Popular Printers Pwned In Prodigious Page Prank

February 4, 2017 by Jenny List 40 Comments

A new day dawns, and we have another story involving insecure networked devices. This time it is printers of all makes and descriptions that are causing the panic, as people are finding mystery printouts bearing messages such as this:

“Stackoverflowin has returned to his glory, your printer is part of a botnet, the god has returned“

Well that’s it then, you can’t argue with a deity, especially one who has apparently created a botnet from the world’s printing devices. Printer owners the world over are naturally worried about their unexpected arrival, and have appeared on support forums and the like to express their concern.

We are of course used to taking everything our printers tell us at face value. Low on ink? I hear you, my inanimate reprographic friend! But when our printer tells us it’s part of a botnet perhaps it’s time to have a little think. It is entirely possible that someone could assemble a botnet of compromised printers, but in this case we smell a rat. Only in farcical crime dramas do crooks announce their crimes in such a theatrical fashion, you might say it’s the point of a botnet not to be detected by its host. Reading some of the reports it seems that many of the affected systems have port 9100 open to the world, that’s the standard TCP printer port, so it seems much more likely that someone has written a little script that looks for IP addresses with port 9100 open, and trolls them with this message.

The real message here is one with which we expect Hackaday readers will be very familiar, and which we’ve covered before. Many network connected appliances have scant regard for security, and are a relative push-over for an attacker. The solution is relatively straightforward to those of a technical inclination, be aware of which services the devices is exposing, lock down services such as uPNP and close any open ports on your router. Unfortunately these steps are probably beyond many home users, whose routers remain with their default manufacturer’s settings for their entire lives. It’s a shame our printer troll didn’t add a link to basic router security tips.

If you want to have a little fun, some of the printed pages include an email address for ‘the god’. It would be fun to figure out who this is, right?

Jamming WiFi By Jumping On The ACK

February 3, 2017 by Mike Szczys 27 Comments

As we fill our airwaves with more and more wirelessly connected devices the question of what could disrupt this systems becomes more and more important. Here’s a particularly interesting example because the proof of concept shows that you don’t need specialized hardware to pull it off. [Bastian Bloessl] found an interesting tweak to previous research that allows an Atheros WiFi card to jam WiFi by obscuring ACK frames.

The WiFi protocol specifies an Acknowledgement Frame (ACK) which is sent by the receiving device after error correction has been performed. It basically says: “yep, I got that data frame and it checks out”. This error correcting process turns out to be the key to [Bastian’s] technique as it provides time for the attack hardware to decide if it’s going to jam the ACK or not.

The jamming technique presented by [Mathy Vanhoef] at the end 2014 outlined both constant and selective jamming. The selective part involved listening for data packets and analyzing them to determine if they are headed to a MAC the attacker wishes to jam. The problem is that by the time your commodity hardware has decoded that address it’s too late to jam the packet. [Bastian] isn’t trying to jam the data frame, he’s jamming the ACK that the receiver sends back. Without that acknowledgement, the sender will not transmit any new data frames as it assumes there is a problem on the receiving end.

3D Printed Bicycle From Stainless Steel!

February 3, 2017 by James Hobson 44 Comments

You wouldn’t 3D print a car, would you? That’d simply be impractical. However, if you’re a team of students attending the Delft University of Technology (TU Delft) in the Netherlands, you might be inclined to 3D print a stainless steel bicycle instead.

The TU Delft team collaborated with MX3D, a company that uses an articulated industrial robot arm with a welder for an effector, welding and building the Arc Bicycle, glob by molten glob. Printed in chunks, this process allows the practical construction of larger objects that are able to withstand the stresses and forces of everyday use. Weighing around 20kg, you might not want to spend much time carrying it up to an apartment anytime soon, so stick to the cobblestone streets — the Arc Bicycle can take it.

Continue reading “3D Printed Bicycle From Stainless Steel!” →

The Gray-1, A Computer Composed Entirely Of ROM And RAM

February 2, 2017 by Jenny List 53 Comments

When we learn about the internals of a microprocessor, we are shown a diagram that resembles the 8-bit devices of the 1970s. There will be an ALU, a program counter, a set of registers, and address and data line decoders. Most of us never go significantly further into the nuances of more modern processors because there is no need. All a processor needs to be is a black box, unless it has particularly sparked your interest or you are working in bare-metal assembly language.

We imagine our simple microprocessor as built from logic gates, and indeed there have been many projects on these pages that create working processors from piles of 74 series chips. But just occasionally a project comes along that reminds us there is more than one way to build a computer, and our subject today is just such a moment. [Olivier Bailleux] has created his “Gray-1”, a processor whose only active components are memory chips, both ROM and RAM.

The clever part comes with the descriptions of how the ROMs are used to recreate the different functions of the processor, through careful programming. Some functions such as registers for example use loops, in which some of the address lines are driven from the data lines to maintain the ROM at a set location. The name of the computer comes from its program counter, which counts in Gray code.

The full processor implements a RISC architecture, and there is a simulator to allow code development without a physical unit. The write-up is both comprehensive and accessible, and makes a fascinating read.

It’s safe to say this is the only processor we’ve seen with this novel approach to architecture. Some more conventional previous features though have been an effort to create a processor entirely from NAND gates, and another made from 74 logic.

Hacking The Aether: How Data Crosses The Air-Gap

February 2, 2017 by Pedro Umbelino 35 Comments

It is incredibly interesting how many parts of a computer system are capable of leaking data in ways that is hard to imagine. Part of securing highly sensitive locations involves securing the computers and networks used in those facilities in order to prevent this. These IT security policies and practices have been evolving and tightening through the years, as malicious actors increasingly target vital infrastructure.

Sometimes, when implementing strong security measures on a vital computer system, a technique called air-gapping is used. Air-gapping is a measure or set of measures to ensure a secure computer is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Sometimes it’s just ensuring the computer is off the Internet. But it may mean completely isolating for the computer: removing WiFi cards, cameras, microphones, speakers, CD-ROM drives, USB ports, or whatever can be used to exchange data. In this article I will dive into air-gapped computers, air-gap covert channels, and how attackers might be able to exfiltrate information from such isolated systems.

Continue reading “Hacking The Aether: How Data Crosses The Air-Gap” →

33C3: Hunz Deconstructs The Amazon Dash Button

February 2, 2017 by Elliot Williams 22 Comments

The Amazon Dash button is now in its second hardware revision, and in a talk at the 33rd Chaos Communications Congress, [Hunz] not only tears it apart and illuminates the differences with the first version, but he also manages to reverse engineer it enough to get his own code running. This opens up a whole raft of possibilities that go beyond the simple “intercept the IP traffic” style hacks that we’ve seen.

Just getting into the Dash is a bit of work, so buy two: one to cut apart and locate the parts that you have to avoid next time. Once you get in, everything is tiny! There are a lot of 0201 SMD parts. Hidden underneath a plastic blob (acetone!) is an Atmel ATSAMG55, a 120 MHz ARM Cortex-M4 with FPU, and a beefy CPU all around. There is also a 2.4 GHz radio with a built-in IP stack that handles all the WiFi, with built-in TLS support. Other parts include a boost voltage converter, a BTLE chipset, an LED, a microphone, and some SPI flash.

The strangest part of the device is the sleep mode. The voltage regulator is turned on by user button press and held on using a GPIO pin on the CPU. Once the microcontroller lets go of the power supply, all power is off until the button is pressed again. It’s hard to use any less power when sleeping. Even so, the microcontroller monitors the battery voltage and presumably phones home when it gets low.
Continue reading “33C3: Hunz Deconstructs The Amazon Dash Button” →

Darth Vader, In A Nixie Tube

February 1, 2017 by Jenny List 48 Comments

This may be a controversial statement, but Nixie tubes have become a little passé in our community. Along comes another clock project, and oh look! It’s got Nixie tubes instead of 7-segment displays or an LCD. There was a time when this rediscovered archaic component was cool, but face it folks, it’s been done to death. Or has it?

So given a disaffection with the ubiquity of Nixies you might think that no Nixie project could rekindle that excitement. That might have been true, until the videos below the break came our way. [Tobias Bartusch] has made his own Nixie tube, and instead of numerals it contains a 3D model of [Darth Vader], complete with moving light saber. Suddenly the world of Nixies is interesting again.

The first video below the break shows us the tube in action. We see [Vader] from all angles, and his light saber. Below that is the second video which is a detailed story of the build. Be warned though, this is one that’s rather long.

The model is made by carefully shaping and spot welding Kanthal wire into the sculpture, a process during which (as [Tobias] says) you need to think like neon plasma. It is then encased in a cage-like structure which forms its other electrode. He takes us through the process of creating the glass envelope, in which the wire assembly is placed. The result is a slightly wireframe but very recognisable [Vader], and a unique tube.

Continue reading “Darth Vader, In A Nixie Tube” →