holiday hacks

9 Articles

Check Your Halloween Candy For Malicious Payloads

October 28, 2019 by 31 Comments

There’s long been much handwringing around Halloween around the prospect of pins, needles and razor blades being hidden in candy and passed out to children. On the very rare occasion this does happen, the outcome is normally little more than some superficial cuts. However, for 2019, [MG] has developed an altogether different surreptitious payload to be delivered to trick or treaters.

Consisting of a small USB device named DemonSeed, it’s a HID attack gadget in the genre of the BadUSB devices we’ve seen previously. When plugged in, the unit emulates a USB keyboard and can be programmed to enter whatever keystrokes are necessary to take over the machine or exfiltrate data. Files are available on Github for those looking to replicate the device.

The trick here is in the delivery. [MG] has produced a large quantity of these small devices, packaging them in anti-static wrappers. The wrappers contain a note instructing children to insert them into their parent’s work computers to access “game codes”, and to share them with their friends while hiding them from adults.

The idea of children brazenly plugging hostile USB devices into important computers is enough to make any IT manager’s head spin, though we suspect [MG] doesn’t actually intend to deploy these devices in anger. It serves as a great warning about the potential danger of such an attack, however. Stay sharp, and keep your office door locked this October 31st!

Incredibly Heavy Ornament Likely Inappropriate To Hang On Tree

December 20, 2018 by 6 Comments

It’s that time of year again, and the Christmas hacks are flooding in thick and fast. To get into the Christmas spirit,  the FoxGuard team wanted a custom ornament to hang from the tree. They may have gotten more than they bargained for.

It’s a simple build that demonstrates the basic techniques of working with DACs and scopes in a charming holiday fashion. A Tektronix T932A analog oscilloscope is pressed into service as a display, by operating in XY mode. A Teensy 3.5 was then chosen for its onboard digital to analog converters, and used to output signals to draw a Christmas tree and star on the screen.

Old-school coders will appreciate the effort taken to plot the graphics out on graph paper. While the hack doesn’t do anything cutting edge or wild, it’s impressive how quick and easy this is thanks to modern development methods. While the technology to do this has existed for decades, a hacker in 1998 would have spent hours breadboarding a PIC microcontroller with DACs, let alone the coding required. We’ve come a long way.

It’s a bit of fun, but we highly recommend you don’t try and hang an analog scope off your tree at home. These WiFi-controlled ornaments are perhaps more suitable. Video after the break. Continue reading “Incredibly Heavy Ornament Likely Inappropriate To Hang On Tree”