security

463 Articles

Pentesting Hack Chat This Wednesday

May 11, 2020 by 3 Comments

Join us on Wednesday, May 13 at noon Pacific for the Pentesting Hack Chat with Eric Escobar!

Ask anyone in this community to name their dream jobs and chances are pretty good that penetration tester will be somewhere on the shortlist. Pentesters are allowed — nay, encouraged — to break into secure systems, to test the limits and find weak points that malicious hackers can use to gain access. The challenge of hacking and the thrill of potentially getting caught combined with no chance of prosecution? And you get paid for it? Sounds good to us!

Professional pentesting is not all cops-and-robbers fun, of course. Pentesters have to stay abreast of the latest vulnerabilities and know what weaknesses are likely to exist at a given facility so they know what to target. There are endless hours of research, often laborious social engineering, and weeks of preparation before actually attempting to penetrate a client site. The attack could be as complex as deploying wireless pentesting assets via FedEx, or as simple as sprinkling thumb drives in the parking lot. But when it comes, a pentest often reveals just how little return companies are getting on their security investment.

As a consultant for a security firm, Eric Escobar gets to challenge companies on a daily basis. He’s also a regular on the con circuit, participating in challenges like Wireless CTF at DEF CON… until he won too many times. Now he helps design and execute the challenges, helping to share his knowledge with other aspiring pentesters. And he’ll stop by the Hack Chat to do the same with us, and tell us all about the business of keeping other businesses in business.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 13 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about. Continue reading “Pentesting Hack Chat This Wednesday”

What Does GitHub’s Npm Acquisition Mean For Developers?

March 26, 2020 by 33 Comments

Microsoft’s open-source shopping spree has claimed another victim: npm. [Nat Friedman], CEO of GitHub (owned by Microsoft), announced the move recently on the GitHub blog.

So what motivated the acquisition, and what changes are we likely to see as a result of it? There are some obvious upsides and integrations, but these will be accompanied by the usual dose of skepticism from the open-source community. The company history and working culture of npm has also had its moments in the news, which may well have contributed to the current situation. This post aims to explore some of the rationale behind the acquisition, and what it’s likely to mean for developers in the future.

Continue reading “What Does GitHub’s Npm Acquisition Mean For Developers?”

Breaking Into A Secure Facility: STM32 Flash

March 24, 2020 by 20 Comments

In a perfect world, everything would be open source. Our current world, on the other hand, has a lot of malicious actors and people willing to exploit trade secrets if given the opportunity, so chip manufacturers take a lot of measures to protect their customers’ products’ firmware. These methods aren’t perfect, though, as [zapb] shows while taking a deeper look into an STM microcontroller.

The STM32F0 and F1 chips rely on various methods of protecting their firmware. The F0 has its debug interface permanently switched off, but the F1 still allows users access to this interface. It uses flash memory read-out protection instead, which has its own set of vulnerabilities. By generating exceptions and exploiting the intended functions of the chip during those exceptions, memory values can be read out of the processor despite the memory read-out protection.

This is a very detailed breakdown of this specific attack on theses controllers, but it isn’t “perfect”. It requires physical access to the debug interface, plus [zapb] was only able to extract about 94% of the internal memory. That being said, while it would be in STM’s best interests to fix the issue, it’s not the worst attack we’ve ever seen on a piece of hardware.

Side-Channel Attacks Hack Chat With Samy Kamkar

March 23, 2020 by 3 Comments

Join us on Wednesday, March 25 at noon Pacific for the Side-Channel Attacks Hack Chat with Samy Kamkar!

In the world of computer security, the good news is that a lot of vendors are finally taking security seriously now, with the result that direct attacks are harder to pull off. The bad news is that in a lot of cases, they’re still leaving the side-door wide open. Side-channel attacks come in all sorts of flavors, but they all have something in common: they leak information about the state of a system through an unexpected vector. From monitoring the sounds that the keyboard makes as you type to watching the minute vibrations of a potato chip bag in response to a nearby conversation, side-channel attacks take advantage of these leaks to exfiltrate information.

Side-channel exploits can be the bread and butter of black hat hackers, but understanding them can be useful to those of us who are more interested in protecting systems, or perhaps to inform our reverse engineering efforts. Samy Kamkar knows quite a bit more than a thing or two about side-channel attacks, so much so that he gave a great talk at the 2019 Hackaday Superconference on just that topic. He’ll be dropping by the Hack Chat to “extend and enhance” that talk, and to answer your questions about side-channel exploits, and discuss the reverse engineering potential they offer. Join us and learn more about this fascinating world, where the complexity of systems leads to unintended consequences that could come back to bite you, or perhaps even help you.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 25 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Continue reading “Side-Channel Attacks Hack Chat With Samy Kamkar”

Thousands Of Internet-Connected Satellites Above Us, What Could Possibly Go Wrong!

March 19, 2020 by 55 Comments

Our skies are full of satellites, more full than they have been, that is, because SpaceX’s Starlink and a bevvy of other soon-to-launch operators plan to fill them with thousands of small low-earth-orbit craft to blanket the Earth with satellite Internet coverage. Astronomers are horrified at such an assault on their clear skies, space-watchers are fascinated by the latest developments, and in some quarters they’re causing a bit of concern about the security risk they might present. With a lot of regrettable overuse use of the word “hacker”, the concern is that such a large number of craft in the heavens might present an irresistible target for bad actors, who would proceed to steer them into each other can cause chaos.

Invest in undersea cables, folks, the Kessler Syndrome is upon us, we’re doomed!

Continue reading “Thousands Of Internet-Connected Satellites Above Us, What Could Possibly Go Wrong!”

Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup

March 9, 2020 by 13 Comments

What do potato chips and lost car keys have in common? On the surface, it would seem not much, unless you somehow managed to lose your keys in a bag of chips, which would be embarrassing enough that you’d likely never speak of it. But there is a surprising link between the two, and Samy Kamkar makes the association in his newly published 2019 Superconference talk, which he called “FPGA Glitching and Side-Channel Attacks.

Continue reading “Fear Of Potato Chips: Samy Kamkar’s Side-Channel Attack Roundup”

Wearable Cone Of Silence Protects You From Prying Ears

February 17, 2020 by 36 Comments

Careful,  the walls have ears. Or more specifically, the smart speaker on the table has ears, as does the phone in your pocket, the fitness band on your wrist, possibly the TV, the fridge, the toaster, and maybe even the toilet. Oh, and your car is listening to you too. Probably.

How does one fight this profusion of listening devices? Perhaps this wearable smart device audio jammer will do the trick. The idea is that the MEMS microphones that surround us are all vulnerable to jamming by ultrasonic waves, due to the fact that they have a non-linear response to ultrasonic signals. The upshot of that is when a MEMS hears ultrasound, it creates a broadband signal in the audible part of the spectrum. That creates a staticky noise that effectively drowns out any other sounds the microphone might be picking up.

By why a wearable? Granted, [Yuxin Chin] and colleagues from the University of Chicago have perhaps stretched the definition of that term a tad with their prototype, but it turns out that moving the jammer around does a better job of blocking sounds than a static jammer does. The bracelet jammer is studded with ultrasonic transducers that emit overlapping fields and result in zones of constructive and destructive interference; the wearer’s movements vary the location of the dead spots that result, improving jamming efficacy. Their paper (PDF link) goes into deeper detail, and a GitHub repository has everything you need to roll your own.

We saw something a bit like this before, but that build used white noise for masking, and was affixed to the smart speaker. We’re intrigued by a wearable, especially since they’ve shown it to be effective under clothing. And the effect of ultrasound on MEMS microphones is really interesting.

Continue reading “Wearable Cone Of Silence Protects You From Prying Ears”