Simple Circuit Reminds You To Lock The Door As You Rush Out Of The House

October 11, 2011 by Mike Nathan 24 Comments

door_lock_minder

It seems that [pppd] is always rushing out of his apartment to catch the bus, and he finds himself frequently questioning whether or not he remembered to lock the door. He often doubles back to check, and while he has never actually forgotten to lock the door, he would rather not deal with the worry.

Since he finally had some free time on his hands, he decided to put together a simple device that would help end his worry once and for all. Using an ATtiny13, [pppd] designed a circuit that would detect when his door has been unlocked and opened, beeping every few seconds until the lock is reengaged. The circuit relies on a reed switch installed inside the door frame, which is tripped by the magnet he glued to his door’s deadbolt.

He says that the system works well so far, though he does have a few improvements in mind already.

Security System Gives You A Call When It Senses Intruders

September 8, 2011 by Mike Nathan 13 Comments

gsm_motion_detector_alarm_system

[Dimitris] decided to build a homemade alarm system, but instead of triggering a siren, sending an SMS message, or Tweeting about an intrusion, he preferred that his system call him when there was trouble afoot. He says that he preferred a call over text messaging because there are no charges associated with the call if the recipient does not pick up the line, which is not the case with SMS.

The system is based around an off the shelf motion detector that was hacked to work with an old mobile phone. The motion detector originally triggered a siren, but he stripped out the speaker and wired it to a bare bones Arduino board he constructed. The Arduino was in turn connected to the serial port of an unused Ericssson T10s mobile phone. This allows the Arduino to call his mobile phone whenever the motion detector senses movement.

The system looks to be quite useful, and while [Dimitris] didn’t include all of the code he used, he says others should be able to replicate his work without too much trouble.

Gyroscope-based Smartphone Keylogging Attack

August 18, 2011 by Mike Nathan 31 Comments

smartphone_keylogging_with_gyroscopes

A pair of security researchers have recently unveiled an interesting new keylogging method (PDF Research Paper) that makes use of a very unlikely smartphone component, your gyroscope.

Most smart phones now come equipped with gyroscopes, which can be accessed by any application at any time. [Hao Chen and Lian Cai] were able to use an Android phone’s orientation data to pin down what buttons were being pressed by the user. The attack is not perfect, as the researchers were only able to discern the correct keypress about 72% of the time, but it certainly is a good start.

This side channel attack works because it turns out that each button on a smart phone has a unique “signature”, in that the phone will consistently be tilted in a certain way with each keypress. The pair does admit that the software becomes far less accurate when working with a full qwerty keyboard due to button proximity, but a 10 digit pad and keypads found on tablets can be sniffed with relatively good results.

We don’t think this is anything you should really be worried about, but it’s an interesting attack nonetheless.

[Thanks, der_picknicker]

PS2 To USB Keyboard Converter Also Logs Your Keystrokes

August 16, 2011 by Mike Szczys 15 Comments

[Shawn McCombs] is up to no good with his first Teensy project. The board you see above takes the input from a PS2 keyboard and converts it to a USB connection. Oh, and did we mention that it also keeps track of everything you type as well?

From the beginning the project was intended to be a keylogger. It’s a man-in-the-middle device that could be hidden inside the case of a keyboard, making it appear to be a stock USB keyboard. Data is stored to an SD card so an attacker would need to gain access to the hardware after the data he’s targeting has been typed.

It works mostly as [Shawn] expected. He is, however, having trouble handling the CTRL, ALT, Windows, and Caps Lock keys. If this were actually being used maliciously it would be a dead giveaway. Many secure Windows machine require a CRTL-ALT-DELETE keystroke to access the login screen.

Home Automation Systems Easily Hacked Via The Power Grid

August 8, 2011 by Mike Nathan 40 Comments

x10_home_automation_hacked

As home automation becomes more and more popular, hackers and security experts alike are turning their attention to these systems, to see just how (in)secure they are.

This week at DefCon, a pair of researchers demonstrated just how vulnerable home automation systems can be. Carrying out their research independently, [Kennedy] and [Rob Simon] came to the same conclusion – that manufacturers of this immature technology have barely spent any time or resources properly securing their wares.

The researchers built tools that focus on the X10 line of home automation products, but they also looked at ZWave, another commonly used protocol for home automation communications. They found that ZWare-based devices encrypted their conversations, but that the initial key exchange was done in the open, allowing any interested 3rd party to intercept the keys and decrypt the communications.

While you might initially assume that attacks are limited to the power lines within a single house, [Kennedy] says that the signals leak well beyond the confines of your home, and that he was able to intercept communications from 15 distinct systems in his neighborhood without leaving his house.

Security Bot 2

July 28, 2011 by Kevin Dady 16 Comments

[William] Had originally built a little Security Bot to roam the halls of his house while he was not at home. He wanted a little bit more and started Security Bot 2 to include a good pile of sensors and add pan and tilt control to the onboard camera. Thanks to ordering pieces from a “who’s who” list of robotic and electronic hobby shops, the bits and pieces quickly arrived making assembly less tedious.

Packed on board of the 4WD platform are IR switches, IR distanace sensors, line sensors, Ultrasonic sensor, an Xbee (soon to be replaced with a WiFi Shield), pan/tilt brackets/servo, SpeakJet/TTS/Speakers, LCD, battery, serial motor controller, ICSP pocket programmer, Arduino Mega 2560, DSS Circuits Fuel Gauges, plus motors, batteries, camera, leds and a wiimote connection. (whew, that’s a mouth full)

All put together with some perfboards, breakout boards and a lot of jumper wire Security Bot2 is ready to patrol your premises!

London’s 44Con Is Looking For A Few Good Hackers

July 27, 2011 by Mike Nathan 5 Comments

44con_banner

While we see plenty of security-related conferences here in the US, our friends across the pond were apparently anxious to hold a large-scale security conference of their own. At the helm of the first ever 44Con are DEF CON Goon [Adrian] and Penetration Tester [Steve Lord]. The pair are quite involved in London’s security community and are looking to bring like-minded individuals together over four days of security talks and workshops.

While 44Con’s list of speakers has been wrapped up, they are still looking for people to help run workshops on the 1st and 2nd of September. They are requesting that any hackers in the area drop them a line if interested.

Taking a look at their site, you can see that they have a nice selection of talks lined up catering to those on the business side of Information Security as well as deep technical discussions about threats and vulnerabilities. If you plan on hitting up the conference, be sure to let us know in the comments section.