. Once the pins are set properly, they’ll stop leaving marks on the blank. It takes a lot of skill to do this right, but you end up with a perfectly functional key. [Barry Wels] managed to win the competition in 5:30 with second place coming in at 6 minutes.

New WPA TKIP Attack

November 9, 2008 by Eliot 7 Comments

wifibox

[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet.

[photo: niallkennedy]

[via SANS]

How To Destroy A Filesystem

November 9, 2008 by Eliot 29 Comments

rmrf

The G1 ‘execute every command you type‘ bug naturally spawned ‘rm -rf /’ jokes. rm is the Linux command for deleting files. The -r and -f flags will cause it to remove files recursively and ignore confirmation. Executed as root it will annihilate the entire filesystem. Won’t it? [Jon Hohle] decided to test exactly how destructive the command was to *nix systems. How functional would the system be afterwards? He tested it side by side with the Windows equivalent, both ‘format c:’ and ‘del /F /S /Q’. He wanted to see what protections were available and what would be left working. Linux ended up completely broken while Windows, thanks to file locking, actually shutdown cleanly… and never came back. Some OSes, like Solaris, refuse to run the command ‘rm -rf /’ to prevent accidents.

Android Executes Everything You Type

November 9, 2008 by Eliot 11 Comments

This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]

Getting Root On The G1

November 5, 2008 by Eliot 27 Comments

If you’ve been holding off on a T-Mobile G1 purchase because you didn’t like the apparent user restrictions, there’s some good news. The Android powered phone comes with an easy button for getting root. Install a terminal app and you can manually start the telnetd service. All that’s left is telenetting into the device and it’ll give you root level access.

Smart Phone Hacking Roundup

October 26, 2008 by Eliot 11 Comments

[vimeo 2049219]

T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.

If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.

Above is Boing Boing Gadgets’ concise video review of Griffin AirCurve. It’s garbage. We first talked about it in our loaded horn post because it looked like something fun to redesign.

The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.