Security Hacks

1425 Articles

An Easy-To-Make Pi-Powered Pocket Password Pal

October 31, 2022 by 16 Comments

Sometimes, we see a project where it’s clear – its creator seriously wants to make a project idea accessible to newcomers; and today’s project is one of these cases. The BYOPM – Bring Your Own Password Manager, a project by [novamostra] – is a Pi Zero-powered device to carry your passwords around in. This project takes the now well-explored USB gadget feature of the Pi Zero, integrates it into a Bitwarden-backed password management toolkit to make a local-network-connected password storage, and makes a tutorial simple enough that anybody can follow it to build their own.

For the physical part, assembly instructions are short and sweet – you only need to solder a single button to fulfill the hardware requirements, and there’s a thin 3D-printable case if you’d like to make the Pi Zero way more pocket-friendly, too! For the software part, the instructions walk you step-by-step through setting up an SD card with a Raspbian image, then installing all the tools and configuring a system with networking exposed over the USB gadget interface. From there, you set up a Bitwarden instance, and optionally learn to connect it to the corresponding browser extensions. Since the device’s goal is password management and storage, it also reminds you to do backups, pointing out specifically the files you’ll want to keep track of.

Overall, such a device helps you carry your passwords with you wherever you need them, you can build this even if your Raspberry Pi skills are minimal so far, and it’s guaranteed to provide you with a feeling that only a self-built pocket gadget with a clear purpose can give you! Looking for something less reliant on networking and more down-to-commandline? Here’s a buttons-and-screen-enabled Pi Zero gadget that uses pass.

This Week In Security: IOS, OpenSSL, And SQLite

October 28, 2022 by 13 Comments

Earlier this week, a new release of iOS rolled out, fixing a handful of security issues. One in particular noted it “may have been actively exploited”, and was reported anonymously. This usually means that a vulnerability was discovered in the wild, being used as part of an active campaign. The anonymous credit is interesting, too. An educated guess says that this was a rather targeted attack, and the security company that found it doesn’t want to give away too much information.

Of other interest is the GPU-related fix, credited to [Asahi Lina], the VTuber doing work on porting Linux to the Apple M1/M2 platform, and particularly focusing on GPU drivers. She’s an interesting case, and doing some very impressive work. There does remain the unanswered question of how the Linux Kernel will deal with a pull request coming from a pseudonym. Regardless, get your iOS devices updated.

Continue reading “This Week In Security: IOS, OpenSSL, And SQLite”

The WiFi Pumpkin Is The WiFi Pineapple We Have At Home

October 27, 2022 by 5 Comments

While networking was once all about the Cat 5 cables and hubs and routers, now most of us connect regularly in a wireless manner. Just like regular networks, wireless networks need auditing, and [Brains933] decided to whip up a tool for just that, nicknaming it the PumpkinPI_3.

The build is inspired by the WiFi Pineapple, which is a popular commercial pentesting tool. It runs the WiFi Pumpkin framework which allows the user to run a variety of attacks on a given wireless network. Among other features, it can act as a rogue access point, run man-in-the-middle attacks, and even spoof Windows updates if so desired.

In this case, [Brains933] grabbed a Raspberry Pi Zero W to run the framework. It was stuffed in a case with a Alfa Network AWUS036NHA wireless card due to its ability to run in monitoring mode — a capability required by some of the more advanced tools. It runs on a rechargeable LiPo battery for portability, and can be fitted with a small screen for ease of operation.

It should prove to be a useful tool for investigating wireless security on the go. Alternatively, you can go even leaner, running attacks off an ESP32.

Continue reading “The WiFi Pumpkin Is The WiFi Pineapple We Have At Home”

Mastercard’s New Card: Safer From Quantum Attacks?

October 25, 2022 by 28 Comments

Quantum computers present a unique threat to many aspects of modern information technology. In particular, many cryptographic systems could be at risk of compromise in the event a malicious actor came into possession of a capable quantum computer.

Mastercard is intending to stay ahead of the game in this regard. It has launched a new contactless credit card that it says is impervious to certain types of quantum attack.

Continue reading “Mastercard’s New Card: Safer From Quantum Attacks?”

“Reversing Shorts” Demystify Phone Security

October 24, 2022 by 3 Comments

Ever wonder what makes a cellphone’s operating system secure, or what that app you just installed is saying about you behind your back? In a brand new video series, [Jiska] gives us a peek into different topics in smartphone software reverse engineering.

For instance, her latest video, embedded below takes us through some steps to poke at Apple’s RTKit OS, which is the realtime OS that runs inside most of their peripheral devices, including AirPods, but also on their bigger devices too.  We don’t know much about RTKit OS, but [Jiska]’s trick in this video is to get a foothold by looking through two different RTKit OS versions and noting which symbols are common — these are probably OS function names. Now you’ve got something to look for.

Each of the videos is short, to the point, and contains nice tips for perhaps the intermediate-to-advanced reverser who is looking to get into phones. Heck, even if you’re not, her demonstrations of the Frida dynamic tracing tool are worth your time.

And if you want a longer introduction into the internals of cellphones, we heartily recommend her talk, “All Wireless Stacks Are Broken“.

Continue reading ““Reversing Shorts” Demystify Phone Security”

This Week In Security: Linux WiFi, Fortinet, Text4Shell, And Predictable GUIDs

October 21, 2022 by 18 Comments

Up first this week is a quintet of vulnerabilities in the Linux kernel’s wireless code. It started with [Soenke Huster] from TU Darmstadt, who found a buffer overwrite in mac80211 code. The private disclosure to SUSE kernel engineers led to a security once-over of this wireless framework in the kernel, and some other nasty bugs were found. A couple result in Denial-of-Service (DOS), but CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720 are Remote Code Execution vulnerabilities. The unfortunate bit is that these vulnerabilities are triggered on processing beacon frames — the wireless packets that announce the presence of a wireless network. A machine doesn’t have to be connected or trying to connect to a network, but simply scanning for networks can lead to compromise.

The flaws were announced on the 13th, and were officially fixed in the mainline kernel on the 15th. Many distros shipped updates on the 14th, so the turnaround was quite quick on this one. The flaws were all memory-management problems, which has prompted a few calls for the newly-merged Rust framework to get some real-world use sooner rather than later.

Fortinet

Much of Fortinet’s lineup, most notable their Fortigate firewalls, has a pre-auth authentication bypass on the administrative HTTP/S interface. Or plainly, if you can get to the login page, you can break in without a password. That’s bad, but at this point, you *really* shouldn’t have any administrative interfaces world-accessible on any hardware. Updated firmware is available.

More than just a couple days have passed, so we have some idea of the root problem and how it was fixed. It’s a simple one — the Forwarded HTTP headers on an incoming request are unintentionally trusted. So just send a request with Forwarded:for and Forwarded:by set to 127.0.0.1, and it falls through into code logic intended for internal API calls. Add a trusted SSH key, and pop, you’re in. Whoops. Continue reading “This Week In Security: Linux WiFi, Fortinet, Text4Shell, And Predictable GUIDs”

Front Door Keys Hidden In Plain Sight

October 18, 2022 by 27 Comments

If there’s one thing about managing a bunch of keys, whether they’re for RSA, SSH, or a car, it’s that large amounts of them can be a hassle. In fact, anything that makes life even a little bit simpler is a concept we often see projects built on to of, and keys are no different. This project, for example, eliminates the need to consciously carry a house key around by hiding it in a piece of jewelry.

This project sprang from [Maxime]’s previous project, which allowed the front door to be unlocked with a smartphone or tablet. This isn’t much better than carrying a key, since the valuable piece of electronics must be toted along in place of one. Instead, this build eschews the smartphone for a ring which can be worn and used to unlock the door with the wave of a hand. The ring contains an RFID which is read by an antenna that’s monitored by a Wemos D1 Mini. When it sees the ring, a set of servos unlocks the door.

The entire device is mounted on the front of the door about where a peephole would normally be, with the mechanical actuators on the inside. It seems just as secure (if not more so) than carrying around a metal key, and we also appreciate the aesthetic of circuit boards shown off in this way, rather than hidden inside an enclosure. It’s an interesting build that reminds us of some other unique ways of unlocking a door.

Continue reading “Front Door Keys Hidden In Plain Sight”