Bios Level Malware

March 23, 2009 by Caleb Kraft 83 Comments

bios

“Reformat it”. That’s pretty much our default answer when someone calls us complaining of malware and viruses. Though many can be removed, it can sometimes be quicker and less frustrating just to reformat it. Some of us even have specific ways that we organize all of our files just to make the quarterly reformat go smoother. Unfortunately, reformatting may no longer be the absolute cure. Researchers have developed a piece of malware that infects the BIOS. It is un affected by reformating or flashing. This means that it is also OS independent. They tested it on Windows and OpenBSD as well as a machine running VMware Player. This is a grim sign for the future.

[via ZDNet.com]

Sniffing Keystrokes Via Laser, Power Lines

March 20, 2009 by Eliot 26 Comments

keystroke

Researchers from Inverse Path showed a couple interesting techniques for sniffing keystrokes at CanSecWest. For their first experiments they used a laser pointed at the shiny back of a laptop. The keystrokes would cause the laptop to vibrate which they could detect just like they would with any laser listening device. They’ve done it successfully from anywhere between 50 to 100 feet away. They used techniques similar to those in speech recognition to determine what sentences were being typed.

In a different attack, they sniffed characters from a PS/2 keyboard by monitoring the ground line in an outlet 50 feet away. They haven’t yet been able to collect more than just single strokes, but expect to get full words and sentences soon. This leakage via power line is discussed in the 1972 Tempest document we posted about earlier. The team said it wasn’t possible with USB or laptop keyboards.

[Thanks Jeramy]

Zigbee AES Key Sniffing

March 15, 2009 by Eliot 8 Comments

zigbeesniffing

[Travis Goodspeed] posted a preview of what he’s working on for this Summer’s conferences. Last weekend he gave a quick demo of sniffing AES128 keys on Zigbee hardware at SOURCE Boston. The CC2420 radio module is used in many Zigbee/802.15.4 sensor networks and the keys have to be transferred over an SPI bus to the module. [Travis] used two syringe probes to monitor the clock line and the data on a TelosB mote, which uses the CC2420. Now that he has the capture, he’s planning on creating a script to automate finding the key.

Paintball Gun Turret Assembly Videos

March 14, 2009 by Eliot 13 Comments

[youtube=http://www.youtube.com/watch?v=EG3FQYe4rBc]

[Jared] has updated his paintball gun turret page with more detailed assembly videos. You can read more about the project in our original post.

Smart Card Emulator

March 3, 2009 by Eliot 48 Comments

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

Paintball Gun Turret

February 26, 2009 by Eliot 39 Comments

[Jared Bouck] has been sending in his projects for a couple years now. We’ve enjoyed his heavy-duty DDR pads, LCD backlight repair, and ion cooling projects. His latest, an RC paintball gun turret, is our favorite though. He actually rates this as one of the easier projects he’s published; it just took a while to assemble. Several design decisions were made to keep the project simple. Two 32 Degrees Icon-E paintball guns were used. The guns already have electric solenoids for firing, so a special trigger mechanism didn’t have to be fashioned. Q-loaders were used to prevent any ball feed problems. The motors, driver boards, and RC components are all borrowed from combat robots for reliability. He’s hoping to produce a small number of kits based on this design.

Related: We’ve got quite a few sentry gun projects in the archive.

Sslstrip, Hijacking SSL In Network

February 23, 2009 by Eliot 21 Comments

Last week at Black Hat DC, [Moxie Marlinspike] presented a novel way to hijack SSL. You can read about it in this Forbes article, but we highly recommend you watch the video. sslstrip can rewrite all https links as http, but it goes far beyond that. Using unicode characters that look similar to / and ? it can construct URLs with a valid certificate and then redirect the user to the original site after stealing their credentials. The attack can be very difficult for even above average users to notice. This attack requires access to the client’s network, but [Moxie] successfully ran it on a Tor exit node.