How To Destroy A Filesystem

rmrf

The G1 ‘execute every command you type‘ bug naturally spawned ‘rm -rf /’ jokes. rm is the Linux command for deleting files. The -r and -f flags will cause it to remove files recursively and ignore confirmation. Executed as root it will annihilate the entire filesystem. Won’t it? [Jon Hohle] decided to test exactly how destructive the command was to *nix systems. How functional would the system be afterwards? He tested it side by side with the Windows equivalent, both ‘format c:’ and ‘del /F /S /Q’. He wanted to see what protections were available and what would be left working. Linux ended up completely broken while Windows, thanks to file locking, actually shutdown cleanly… and never came back. Some OSes, like Solaris, refuse to run the command ‘rm -rf /’ to prevent accidents.

Android Executes Everything You Type

g1

This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.

[photo: tnkgrl]

Getting Root On The G1

If you’ve been holding off on a T-Mobile G1 purchase because you didn’t like the apparent user restrictions, there’s some good news. The Android powered phone comes with an easy button for getting root. Install a terminal app and you can manually start the telnetd service. All that’s left is telenetting into the device and it’ll give you root level access.

Smart Phone Hacking Roundup

[vimeo 2049219]

T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.

If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.

Above is Boing Boing Gadgets’ concise video review of Griffin AirCurve. It’s garbage. We first talked about it in our loaded horn post because it looked like something fun to redesign.

The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.

Coin Slot Detector


Wow, how quickly the wearable electronics world has slid into the gutter. They’re now resigned to watching our nations finest natural resource, the butt crack. This project by [semiotech] uses a LilyPad Arduino to monitor the exposure of the wearer’s coin slot. It detects the presence of light with a photoresistor and alerts the user with the vibrations of a pager motor. This breakthrough in coin slot technology will prevent dryness and certainly reduce our exposure to domestic terrorism. We see plenty of room for future development; the Arduino is already capable of logging exactly how often your coin slot is exposed. Even if you feel this is more protection than your coin slot needs, we recommend Neutrogena’s Coin Slot Cream for general upkeep.

USB Authenticated Deadbolt Lock

The Makers local 256 sent us this USB authenticated deadbolt prject. For roughly $60 these guys built an authentication system that reads the serial number off of the chip in a USB storage device.  The actual content on the memory in the USB device is not used at all. They are using a Freeduino board to control its behavior. It has a magnetic sensor that keeps it from initiating the lock when the door is open.  They mention that they are using Transparent Aluminum as an enclosure, we assume they mean the Star Trek variety, not Aluminium oxynitride. Be sure to check out the video after the break.

Continue reading “USB Authenticated Deadbolt Lock”

Eavesdrop On Keyboards Wirelessly

[vimeo http://vimeo.com/2007855%5D

Every time you press a key on your keyboard, a small burst of electromagnetic radiation is let out. This radiation can be captured and decoded. Though it only affects some models, this is pretty serious. They tested 11 different keyboards and they were all vulnerable to at least one of the four methods of attack. Tests have shown that the data can be read through walls and up to 65 feet away. That is pretty scary stuff. Someone could be setting up in the apartment or office right next to yours to listen to every keystroke you type.  Check out the second video after the break.

Continue reading “Eavesdrop On Keyboards Wirelessly”