This Teddy Bear Steals Your Ubuntu Secrets

April 22, 2016 by Elliot Williams 20 Comments

Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.

And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.

We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.

Pine64: The Un-Review

April 21, 2016 by Brian Benchoff 160 Comments

Even before the announcement and introduction of the Raspberry Pi 3, word of a few very powerful single board ARM Linux computers was flowing out of China. The hardware was there – powerful 64-bit ARM chips were available, all that was needed was a few engineers to put these chips on a board, a few marketing people, and a contract manufacturer.

One of the first of these 64-bit boards is the Pine64. Introduced to the world through a Kickstarter that netted $1.7 Million USD from 36,000 backers, the Pine64 is already extremely popular. The boards are beginning to land on the doorsteps and mailboxes of backers, and the initial impressions are showing up in the official forums and Kickstarter campaign comments.

I pledged $15 USD to the Pine64 Kickstarter, and received a board with 512MB of RAM, 4K HDMI, 10/100 Ethernet and a 1.2 GHz ARM Cortex A53 CPU in return. This post is not a review, as I can’t fully document the Pine64 experience. My initial impression? This is bad. This is pretty bad.

Continue reading “Pine64: The Un-Review” →

VGA Output On A Freescale

February 26, 2016 by Bryan Cockfield 5 Comments

Even though VGA is an outdated and becoming somewhat deprecated, getting this video output running on non-standard hardware is a rite of passage for some hackers. [Andrew] is the latest to take up the challenge. He got VGA output on a Freescale i.MX233 and also got some experience diving into the Linux kernel while he was at it.

The Freescale i.MX233 is a single-board computer that is well-documented and easy to wire up to other things without specialized hardware. It has video output in the form of PAL/NTSC but this wasn’t quite enough for [Andrew]. After obtaining the kernel sources, all that’s needed is to patch the kernel, build the kernel, and build a custom DAC to interface the GPIO pins to the VGA connector.

The first thing that [Andrew] did was load up the Hackaday home page, which he notes took quite a while since the i.MX233 only runs at 454 MHz with just 64 MB of RAM. While our retro page may have loaded a little faster, this is still an impressive build and a great first step to exploring more of the Linux kernel. The Freescale i.MX233 is a popular chip for diving into Linux on single-board computers, and there’s a lot going on in that community. There are some extreme VGA hacks out there as well if that’s more your style.

The Internet Of Linux Things

February 25, 2016 by Al Williams 43 Comments

The Linux Foundation is a non-profit organization that sponsors the work of Linus Torvalds. Supporting companies include HP, IBM, Intel, and a host of other large corporations. The foundation hosts several Linux-related projects. This month they announced Zephyr, an RTOS aimed at the Internet of Things.

The project stresses modularity, security, and the smallest possible footprint. Initial support includes:

Arduino 101
Arduino Due
Intel Galileo Gen 2
NXP FRDM-K64F Freedom

The project (hosted on its own Website) has downloads for the kernel and documentation. Unlike a “normal” Linux kernel, Zephyr builds the kernel with your code to create a monolithic image that runs in a single shared address space. The build system allows you to select what features you want and exclude those you don’t. You can also customize resource utilization of what you do include, and you define resources at compile time.

By default, there is minimal run-time error checking to keep the executable lean. However, there is an optional error-checking infrastructure you can include for debugging.

The API contains the things you expect from an RTOS like fibers (lightweight non-preemptive threads), tasks (preemptively scheduled), semaphores, mutexes, and plenty of messaging primitives. Also, there are common I/O calls for PWM, UARTs, general I/O, and more. The API is consistent across all platforms.

You can find out more about Zephyr in the video below. We’ve seen RTOS systems before, of course. There’s even some for robots. However, having a Linux-heritage RTOS that can target small boards like an Arduino Due and a Freedom board could be a real game changer for sophisticated projects that need an RTOS.

Continue reading “The Internet Of Linux Things” →

Linux Mint Hacked Briefly – Bad ISOs, Compromised Forum

February 22, 2016 by Bob Baddeley 34 Comments

On February 20th, servers hosting the Linux Mint web site were compromised and the site was modified to point to a version of Mint with a backdoor installed. Very few people were impacted, fortunately; only those who downloaded Mint 17.3 Cinnamon on February 20th. The forum user database was also compromised.

What is most impressive here is not that Linux Mint was compromised, but the response and security measures that were already in place that prevented this from becoming a bigger problem. First, it was detected the same day that it was a problem, so the vulnerability only lasted less than a day. Second, it only affected downloads of a specific version, and only if they clicked a specific link, so anyone who was downloading from a direct HTTP request or a torrent is unaffected. Third, they were able to track down the names of three people in Bulgaria who are responsible for this hack.

As far as the forum compromise, the breech netted usernames, emails, and encrypted passwords, as well as personal information that forum users may have entered in signatures or private messages. It’s always nice to see when compromised sites are not storing passwords in plain text, though.

There is one security measure which should have protected against this and failed for a couple of reasons, and that’s the signature. Normally, the file download is accompanied by a signature which is generated from the file, like an MD5 or SHA checksum. By generating the checksum of the downloaded ISO file and comparing it to the reported signature on the web site, one can confirm that the file has downloaded correctly and that it is the same file. In this case anyone downloading the bad ISO should have caught that the downloaded file was not the official one because the signatures did not match. This can fail. Most people are too lazy to check (and there is no automated checking process). More importantly, because the attackers controlled the web site, they could change the site to report any signature they wanted, including the signature for the bad ISO file.

If you are affected by this, you should change your password on the forum and anywhere you use the same email/password. More importantly, as great as the verification signature is, shouldn’t there be a better way to verify so that people use it regularly and so that it can’t be compromised so easily?

Flip Your Desktop Over To Boot Linux

February 1, 2016 by Gerrit Coetzee 27 Comments

[Andy France] built his computer into a Windows XP box. (Yes, this is from the past.) He needed to run windows most of the time, but it was nice to boot into Linux every now and then. That’s where the problem lay. If he was running Linux on his Windows XP case mod, he’d get made fun of. The only solution was to make a Linux sleeve for his computer. He would slide the sleeve over the case whenever he ran Linux, and hide his shame from wandering eyes. Once his plan was fully formed, he went an extra step and modified the computer so that if the sleeve was on, it would automatically boot Linux, and if it was off it would boot Windows.

The Linux sleeve could only slide on if the computer was flipped upside down. So he needed to detect when it was in this state. To do this he wired a switch into one of the com ports of his computer, and attached it to the top of the case mod. He modified the assembly code in the MBR to read the state of the switch. When the Linux sleeve is on (and therefore the computer is flipped over) it boots Linux. When the sleeve is off, Windows. Neat. It would be cool to put a small computer in a cube and have it boot different operating systems with this trick. Or maybe a computer that boots into guest mode in one orientation, and the full system in another.

Continue reading “Flip Your Desktop Over To Boot Linux” →

Fingerprint Scanner For Laptop And Raspberry Pi (or Giving The Finger To Your Computer)

January 29, 2016 by Rud Merriam 28 Comments

We’ve got two hacks in one from [Serge Rabyking] on fingerprint scanning. Just before leaving on a trip he bought a laptop on the cheap. He didn’t pay much attention to the features and was disappointed it didn’t have a fingerprint scanner. Working in Linux he uses sudo a lot and typing the password is a hassle. Previously he just swiped his finger on the scanner and execution continued.

He found a cheap replacement fingerprint scanner on hacker’s heaven, also known as eBay. It had four wires attached to a 16 pin connector. Investigation on the scanner end showed the outer pair were power and ground which made [Serge] suspect it was a USB device. Wiring up a USB connector and trying it the device was recognized but with a lot of errors. He swapped the signal lines and everything was perfect. He had sudo at his finger tip.

Next he wonder if it would work with a Raspberry Pi. He installed the necessary fingerprint scanning software, ran the enrollment for a finger, and it, not terribly surprisingly, worked.

On Linux the command fprintd-enroll reads and stores the fingerprint information. By default it scans and saves the right index finger but all ten fingers can be scanned and stored. Use libpam-fprintd to enable account login using a finger. Anyone know how you can trigger other events using a different finger? A quick search didn’t turn up any results.

In true hacker style, [Serge] created his own fingerprint reader from a replacement part. But you can jump start your finger usage by purchasing one of many inexpensive available readers.