security

463 Articles

Decoy Killswitch Triggers Alarm Instead

February 17, 2025 by 43 Comments

There are a few vehicles on the road that are targeted often by car thieves, whether that’s because they have valuable parts, the OEM security is easily bypassed, or even because it’s an antique vehicle that needs little more than a screwdriver to get started. For those driving one of these vehicles an additional immobilization feature is often added, like a hidden switch to deactivate the fuel pump. But, in the continual arms race between thieves and car owners, this strategy is easily bypassed. [Drive Science] hopefully took one step ahead though and added a decoy killswitch instead which triggers the alarm.

The decoy switch is placed near the steering column, where it would easily be noticed by a thief. Presumably, they would think that this was the reason the car wouldn’t start and attempt to flip the switch and then start the ignition. But secretly, the switch activates a hidden relay connected to the alarm system, so after a few seconds of the decoy switch activating, the alarm will go off regardless of the position of this switch. This build requires a lot of hiding spots to be effective, so a hidden method to deactivate the alarm is also included which resets the relay, and another killswitch which actually disables the fuel pump is also added to another secret location in the car.

As far as “security through obscurity” goes, a build like this goes a long way to demonstrate how this is an effective method in certain situations. All that’s generally needed for effective car theft prevention is to make your car slightly more annoying to steal than any other car on the road, and we think that [Drive Science] has accomplished that goal quite well. Security through obscurity is generally easily broken on things deployed on a much larger scale. A major European radio system was found to have several vulnerabilities recently thanks in part to the designers hoping no one would look to closely at them.

Continue reading “Decoy Killswitch Triggers Alarm Instead”

Screenshot of Linux in a PDF in a browser

Nice PDF, But Can It Run Linux? Yikes!

February 10, 2025 by 21 Comments

The days that PDFs were the granny-proof Swiss Army knives of document sharing are definitely over, according to [vk6]. He has managed to pull off the ultimate mind-bender: running Linux inside a PDF file. Yep, you read that right. A full Linux distro chugging along in a virtual machine all encapsulated within a document. Just when you thought running DOOM was the epitome of it. You can even try it out in your own browser, right here. Mind-boggling, or downright Pandora’s box?

Let’s unpack how this black magic works. The humble PDF file format supports JavaScript – with a limited standard library, mind you. By leveraging this, [vk6] managed to compile a RISC-V emulator (TinyEMU) into JavaScript using an old version of Emscripten targeting asm.js instead of WebAssembly. The emulator, embedded within the PDF, interfaces with virtual input through a keyboard and text box.

The graphical output is ingeniously rendered as ASCII characters – each line displayed in a separate text field. It’s a wild solution but works astonishingly well for something so unconventional.

Security-wise, this definitely raises eyebrows. PDFs have long been vectors for malware, but this pushes things further: PDFs with computational power. We know not to trust Word documents, whether they just capable of running Doom, or trash your entire system in a blink. This PDF anomaly unfolds a complete, powerful operating system in front of your very eyes. Should we think lightly, and hope it’ll lead to smarter, more interactive PDFs – or will it bring us innocent looking files weaponized for chaos?

Curious minds, go take a look for yourself. The project’s code is available on GitHub.

Continue reading “Nice PDF, But Can It Run Linux? Yikes!”

All The Attacks On The RP2350

January 15, 2025 by 29 Comments

Raspberry Pi’s new microcontroller, the RP2350, has a small section of memory that is meant for storing secrets. It’s protected by anti-glitching and other countermeasures, and the Raspberries wanted to test it. So this summer, they gave them out, pre-programmed with a secret string, as part of the badge for DEFCON attendees. The results of the cracking efforts are in, and it’s fair to say that the hackers have won.

First place went to [Aedan Cullen], who also gave a great talk about how he did it at 38C3. One of the coolest features of the RP2350, from a hacker perspective, is that it has dual ARM and dual RISC-V cores onboard, and they can be swapped out by multiplexers. The security module has a critical register that has disable bits for both of these processors, but it turns out that the ARM disable bits have priority. When [Aedan] glitched the security module just right, it disabled the ARM cores but left the RISC-V cores running in the secure context, with full debug(!), and the game was over. As of yet, there is no mitigation for this one, because it’s baked into the secure boot module’s silicon.

[Marius Muench] managed to pre-load malicious code into RAM and glitch a reboot-out-of-secure-mode on the USB module. This one is possibly fixable by checking other reboot flags. [Kévin Courdesses] has a sweet laser fault-injection rig that’s based on the 3D-printable OpenFlexure Delta Stage, which we’ve seen used for microscopy purposes, but here he’s bypassing the anti-glitching circuitry by exposing the die and hitting it hard with photons.

Finally, [Andrew Zonenberg] and a team from IOActive went at the RP2350 with a focused ion beam and just read the memory, or at least the pairwise-OR of neighboring bits. Pulling this attack off isn’t cheap, and it’s a more general property of all anti-fuse memory cells that they can be read out this way. Chalk this up as a mostly-win for the offense in this case.

If you want to read up on voltage glitching attacks yourself, and we promise we won’t judge, [Matthew Alt] has a great writeup on the topic. And ironically enough, one of his tools of choice is [Colin O’Flynn]’s RP2040-based Chip Shouter EMP glitcher, which he showed us how to make and use in this 2021 Remoticon talk.

British Commuters Get Their WiFi Hacked

September 27, 2024 by 24 Comments

As if there weren’t enough worrying global news stories already, today the British press and media have been full of a story involving the public WiFi networks at some major railway stations. Instead of being faced with the usual don’t-be-naughty terms and conditions page, commuters were instead faced with a page that definitely shouldn’t have been there.

Hackaday readers will immediately have guessed what is likely to have happened. This is probably more of a compromise of the page than of the network itself, and, indeed, the BBC are reporting that it may have come via an administrator account at Network Rail’s er… network provider. Fortunately, it seems the intent was to spread a political message rather than malware, so perhaps those travelers got off lightly. The various companies involved have all got the proverbial egg on their faces, and we’re glad we don’t work in the IT department concerned.

Continue reading “British Commuters Get Their WiFi Hacked”

Raspberry Pi Becomes Secure VPN Router

September 16, 2024 by 20 Comments

OpenWRT is a powerful piece of open-source software that can turn plenty of computers into highly configurable and capable routers. That amount of versatility comes at a cost, though; OpenWRT can be difficult to configure outside of the most generic use cases. [Paul] generally agrees with this sentiment and his latest project seeks to solve a single use case for routing network traffic, with a Raspberry Pi configured to act as a secure VPN-enabled router configurable with a smartphone.

The project is called PiFi and, while it’s a much more straightforward piece of software to configure, at its core it is still running OpenWRT. The smartphone app allows most users to abstract away most of the things about OpenWRT that can be tricky while power users can still get under the hood if they need to. There’s built-in support for Wireguard-based VPNs as well which will automatically route all traffic through your VPN of choice. And, since no Pi router is complete without some amount of ad blocking, this router can also take care of removing most ads as well in a similar way that the popular Pi-hole does. More details can be found on the project’s GitHub page.

This router has a few other tricks up its sleeve as well. There’s network-attached storage (NAS) built in , with the ability to use the free space on the Pi’s microSD card or a USB flash drive. It also has support for Ethernet and AC1300 wireless adapters which generally have much higher speeds than the built-in WiFi on a Raspberry Pi. It would be a great way to build a guest network, a secure WiFi hotspot when traveling, or possibly even as a home router provided that the home isn’t too big or the limited coverage problem can be solved in some other way. If you’re looking for something that packs a little more punch for your home, take a look at this guide to building a pfSense router from the ground up.

Your Data In The Cloud

August 17, 2024 by 33 Comments

I try not to go off on security rants in the newsletter, but this week I’m unable to hold back. An apparent breach of a data aggregator has resulted in a monster dataset of US, UK, and Canadian citizens names, addresses, and social security numbers. As a number of reports have pointed out, the three billion records in the breach likely contain duplicate individuals, because they include all the addresses where you’ve lived, and there have only been on the order of 450 million US social security numbers issued anyway.

But here’s the deal. Each of these data aggregators, and each of the other companies that keep tons of data on you, are ticking time bombs. Maybe not every one of them gets breached, but there’s certainly enough incentive for the bad guys to try to do so. (They are looking to sell the NPD dataset mentioned above for $3.5 million.)

My gut feeling is that eventually all of the information on everyone will be released. Maybe then it will cease to be interesting to new crops of crooks, because there’s nothing new to learn.

On the other hand, the sheer quantity of identity thefts that this, and future breaches, will unleash on us all is mind-boggling. In the case of legitimate data aggregators like this one, requesting to have had your data out of their dataset appears to have been a viable defense. But for every one legit operator, there are others that simply track you. When they get hacked, you lose.

This breach is likely going to end in a large lawsuit against the company in question, but it almost certainly won’t be big enough to cover the damage to everyone in the affected countries. Is it time that companies that hold large datasets will have to realize that the data is a liability as well as an asset?

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

A Cute Sentry Scans Your Net For Scullduggery

July 4, 2024 by 10 Comments

As long as we get to make our own network security tools, why not make them look cute? Netgotchi may not be much more than an ESP8266 running network scans and offering up a honeypot service, but it smiles while sits on your desk and we think that’s swell.

Taking inspiration from a recent series of red-team devices that make hacking adorable, most obviously pwnagotchi (and arguably Flipper), Netgotchi lives on the light side of the Force. Right now, it enumerates the devices on your network and can alert you when anything sketchy joins in. We can totally imagine customizing this to include other network security or health checks, and extending the available facial expressions accordingly.

You might not always be thinking about your network, and if you’re like us, that’s probably just fine. But we love standalone displays that show one thing in an easily digestable manner, and this fits the bill, with a smile.