This Week In Security: Google Photos, Whatsapp, And Doom On Deskphones

February 7, 2020 by Jonathan Bennett 12 Comments

Google Photos is handy. You take pictures and videos on your cell phone, and they automatically upload to the cloud. If you’re anything like me, however, every snap comes with a self-reminder that “the cloud” is a fancy name for someone else’s server. What could possibly go wrong? How about some of your videos randomly included in another user’s downloads?

Confirmed by Google themselves, this bug hit those using Google Takeout, the service that allows you to download all your data from a Google application, as a single archive. Google Photos archives downloaded between November 21 and November 25 may contain videos from other users, according to a notice sent to the users who downloaded said archives. It’s notable that those notices haven’t been sent to users who’s videos were exposed.
Continue reading “This Week In Security: Google Photos, Whatsapp, And Doom On Deskphones” →

This Week In Security: Windows 10 Apocalypse, Paypal Problems, And Cablehaunt

January 17, 2020 by Jonathan Bennett 18 Comments

Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) It’s really bad. If you’re running Windows 10, go grab the update now. OK, you’re updated? Good, let’s talk about it now.

CVE-2020-0601 pic.twitter.com/8tJsJqvnHj

— Saleem Rashid (@saleemrash1d) January 15, 2020

The flaw applies to X.509 keys that use elliptic curve cryptography. We’ve discussed ECC in the past, but let’s review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.

The historic calculation is multiplying large primes, as it’s unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.

There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.

With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesn’t properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve — similar enough that the checks in crypt32 don’t catch it. Continue reading “This Week In Security: Windows 10 Apocalypse, Paypal Problems, And Cablehaunt” →

Old Cisco WAN Card Turned FPGA Playground

November 20, 2019 by Tom Nardi 33 Comments

Many of us think of FPGAs as some new cutting edge technology, but the fact of the matter is that they’ve been around for quite some time. They’ve just traditionally been used in hardware that’s too expensive for us lowly hackers. A case in point is the Cisco HWIC-3G-CDMA WAN card. A decade ago these would have been part of a router valued in the tens of thousands of dollars, but today they can be had for less than $10 USD on eBay. At that price, [Tom Verbeure] thought it would be worth finding out if they could be repurposed as generic FPGA experimentation devices.

So as not to keep you in suspense, the short answer is a resounding yes. In the end, all [Tom] had to do was figure out what voltages the HWIC-3G-CDMA was expecting on the edge connector, and solder a 2×5 connector onto the helpfully labeled JTAG header. Once powered up and connected to the computer, Intel’s Quartus Programmer software immediately picked up the board’s Cyclone II EP2C35F484C8 chip. The blinking LEDs seen in the video after the break serve as proof that these bargain bin gadgets are ripe for hacking.

Unfortunately, there’s a catch. After studying the rest of the components on the board, [Tom] eventually came to the conclusion that the HWIC-3G-CDMA has no means of actually storing the FPGA’s bitstream. Presumably it was provided by the router itself during startup. If you just want to keep the board tethered to your computer for experimenting, that’s not really a big deal. But if you want to use it in some kind of project, you’ll need to include a microcontroller capable of pushing the roughly 1 MB bitstream into the FPGA to kick things off.

It might not be as easy to get up and running as the 2019 Hackaday Superconference badge, but it’s certainly a lot easier to get your hands on.

Continue reading “Old Cisco WAN Card Turned FPGA Playground” →

Introducing The First Cisco Certified Mixologist

October 4, 2019 by Tom Nardi 11 Comments

You’d be hard pressed to find an IT back office that doesn’t have a few Cisco routers or switches laying around and collecting dust. We’d even bet there are a decent number of people reading this post right now that have a stack of them within arm’s reach. They’re the kind of thing most of us have no practical application for, but we still can’t bear to throw away. But it looks like [Sven Tantau] has found an ideal middle ground: rather than junk his Cisco Catalyst switches, he turned them into automatic bartenders.

Inspired by all those perfect little square openings on the front, [Sven] loaded each switch with a whopping 24 peristaltic pumps, one for each Ethernet port. To fit all his plumbing inside, the switches were naturally gutted to the point of being hollow shells of their former selves, although he does mention that their original power supplies proved useful for keeping two dozen power-hungry motors well fed.

The motors are connected to banks of relays, which in turn are thrown by an ESP32 and an Arduino Nano. [Sven] explains that he wasn’t sure if the ESP32 could fire off the relays with its 3 V output, so he decided to just use an Arduino which he already knew could handle the task. The two microcontrollers work in conjunction, with a web interface on the ESP32 ultimately sending I2C commands to the Arduino when it’s time to get the pumps spinning.

[Sven] mentions his robotic bartenders were a hit at the 2019 Chaos Communication Camp, where we know for a fact the computer-controlled alcohol was flowing freely. Of course, if you don’t intend on carrying your barbot around to hacker camps, you can afford to make it look a bit swankier.

Continue reading “Introducing The First Cisco Certified Mixologist” →

BSD Breathes New Life Into Obsolete Equipment

January 4, 2019 by Bryan Cockfield 26 Comments

An old laptop or desktop computer that’s seen better days might still have a little bit of use left in it for a dedicated task. Grabbing a lightweight flavor of Linux and running a web server, firewall, or Super Nintendo emulator might get a few more years out of it. You can also get pretty creative repurposing obsolete single purpose machines, as [Kristjan] did with some old Cisco server equipment.

The computer in question isn’t something commonly found, either. It’s an intrusion detection system meant to mount in a server rack and protect the server itself from malicious activity. While [Kristjan] mentions that Cisco equipment seems to be the definition of planned obsolescence, we think that this Intel Celeron machine with an IDE hard drive may have gone around the bend quite some time ago. Regardless, it’s modern enough to put back to work in some other capacity.

To that end, a general purpose operating system was installed, and rather than use Linux he reached for BSD to get the system up and running. There’s one other catch, though, besides some cooling issues. Since the machine was meant to be used in a server, there’s no ACPI which means no software shutdown capability. Despite all the quirks, you can still use it to re-implement a network security system if you wanted to bring it full-circle.

Becoming Your Own ISP, Just For Fun

November 18, 2017 by Lewin Day 46 Comments

When moving into a new house, it’s important to arrange for the connection of basic utilities. Electricity, water, and gas are simple enough, and then it’s generally fairly easy to set up a connection to an ISP for your internet connection. A router plugs into a phone line, or maybe a fiber connection and lovely packets start flowing out of the wall. But if you’re connected to the internet through an ISP, how is the ISP connected? [Kenneth] answers this in the form of an amusing tale.

It was during the purchase of data centre rack space that [Kenneth]’s challenge was laid down by a friend. Rather then simply rely on the connection provided by the data centre, they would instead rely on forging their own connection to the ‘net, essentially becoming their own Internet Service Provider.

This is known as creating an Autonomous System. To do this involves several challenges, the first of which is understanding just how things work at this level of networking. [Kenneth] explains the vagaries of the Border Gateway Protocol, and why its neccessary to secure your own address space. There’s also an amusing discussion on the routing hardware required for such a feat and why [Kenneth]’s setup may fall over within the next two years or so.

It’s not for the faint hearted, and takes a fair bit of paperwork, but [Kenneth] has provided an excellent guide to the process if you really, really just need to own your own corner of the internet. That said, there are other networking tricks to cut your teeth on if you’d like a simpler challenge, like tunneling IP over ICMP.

Dumb STB Gets Smart

September 1, 2017 by Anool Mahidharia 5 Comments

[Vincent Deconinck] gave a fresh lease of life to an old set top box by adding a few Euro’s worth of hardware and some software smarts. The device in question is an old VOOcorder – a Cisco set-top box provided by VOO, his cable service provider in Belgium.

The VOOcorder doesn’t have any WiFi hardware or browser / app based interfaces. It’s a simple device controlled either via an IR remote or front panel buttons. [Vincent] added an ESP8266 and hooked it up to the IR receiver on the set-top box. He also set it up as an SPI slave to the front panel VFD display controller and connected it to the debug serial interface of the VOOcorder as well. The software, on the other hand, required a lot more work consisting of code running on the ESP itself, several HTML pages and JavaScript code for the browser front end, and a few scripts running in the background.

The result was bidirectional interactivity from within a browser, allowing him to send commands and receive status information as well as providing a user-friendly search interface. Further, his browser interface was integrated with information from the service providers website letting him do scheduling and recording of programs. The stuff that interested us is how he sniffed out the IR signals, figured out the SPI protocol used by the front panel controller, and implemented SPI-slave mode for the ESP8266. [Vincent] was surprised that such a cheap device could handle three distinct web servers while parsing two message streams without a hitch.

It’s a great hack showing us how to use super cheap electronics to upgrade and modernize old hardware. Check out the two videos after the break – showing a demo of the hack in action, and a walk through of the hardware modifications.

Continue reading “Dumb STB Gets Smart” →