Security Hacks

1530 Articles

Running Debian And Android On The G1

November 11, 2008 by 6 Comments

tmobileg1

[Jay Freeman] has a rather exhaustive tutorial on how to set up a Debian environment on your T-Mobile G1. The first major issue with this is that getting root level access through telnetd is being patched. It certainly is a security issue that needs to be fixed, but a user shouldn’t have to root their own phone to begin with. While the G1 comes with some Linux tools, they’re limited. [Jay]’s goal was to create a familiar Debian environment on the phone. It takes a few tricks, but if you’re familiar with the command line, you shouldn’t have any problems. Debian already has ARM EABI support, so creating a working image isn’t a problem. The image file is stored on the SD card and mounted using the loopback device. The G1’s kernel has module support turned on, so [Jay] created an ext2 and unionfs kernel modules. [Benno Leslie]’s Android version of busybox is used to perform the actual mounting. Once mounted, you just need to chroot into the environment to start playing with native Linux apps. [Jay] takes this a step further by using unionfs to make the Android and Debian environments share the same root. This is really a great how-to and it’s nice to know that modules can be added to the kernel.

[photo: tnkgrl]

[via Hackszine]

Messing With Barcodes

November 10, 2008 by 13 Comments

stencil

[nico] just received his credentials for an upcoming conference. On each badge, there’s a 2D barcode with the participant’s bio and contact info. These are meant to be scanned by vendors for future contact. [nico] isn’t so interested in that and plans on updating his personal info by generating a new barcode. To this end, he’s collected a number of links to help out barcode hackers. He used the SWIPE toolkit to identify the format and decode (it has an online component too). There are also several online encoders you can use, like this one from [Terry Burton]. If you’re wondering what sort of shenanigans you can get into faking barcodes, check out [fx]’s presentation from 24C3.

[photo: seanbonner]

The EFF’s Privacy Agenda

November 10, 2008 by 17 Comments

eff_privacy1

With a new administration coming into power, the Electronic Frontier Foundation feels that it’s time for a change (see what we did there). They’ve posted an agenda that covers fixing privacy issues that have come to the forefront in the last eight years. It involves repairing amendments that prevent corporations from being sued for warrantless wiretapping. They would also modernize the Electronic Communications Privacy Act so that it would cover modern technology. The heavily abused State Secrets Privilege needs reform as well. Their final issue is with REAL ID and datafarming that many state governments have already rejected. If even a bit of this gets fixed, we’ll be happy. In any case, it’ll be good to have a more tech focused administration that doesn’t need the internet explained to it in terms of dumptrucks and tubes.

[photo: Jake Appelbaum]

Impressioning At LockCon

November 10, 2008 by 5 Comments

impressioning

[Steffen Wernéry] has published a video of the impressioning contest at LockCon. We learned about key impressioning at this year’s HOPE conference. You start the process by inserting a key blank into the lock. By turning the lock until it stops and then moving the key up and down you create marks on the blank’s face. Take a file to those marks to remove the extra material and then repeat the process. Once the pins are set properly, they’ll stop leaving marks on the blank. It takes a lot of skill to do this right, but you end up with a perfectly functional key. [Barry Wels] managed to win the competition in 5:30 with second place coming in at 6 minutes.

New WPA TKIP Attack

November 9, 2008 by 7 Comments

wifibox

[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet.

[photo: niallkennedy]

[via SANS]

How To Destroy A Filesystem

November 9, 2008 by 29 Comments

rmrf

The G1 ‘execute every command you type‘ bug naturally spawned ‘rm -rf /’ jokes. rm is the Linux command for deleting files. The -r and -f flags will cause it to remove files recursively and ignore confirmation. Executed as root it will annihilate the entire filesystem. Won’t it? [Jon Hohle] decided to test exactly how destructive the command was to *nix systems. How functional would the system be afterwards? He tested it side by side with the Windows equivalent, both ‘format c:’ and ‘del /F /S /Q’. He wanted to see what protections were available and what would be left working. Linux ended up completely broken while Windows, thanks to file locking, actually shutdown cleanly… and never came back. Some OSes, like Solaris, refuse to run the command ‘rm -rf /’ to prevent accidents.

Android Executes Everything You Type

November 9, 2008 by 11 Comments

g1

This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]