Security Hacks

1457 Articles

Distorted Text Says A Lot

May 31, 2018 by 21 Comments

Getting bounced to a website by scanning a QR code is no longer an exciting feat of technology, but what if you scanned the ingredient list on your granola bar and it went to the company’s page for that specific flavor, sans the matrix code?

Bright minds at the Columbia University in the City of New York have “perturbed” ordinary font characters so the average human eye won’t pick up the changes. Even ordinary OCR won’t miss a beat when it looks at a passage with a hidden message. After all, these “perturbed” glyphs are like a perfectly legible character viewed through a drop of water. When a camera is looking for these secret messages, those minor tweaks speak volumes.

The system is diabolically simple. Each character can be distorted according to an algorithm and a second variable. Changing that second variable is like twisting a distorted lens, or a water drop but the afterimage can be decoded and the variable extracted. This kind of encoding can survive a trip to the printer, unlike a purely digital hidden message.

Hidden messages like these are not limited to passing notes, metadata can be attached to any text and extracted when necessary. Literature could include notes without taking up page space so teachers could include helpful notes and a cell phone could be like an x-ray machine to see what the teacher wants to show. For example, you could define what “crypto” actually means.

Continue reading “Distorted Text Says A Lot”

“Watch Dogs” Inspired Hacking Drone Takes Flight

May 27, 2018 by 19 Comments

They say that life imitates art, which in modern parlance basically means if you see something cool in a video game, movie or TV show, you might be inclined to try and build your own version. Naturally, such things generally come in the form of simple props, perhaps with the occasional embedded LED or noise making circuit. It’s not as if you can really build a phaser from Star Trek or a phone booth that’s bigger on the inside.

But after seeing the hacking quadcopter featured in the video game Watch Dogs 2, [Glytch] was inspired to start work on a real-world version. It doesn’t look much like the drone from the game, but that was never the point. The idea was to see how practical a small flying penetration testing platform is with current technology, and judging by the final build, we’d say he got his answer.

All the flight electronics are off the shelf quadcopter gear. It’s running on a Betaflight OMNIBUS F4 Pro V2 Flight controller with an M8N GPS mounted in the front and controlling the 2006 2400KV motors with a DYS F20A ESC. Interestingly [Glytch] is experimenting with using LG HG2 lithium-ion cells to power the quad rather than the more traditional lithium-polymer pack, though he does mention there are some issues with the voltage curve between the two battery technologies.

But the real star of the show is the payload: a Hak5 Pineapple Nano. As the Pineapple provides a turn-key penetration testing platform on its own, [Glytch] just needed a way to safely carry it and keep it powered. The custom frame keeps it snug, and the 5 Volt Battery Eliminator Circuit (BEC) on the DYS F20A ESC combined with a female USB port allows powering the Pineapple without having to make any hardware modifications.

We’ve seen quadcopters with digital weaponry before, though not nearly as many as you might think. But as even the toy grade quadcopters become increasingly capable, we imagine the airborne hacking revolution isn’t far away.

Continue reading ““Watch Dogs” Inspired Hacking Drone Takes Flight”

Explaining Efail And Why It Isn’t The End Of Email Privacy

May 21, 2018 by 25 Comments

Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation up with firm reasoning. In fact, Efail isn’t an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.

Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.

Continue reading “Explaining Efail And Why It Isn’t The End Of Email Privacy”

DIY Pi Zero Pentesting Tool Keeps It Cheap

May 15, 2018 by 14 Comments

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own version of the Hak5 Bash Bunny. His version might be lacking a bit in the visual flair department, but despite coming in at a fraction of the cost, it does manage to pack in an impressive array of features.

This pentesting multitool can act as a USB keyboard, a mass storage device, and even an RNDIS Ethernet adapter. All in an effort to fool the computer you plug it into to let you do something you shouldn’t. Like its commercial inspiration, it features an easy to use scripting system to allow new attacks to be crafted on the fly with nothing more than a text editor. A rudimentary user interface is provided by four DIP switches and light up tactile buttons. These allow you to select which attacks run without needing to hook the device up to a computer first, and the LED lights can give you status information on what the device is doing.

[Alex] utilized some code from existing projects, namely PiBunny and rspiducky, but much of the functionality is of his own design. Detailed instructions are provided on how you can build your own version of this handy hacker gadget without breaking the bank.

Given how small and cheap it is, the Raspberry Pi is gaining traction in the world of covert DIY penetration testing tools. While it might not be terribly powerful, there’s something to be said for a device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your balaclava and make a break for it.

PGP Vulnerability Pre-announced By Security Researcher

May 14, 2018 by 30 Comments

From the gaping maw of the infosec Twitterverse comes horrifying news. PGP is broken. How? We don’t know. When will there be any information on this vulnerability? Tomorrow. It’s the most important infosec story of the week, and it’s only Monday. Of course, this vulnerability already has a name. Everyone else is calling it eFail, but I’m calling it Fear, Uncertainty, and Doubt.

Update: eFail site and paper now available. This was released ahead of Tuesday’s planned announcement when the news broke ahead of a press embargo.

Update 2: The report mentions two attacks. The Direct Exfiltration attack wraps the body of a PGP-encrypted email around an image tag. If a mail client automatically decrypts this email, the result will be a request to a URL containing the plaintext of the encrypted email. The second attack only works one-third of the time. Mitigation strategies are to not decrypt email in a client, disable HTML rendering, and in time, update the OpenPGP and S/MIME standards. This is not the end of PGP, it’s a vulnerability warranting attention from those with a very specific use case.

Update 3: Hackaday has published an in-depth explanation of how eFail works which details the scope of the vulnerability.

[Sebastian Schinzel] announced on Twitter today he will be announcing a critical vulnerability in PGP/GPG and S/MIME email encryption. This vulnerability may reveal the plaintext of encrypted emails. There are currently no fixes — but there’s no proof of concept, or any actual publication of this exploit either. The only thing that’s certain: somebody on Twitter said encrypted email is broken.

The EFF has chimed in on this exploit and advises everyone to immediately disable and uninstall tools that automatically decrypt PGP-encrypted email. It also looks like the EFF came up with a great little logo for eFail as well so kudos on that.

While there are no details whatsoever concerning eFail aside from a recommendation to not use PGP, a few members of the community have seen a pre-press of the eFail paper. [Werner Koch] of GnuPG says eFail is simply using HTML as a back channel. If this is true, PGP is still safe; you just shouldn’t use HTML emails. If you really need to read HTML emails, use a proper MIME parser and disallow access to external links. It should be noted that HTML in email is already an attack vector and has been for decades. You don’t need to bring PGP into this.

Should you worry about a vulnerability in PGP and email encryption? Literally no one knows. European security researchers are working on a publication release right now, but other experts in the field who have seen the paper think it’s not a big deal. There is no consensus from experts in the field, and there is no paper available right now. That last point will change in a few hours, but for now eFail just stands for Fear, Uncertainty, and Doubt.

A Home Network, Security System, And A Hidden Room Behind A Bookcase

May 6, 2018 by 33 Comments

Ok, now this is something special. This is a home network and security system that would make just about anyone stop, and with jaw hanging agape, stare, impressed at the “several months of effort” it took [timekillerjay] to install their dream setup. Just. Wow.

Want a brief rundown of the diverse skill set needed to pull this off? Networking, home security, home automation, woodworking, running two thousand feet(!) of cat 6a cable, a fair hand at drywall work for the dozens upon dozens of patches, painting, staining, and — while not a skill, but is definitely necessary — an amazingly patient family.

Ten POE security cameras monitor the premises with audio recording, infrared, and motion detection capabilities. This is on top of magnetic sensors for five doors, and eleven windows that feed back to an ELK M1-Gold security system which effortlessly  coordinates with an Insteon ISY994i smart home hub; this allows for automatic events — such as turning on lights after dark when a door is opened — to occur as [timekillerjay]’s family moves about their home. The ELK also allows [timekillerjay] to control other things around the house — namely the sprinkler system — via relays. [timekillerjay] says he lost track of how many smart switches are scattered throughout his home, but there are definitely 39 network drops that service the premises.

All of the crucial components are hidden in his office, behind a custom bookshelf. Building it required a few clever tricks to disguise the bookshelf for the secret door that it is, as well as selecting components with attention to how much noise they generate — what’s the point of a hidden security system if it sounds like a bunch of industrial fans?

An uninterruptible power supply will keep the entire system running for about 45 minutes if there is a power outage, with the cameras recording and system logging everything all the while. Not trusting the entrance to his vault to something from Batman, he’s also fitted the bookshelf with a 600lb magnetic lock that engages when the system is armed and the door already closed. A second UPS will keep the door secured for 6+ hours if the house loses power. Needless to say, we think this house is well secured.

[Via /r/DIY]

Battery Backup Conceals A Pentesting Pi

May 1, 2018 by 21 Comments

Over the last few years one thing has become abundantly clear: hackers love cramming the Raspberry Pi into stuff. From classic game systems to mirrors, there’s few places that haven’t been invaded by everyone’s favorite Linux SBC. From the inspired to the bizarre, we’ve brought such projects to your attention with minimal editorialization. As we’ve said before: it’s not the job of Hackaday to ask why, we’re here to examine how.

That said, some builds do stand out from the crowd. One such project is the “Pentesting BBU Dropbox” which [b1tbang3r] has recently posted to Hackaday.io. Noticing the battery bay in a cheap Cyberpower 350VA battery backup was just about the same size as the Raspberry Pi, he decided to convert it into a covert penetration testing device. Of course the illusion isn’t perfect as the battery backup function itself doesn’t work anymore. But if you hid this thing in an office or server room, there’s very little chance anyone would ever suspect it didn’t belong.

The key to the final device’s plausibility is that from stock it had dual RJ-11 jacks for analog modem surge protection. Swapping those jacks out for RJ-45 network connectors gives the BBU Dropbox an excuse to be plugged into the network. At a cursory glance, at least. Internally there is a TRENDnet Ethernet switch which allows the Pi to get on the network when an Ethernet cable is plugged into the battery backup.

We especially like the little details [b1tbang3r] put in to make the final device look as real as possible. The “Reset” button and “Wiring Fault” LED have been connected to the GPIO pins of the Pi, allowing for an exceptionally discrete user interface. For instance the LED could be setup to blink when a scan is complete, or the button could be used to wipe the device in an emergency.

This build reminds us of the Power Pwn released back in 2012 by Pwnie Express. That device was based around a relatively bulky power strip, and the only “feature” it looks like this DIY build is missing from the professional version is the $1,300 price.