Mike Ossmann and Dominic Spill have been at the forefront of the recent wave of software-defined radio (SDR) hacking. Mike is the hardware guy, and his radio designs helped bring Bluetooth and ISM-band to the masses. Dominic is the software guy who makes sure that all this gear is actually usable. The HackRF SDR is still one of the best cheap choices if you need an SDR that can transmit and receive.
So what are these two doing on stage giving a talk about IR communication? Can you really turn traffic lights green by blinking lights? And can you spoof a TV remote with a cardboard cutout, a bicycle wheel, and a sparkler? What does IR have to do with pirates, and why are these two dressed up as buccaneers? Watch our video interview and find out, or watch the full talk for all of the juicy details.
Continue reading “Mike Ossmann and Dominic Spill: IR, Pirates!”
[Emilio Ficara] [built himself an Internet-connected MQTT multimeter](http://ficara.altervista.org/) (translated from Italian by robots). Or maybe we should say that [Emilio Ficara] undertook a long string of cool hacks that ended up in a WiFi-enabled multimeter, because the destination isn’t nearly as interesting as the voyage.
The multimeter, a DT-4000ZC, has a serial output but instead of transferring the data directly, it sends which cells on the LCD screen need to be activated. For testing along the way, [Emilio] used his own USB-serial-to-ESP01 dongle, which sounds like a useful tool to have around if you’re debugging an AT command session. He made a cute AVR SPI-port debugging aid with a reset button and diagnostic LEDs that we’re going to copy right now. Other home-made tools, like a 3.7V Li-ion battery manager and a serial data snooper make this project worth a look.
Continue reading “Voltmeter Speaks MQTT Without Libraries”
On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most
firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
Thereifixedit.com is a site filled with dubious innovations. Some of them are cool, some of them are clever, and most of them are terrifying. Anyone who has ever stood in front of a broken household appliance with a roll of duct tape, one screw driver with a bit chipped off the flat part, and determination will laugh themselves silly browsing through this site. Maybe some of the ghetto hacks we covered before should be in this list.
[Thanks for the link Dad]
Less than a week after American Airlines introduced in-flight internet, hackers have already figured out how to use the system to make VoIP calls in a few easy steps with Phweet, a Twitter application. While the network blocks most VoIP services, Phweet can connect two people using a Flash app. Aircell, the company responsible for the system, is aware of the oversight, but it remains to be seen whether this little loophole will be fixed in a timely manner. Meanwhile, we encourage those of you who do fly on American Airlines to avoid making those phone calls; your neighbor would probably appreciate it.
Security-Hacks has a great roundup of essential Bluetooth hacking tools. As they point out, Bluetooth technology is very useful for communication with mobile devices. However, it is also vulnerable to privacy and security invasions. Learning the ins and outs of these tools will allow you to familiarize yourself with Bluetooth vulnerabilities and strengths, and enable you to protect yourself from attackers. The list is separated into two parts – tools to detect Bluetooth devices, and tools to hack into Bluetooth devices. Check out BlueScanner, which will detect Bluetooth-enabled devices, and will extract as much information as possible from those devices. Other great tools to explore include BTCrawler, which scans for Windows Mobile devices, or Bluediving, which is a Bluetooth penetration suite, and offers some unique features like the ability to spoof Bluetooth addresses, and an L2CAP packet generator. Most of the tools are available for use with Linux platforms, but there are a few you can also use with Windows.