D-Link Router Captcha Broken

May 19, 2009 by Eliot 24 Comments

d-link

We reported last week that D-Link was adding captchas to their routers to prevent automated login by malware. Unsurprisingly, it doesn’t work all time. The team from SourceSec grabbed the new firmware and began poking at it. They found that certain pages don’t require the authentication to be passed for access. One of these is WPS activation. WPS lets you do push button WPA configuration. Once activated, any nearby client can request the WPA key using a tool like WPSpy. Only user level credentials are needed to pull this off, so changing just the admin password won’t prevent it.

[photo: schoschie]

Magic Wands For Disney

May 17, 2009 by Caleb Kraft 13 Comments

[NRP] sent us a few of his projects. The most notable of the bunch was a school project funded by Disney. They were to make some kind of interactive entertainment for people waiting in line for rides. They decided on a wand style interface. Each wand has an accelerometer, an IR LED for tracking, an XBee unit, and a few buttons for interaction. They wrote some custom games and a multi person white board to test it all out. You can see those in action, along with a space themed pong game in the video after the break. Even though this was funded by Disney, you can still find all the source code and schematics, available for free.

Continue reading “Magic Wands For Disney” →

D-Link Adds Captcha To Routers

May 12, 2009 by Eliot 30 Comments

D-Link is adding captcha support to its line of home routers. While default password lists have been abundant for many years, it was only recently that we started seeing the them implemented in malware. Last year, zlob variants started logging into routers and changing their DNS settings. It’s an interesting situation since the people who need the captcha feature are the ones who will never see it, since they won’t log in to change the default password.

[photo: fbz]

GPS Logger With Wireless Trigger

May 10, 2009 by Caleb Kraft 7 Comments

gpslog

[Matthew] sent us his group’s final project, where they built a nice GPS logging system. Not only can it simply log the GPS coordinates on a predetermined interval, it can also be triggered to make an entry by a wireless device. In this example, they use a camera. This allows them to then upload all the GPS information and pictures to places like Google Earth.

They are using an ATmega644, with an LCD, SD card, and GPS unit. They had to do a little hacking on their camera to add the wireless transmitter, which triggers the logger. You can see not only the cost break down and source code for the project, but also a map with lots of geotagged photos. This is the kind of thing we can almost see as a standard item in the future.

Home Made R/C System

May 9, 2009 by Caleb Kraft 23 Comments

[youtube=http://www.youtube.com/watch?v=HI3KNy9GKB8]

[dunk] sent his home made Radio Control system. It is constructed from a Playstation 2 controller, an Atmega 2561, microcontroller, some RF modules and various servos and motors. It seems to work pretty well. You can get all the schematics and source code on his site. Several people have submitted a similar project which involves an iPhone and a helicopter, but that one is a bit dubious, mainly due to it’s lack of detail.

WSPRing Across The Atlantic

May 7, 2009 by Eliot 30 Comments

wspr

Host of the Soldersmoke podcast, [Bill Meara], contributed this guest post.

WSPR is a new communications protocol written by radio amateur and Nobel Prize winner [Joe Taylor]. Like the very slow QRSS system described in a previous post, WSPR (Weak Signal Propagation Reporter) trades speed for bandwidth and allows for the reception of signals that are far below the level of radio noise. WSPR takes “low and slow” communications several important steps ahead, featuring strong error correction, high reliability, and (and this is really fun part) the automatic uploading (via the net) of reception reports — [Taylor]’s WSPR web page constantly gathers reports and produces near real-time Google maps of showing who is hearing who. The WSPR mode is very hack-able: [Bill Meara] is running a 20 milliwatt homebrew transmitter from Rome, Italy that features an audio amplifier from a defunct computer speaker pictured below. This contraption recently crossed the Atlantic and was picked up by the Princeton, New Jersey receiving station of WSPR’s esteemed creator, [Joe Taylor]. Continue reading “WSPRing Across The Atlantic” →

Linksys IP Cam Hacking

April 20, 2009 by Caleb Kraft 28 Comments

admin_password_extraction_2-300x216

GNUCITIZEN has posted information on linksys wireless IP camera hacking. It turns out that some models send the administrator user name and password to the computer when the setup wizard requests a connection. In theory, someone could send the request and harvest your passwords wirelessly. This seems like a pretty careless oversight. We would think that linksys will probably remedy this before too long.

Update: Part 2 has been posted.

Update: Part 3 has been posted.