Self-Destructing USB Drive Releases The Magic Smoke

There were some that doubted the day would ever come, but we’re happy to report that the ambitious self-destructing USB drive that security researcher [Walker] has been working on for the last 6+ months has finally stopped working. Which in this case, is a good thing.

Readers may recall that the goal of the Ovrdrive project was to create a standard-looking flash drive that didn’t just hide or erase its contents when accessed by an unauthorized user, but actively damaged itself to try and prevent any forensic recovery of the data in question. To achieve this, [Walker] built a voltage doubler circuit into the drive that produces 10 volts from the nominal 5 VDC coming from the USB port. At the command of an onboard microcontroller, that 10 V is connected to the circuit’s 3.3 V rail to set off the fireworks.

Early attempts only corrupted some of the data, so [Walker] added some more capacitance to the circuit to build up more of a charge. With the revised circuit the USB controller IC visibly popped, but even after it was replaced, the NAND flash was still unresponsive. Sounds pretty dead to us.

Too user friendly, needs more buttons

Unfortunately, there’s still at least one issue that’s holding back the design. As we mentioned previously, [Walker] was having trouble getting the computer to actually acknowledge his homebrew drive had any free space available. It turns out that the SM3257EN USB controller IC he’s using needs to be initialized by some poorly documented Windows XP software, which might not be such a big deal if the goal was just to build one of them, but could obviously be a hindrance when going into production.

He hopes further reverse engineering will allow him to determine which commands the XP software is giving to the IC so that he can duplicate them in a less ancient environment. Sounds like a job for Wireshark to us — with any luck he should be able to capture the commands being sent to the hardware and replay them.

While we can understand some readers may have lingering doubts about the drive’s spit-detection authentication system, it’s clear [Walker] has made some incredible progress here. This project demonstrates that not only can an individual spin up their own sold state storage, but that should they ever need to, they can also destroy it in an instant.

USB Drive Keeps Your Secrets… As Long As Your Fingers Are Wet?

[Walker] has a very interesting new project: a completely different take on a self-destructing USB drive. Instead of relying on encryption or other “visible” security features, this device looks and works like an utterly normal USB drive. The only difference is this: if an unauthorized person plugs it in, there’s no data. What separates authorized access from unauthorized? Wet fingers.

It sounds weird, but let’s walk through the thinking behind the concept. First, encryption is of course the technologically sound and correct solution to data security. But in some environments, the mere presence of encryption technology can be considered incriminating. In such environments, it is better for the drive to appear completely normal.

Toggling the chip enable (CE) pin will hide the drive’s contents.

The second part is the access control; the “wet fingers” part. [Walker] plans to have hidden electrodes surreptitiously measure the resistance of a user’s finger when it’s being plugged in. He says a dry finger should be around 1.5 MΩ, but wet fingers are more like 500 kΩ.

But why detect a wet finger as part of access control? Well, what’s something no normal person would do right before plugging in a USB drive? Lick their finger. And what’s something a microcontroller should be able to detect easily without a lot of extra parts? A freshly-licked finger.

Of course, detecting wet skin is only half the equation. You still need to implement a USB Mass Storage device, and that’s where things get particularly interesting. Even if you aren’t into the covert aspect of this device, the research [Walker] has done into USB storage controllers and flash chips, combined with the KiCad footprints he’s already put together means this open source project will be a great example for anyone looking to roll their own USB flash drives.

Regular readers may recall that [Walker] was previously working on a very impressive Linux “wall wart” intended for penetration testers, but the chip shortage has put that ambitious project on hold for the time being. As this build looks to utilize less exotic components, hopefully it can avoid a similar fate.

The OpenMV board inside a security camera shell on the left, an AprilTag on smartphone's screen on the right

Use AprilTags To Let Guests Open Your Front Gate

[Herb Peyerl] is part of a robotics team, and in his robotics endeavours, learned about AprilTags; small QR-code-like printable patterns that are easily recognizable by even primitive machine vision. Later on, when thinking about good ways to let his guests through his property’s front gate, the AprilTags turned out to be a wonderful solution. Now all he needs to do is send his guest a picture of the appropriate AprilTag, which they can present to the camera at his front gate using their smartphone.

He used an OpenMV board for this – thanks to its wide variety of available libraries, the AprilTag recognition is already baked in, and the entire script is merely a hundred lines of MicroPython. An old surveillance camera gave up its dome-shaped housing, and now the OpenMV board is doing guest access duty on a post in front of his property’s front gate. He’s shared the code with us, and says he’s personally running a slightly modified version for security reasons — not that a random burglar is likely to stumble upon this post anyway. Besides it looks like the gate would be easy for a burglar to jump over without any need for security bypass, and the convenience benefits of this hack are undeniable.

In the unlikely chance a burglar is reading this, however, don’t be sad. We do happen to have a bunch of hacks for you, too. There’s far less secure systems out there, from building RFID keyfobs to gated community access control systems, sometimes all you need is a 12 V battery. If you’re not into burglary, that’s okay too — we’ve covered other guest access hacks before, for instance, this ESP8266-powered one.

RevK_NFC-Reader_v2-Photo

NFC Who’s At The Door

RevK_NFC_v1-Prototype-Photo
An early prototype that worked on the first try, except for one LED

[RevK] wanted to learn about NFC readers, and we agree that the best way to do so is to dive in and build one yourself.

There are readers available from multiple sources, but [RevK] found them either compact but with no prototyping space or plenty of prototyping space and a large footprint. High-speed UART (HSU) was selected over I2C for communication with an ESP32 as testing showed it was just as fast and more reliable over long distances at the cost of only one additional wire.

After a few versions, the resulting PN532 based NFC reader has just enough GPIO for a doorbell and tamper switch and three status LEDs, with board files and a 3D-printed case design included in the open source project on GitHub. When looking into the project, we appreciated learning about tamper switches that can include closed or open contact status when an NFC is read, most often used in the packaging of high-value and collectible products. If you have worked with this tamper feature of NFCs, let us know about it.

Thanks for the tip, [Simon]

Physical Security Hack Chat With Deviant Ollam

Join us on Wednesday, June 3 at noon Pacific for the Physical Security Hack Chat with Deviant Ollam!

You can throw as many resources as possible into securing your systems — patch every vulnerability religiously, train all your users, monitor their traffic, eliminate every conceivable side-channel attack, or even totally air-gap your system — but it all amounts to exactly zero if somebody leaves a door propped open. Or if you’ve put a $5 padlock on a critical gate. Or if your RFID access control system is easily hacked. Ignore details like that and you’re just inviting trouble in.

Once the black-hats are on the inside, their job becomes orders of magnitude easier. Nothing beats hands-on access to a system when it comes to compromising it, and even if the attacker isn’t directly interfacing with your system, having him or her on the inside makes social engineering attacks that much simpler. System security starts with physical security, and physical security starts with understanding how to keep the doors locked.

join-hack-chatTo help us dig into that, Deviant Ollam will stop by the Hack Chat. Deviant works as a physical security consultant and he’s a fixture on the security con circuit and denizen of many lockpicking villages. He’s well-versed in what it takes to keep hardware safe from unauthorized visits or to keep it from disappearing entirely. From CCTV systems to elevator hacks to just about every possible way to defeat a locked door, Deviant has quite a bag of physical security tricks, and he’ll share his insights on keeping stuff safe in a dangerous world.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, June 3 at 12:00 PM Pacific time. If time zones have you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

A Robust ESP8266 RFID Access Control System

By now we’ve seen plenty of projects that use an ESP8266 as a form of rudimentary access control: tap a button on your smartphone, and the door to your apartment unlocks. With the power and flexibility of the ESP, it’s a very easy project to pull off with minimal additional hardware. But what about if you want to get a little more serious, and need to support many users?

Rather than reinvent the wheel, you might want to check out the extremely impressive ESP-RFID project. It’s still based on the ESP8266 we all know and love, but it combines the diminutive WiFi-enabled microcontroller with a nice custom PCB and some exceptionally slick software to create a very professional access control system without breaking the bank. As the name implies, the system is geared towards RFID authentication and supports readers such as the MFRC522, PN532 RFID, or RDM6300. Add in a stack of Mifare Classic 1KB cards, and your hackerspace is well on the way to getting a new door control system.

The official hardware for ESP-RFID can be purchased through Tindie with or without an installed ESP-12F module, but as it’s a fully open source project, you’re also free to build your own version if you’d like. In either event, the board allows you to easily connect the ESP up to your RFID reader of choice, as well as door sensors and of course the door locks themselves.

On the software side of things, ESP-RFID should be able to handle about 1000 unique users and their RFID cards before the relatively limited RAM and storage of the ESP catches up with it. But if you’ve got that many people coming and going in your hackerspace, it might be time to update your systems to begin with. Incidentally, the project makes no guarantees about the security of the ESP-RFID code, and says that the system shouldn’t be used for secure locations. That said, you can run ESP-RFID without an Internet connection to reduce your attack surface, at the cost of losing NTP time synchronization.

If you’re not managing a few hundred users and their RFID cards, one of the more simplistic ESP8266 door locks might be more your speed. We’ve also seen similar tricks pulled off with the Particle Photon, in case you’ve got one of those rattling around the parts bin.

CarontePass: Open Access Control For Your Hackerspace

A problem faced by all collaborative working spaces as they grow is that of access control. How can you give your membership secure access to the space without the cost and inconvenience of having a keyholder on site at all times.

[Torehc] is working on solving this problem with his CarontePass RFID access system, at the Kreitek Makerspace (Spanish, Google Translate link) in Tenerife, Canary Islands.

Each door has a client with RFID readers, either a Raspberry Pi or an ESP8266, which  connects via WiFi to a Raspberry Pi 2 server running a Django-based REST API. This server has access to a database of paid-up members and their RFID keys, so can issue the command to the client to unlock the door. The system also supports the Telegram messaging service, and so can be queried as to whether the space is open and how many members are in at a particular time.

All the project’s resources are available on its GitHub repository, and there is a project blog (Spanish, Google Translate link) with more details.

This is a project that is still in active development, and [Torehc] admits that its security needs more work so is busy implementing HTTPS and better access security. As far as we can see through the fog of machine translation at the moment it relies on the security of its own encrypted WiFi network, so we’d be inclined to agree with him.

This isn’t the first hackerspace access system we’ve featured here. The MakerBarn in Texas has one using the Particle Photon, while the Lansing Makers Network in Michigan have an ingenious mechanism for their door, and the Nesit hackerspace in Connecticut has a very fancy system with video feedback. How does your space solve this problem?

The HackadayPrize2016 is Sponsored by: