Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised

It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.

The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.

With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.

The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.

Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised”

The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!”

Hack long enough and hard enough, and it’s a pretty safe bet that you’ll eventually cause unintentional RF emissions. Most of us will likely have our regulatory transgression go unnoticed. But for one unlucky hacker in Ohio, a simple project ended up with a knock at the door by local authorities and pointed questions to determine why key fobs and garage door remotes in his neighborhood and beyond had suddenly been rendered useless, and why his house seemed to be at the center of the disturbance.

Few of us want this level of scrutiny for our projects, so let’s take a more in-depth look at the Great Ohio Key Fob Mystery, along with a look at the Federal Communications Commission regulations that govern what you can and cannot do on the airwaves. As it turns out, it’s easy to break the law, and it’s easy to get caught.

Continue reading “The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!””

Jeremy Hong: Weaponizing The Radio Spectrum

Jeremy Hong knows a secret or two about things you shouldn’t do with radio frequency (RF), but he’s not sharing.

That seems an odd foundation upon which to build one’s 2018 Hackaday Superconference talk, but it’s for good reason. Jeremy knows how to do things like build GPS and radar jammers, which are federal crimes. Even he hasn’t put his knowledge to practical use, having built only devices that never actually emitted any RF.

So what does one talk about when circumspection is the order of the day? As it turns out, quite a lot. Jeremy focused on how the military leverages the power of radio frequency jamming to turn the tables on enemies, and how civilian police forces are fielding electronic countermeasures as well. It’s interesting stuff, and Jeremy proved to be an engaging guide on a whirlwind tour into the world of electronic warfare.

Continue reading “Jeremy Hong: Weaponizing The Radio Spectrum”

Freak Out Your Smartphone With Ultrasound

There’s a school of thought that says complexity has an inversely proportional relation to reliability. In other words, the smarter you try to make something, the more likely it is to end up failing for a dumb reason. As a totally random example: you’re trying to write up a post for a popular hacking blog, all the while yelling repeatedly for your Echo Dot to turn on the fan sitting three feet away from you. It’s plugged into a WeMo Smart Plug, so you can’t even reach over and turn it on manually. You just keep repeating the same thing over and over in the sweltering July heat, hoping your virtual assistant eventually gets the hint. You know, something like that. That exact scenario definitely has never happened to anyone in the employ of this website.

Black Hat 2017 Presentation

So it should come as no surprise that the more sensors we pack into devices, the more potential avenues of failure we open up. [Julio Della Flora] writes in to tell us of some interesting experiments he’s been performing with the MEMS gyroscope in his Xiaomi MI5S Plus smartphone. He’s found that with a function generator and a standard speaker, he’s able to induce false sensor readings.

Now it should be said, [Julio] is not claiming to be the first person to discover that ultrasonic sound can confuse MEMS gyroscopes and accelerometers. At Black Hat 2017, a talk was given in which a “Sonic Gun” was used to do things like knock over self-balancing robots using the same principle. The researchers were also able to confuse a DJI Phantom drone, showing that the technique has the potential to be weaponized in the real-world.

It’s interesting to see more validation that not only is this a continuing issue with consumer devices, but that it doesn’t necessarily take expensive or exotic hardware to execute. Yet another reason to take ultrasound seriously as a potential threat.

Continue reading “Freak Out Your Smartphone With Ultrasound”

Beeping The Enemy Into Submission

In July 1940 the German airforce began bombing Britain. This was met with polite disagreement on the British side — and with high technology, ingenuity, and improvisation. The defeat of the Germans is associated with anti-aircraft guns and fighter planes, but a significant amount of potential damage had been averted by the use of radio.

Night bombing was a relatively new idea at that time and everybody agreed that it was hard. Navigating a plane in the dark while travelling at two hundred miles per hour and possibly being shot at just wasn’t effective with traditional means. So the Germans invented non-traditional means. This was the start of a technological competition where each side worked to implement new and novel radio technology to guide bombing runs, and to disrupt those guidance systems.

Continue reading “Beeping The Enemy Into Submission”

Self-assembling Polymers Support Silicone 3D Prints

We all know what the ultimate goal of 3D printing is: to be able to print parts for everything, including our own bodies. To achieve that potential, we need better ways to print soft materials, and that means we need better ways to support prints while they’re in progress.

That’s the focus of an academic paper looking at printing silicone within oil-based microgels. Lead author [Christopher S. O’Bryan] and team from the Soft Matter Research Lab at the University of Florida Gainesville have developed a method using self-assembling polymers soaked in mineral oil as a matrix into which silicone elastomers can be printed. The technique takes advantage of granular microgels that are “jammed” into a solid despite being up to 95% solvent. Under stress, such as that exerted by the nozzle of a 3D printer, the solid unjams into a flowing liquid, allowing the printer to extrude silicone. The microgel instantly jams back into a solid again, supporting the silicone as it cures.

[O’Bryan] et al have used the technique to print a model trachea, a small manifold, and a pump with ball valves. There are Quicktime videos of the finished manifold and pump in action. While we’ve covered flexible printing options before, this technique is a step beyond and something we’re keen to see make it into the hobby printing market.

[LonC], thanks for the tip.

Simple And Effective Car Lock Jammer Detector

[Andrew Nohawk], has noticed a spike of car break-ins and thefts — even in broad daylight — in his native South Africa. The thieves have been using remote jammers. Commercial detectors are available but run into the hundreds of dollars. He decided to experiment with his own rig, whipping up a remote jamming ‘detector’ for less than the cost of a modest meal.

Operating on the principle that most remote locks work at 433MHz, [Nohawk] describes how criminals ‘jam’ the frequency by holding down the lock button on another device, hoping to distort or outright interrupt the car from receiving the signal to lock the doors. [Nohawk] picked up a cheap 433MHz receiver (bundled with a transceiver), tossed it on a breadboard with an LED connected to the data channel of the chip on a 5V circuit, and voila — whenever the chip detects activity on that frequency, the LED lights up. If you see sustained activity on the band, there’s a chance somebody nearby might be waiting for you to leave your vehicle unattended.

If you want to know more about how these jamming attacks work, check out [Samy Kamkar’s] talk from the Hackaday SuperConference.

Continue reading “Simple And Effective Car Lock Jammer Detector”