Security Bot 2

July 28, 2011 by Kevin Dady 16 Comments

[William] Had originally built a little Security Bot to roam the halls of his house while he was not at home. He wanted a little bit more and started Security Bot 2 to include a good pile of sensors and add pan and tilt control to the onboard camera. Thanks to ordering pieces from a “who’s who” list of robotic and electronic hobby shops, the bits and pieces quickly arrived making assembly less tedious.

Packed on board of the 4WD platform are IR switches, IR distanace sensors, line sensors, Ultrasonic sensor, an Xbee (soon to be replaced with a WiFi Shield), pan/tilt brackets/servo, SpeakJet/TTS/Speakers, LCD, battery, serial motor controller, ICSP pocket programmer, Arduino Mega 2560, DSS Circuits Fuel Gauges, plus motors, batteries, camera, leds and a wiimote connection. (whew, that’s a mouth full)

All put together with some perfboards, breakout boards and a lot of jumper wire Security Bot2 is ready to patrol your premises!

London’s 44Con Is Looking For A Few Good Hackers

July 27, 2011 by Mike Nathan 5 Comments

44con_banner

While we see plenty of security-related conferences here in the US, our friends across the pond were apparently anxious to hold a large-scale security conference of their own. At the helm of the first ever 44Con are DEF CON Goon [Adrian] and Penetration Tester [Steve Lord]. The pair are quite involved in London’s security community and are looking to bring like-minded individuals together over four days of security talks and workshops.

While 44Con’s list of speakers has been wrapped up, they are still looking for people to help run workshops on the 1st and 2nd of September. They are requesting that any hackers in the area drop them a line if interested.

Taking a look at their site, you can see that they have a nice selection of talks lined up catering to those on the business side of Information Security as well as deep technical discussions about threats and vulnerabilities. If you plan on hitting up the conference, be sure to let us know in the comments section.

Apple Laptop Batteries Vulnerable To Firmware Hack

July 23, 2011 by Mike Nathan 45 Comments

dead_and_busted_macbook_batteries

When you think about hacking laptops, it’s highly unlikely that you would ever consider the battery as a viable attack vector. Security researcher [Charlie Miller] however, has been hard at work showing just how big a vulnerability they can be.

As we have been discussing recently, the care and feeding of many batteries, big and small, is handled by some sort of microcontroller. [Charlie] found that a 2009 update issued by Apple to fix some lingering MacBook power issues used one of two passwords to write data to the battery controllers. From what he has seen, it seems these same passwords have been used on all batteries manufactured since that time as well. Using this data, he was subsequently able to gain access to the chips, allowing him to remotely brick the batteries, falsify data sent to the OS, and completely replace the stock firmware with that of his own.

He says that it would be possible for an attacker to inject malware into the battery itself, which would covertly re-infect the machine, despite all traditional removal attempts. Of course, replacing the battery would rectify the issue in these situations, but he says that it would likely be the last thing anyone would suspect as the source of infection. While using the battery to proliferate malware or cause irreversible damage to the computer would take quite a bit of work, [Charlie] claims that either scenario is completely plausible.

He plans on presenting his research at this year’s Black Hat security conference in August, but in the meantime he has created a utility that generates a completely random password for your Mac’s battery. He says that he has already contacted Apple to in order to help them construct a permanent fix for the issue, so an official patch may be available in the near future.

[Thanks, Sergio]

Building A Single-button Combination Lock

July 14, 2011 by Mike Nathan 15 Comments

single_button_arduino_combination_lock

[John Boxall] of Little Bird Electronics was thinking about combination locks, and how one might improve or at least change the way these locks work. Traditional combo locks can be implemented in a variety of ways, most of which we are all familiar with. Standard rotary padlock and keypad-based electronic safes work just fine, but he was interested to see how one might implement a single button combination lock.

[John] determined that the best, if not only way, to build this sort of lock would require him to measure button press intervals. In his case he decided to monitor the intervals between his button presses instead, but the concept is the same. He first tested himself to see how accurately he could press and release the button, leaving a one-second space between presses. After looking at the results he determined that he would need to incorporate at least a 10% margin for error into his code in order to compensate for human error.

He then created an Arduino sketch to test his idea, defining a set of key press intervals that could be used to ‘unlock’ his imaginary vault. It worked quite well, as you can see in the video demo below.

Now we’re not suggesting that you lock up your mint condition My Little Pony collection or your illegal arms stash with this type of lock, but it could be useful as an extra failsafe for certain projects/gadgets that you want to keep all to yourself.

Continue reading “Building A Single-button Combination Lock” →

Vodafone Femtocells Hacked, Root Password Revealed

July 14, 2011 by Mike Nathan 14 Comments

vodafone_femtocell_network_diagram

As phone systems have evolved over time, the desire to break them and exploit their usage continues to flourish. Just recently, [The Hacker’s Choice (THC)] announced that they had accessed secure data from Vodafone’s mobile phone network last year, via their femtocell product.

The purpose of the femtocell is to extend mobiile network coverage to locations where reception might not be ideal, routing calls to Vodafone’s network via IPSec tunnels. [THC] knew that this meant the femtocells required a high-level of interaction with the carrier’s traditional mobile network, so they started poking around to see what could be exploited.

After gaining administrative access to the femtocell itself using the root password “newsys”, they found that they were able to allow unauthorized users to utilize the service – a simple ToS violation. However, they also had the ability to force any nearby Vodafone subscriber’s phone to use their femtocell. This enabled them to request secret keys from Vodafone, which they could then use to spoof calls and SMS messages from the victim’s phone without their knowledge.

They have been kind enough to release all of the pertinent information about the hack on their wiki for any interested parties to peruse. Now we’re just wondering how long it takes before stateside carriers’ femtocells are exploited in the same fashion.

[Thanks, kresp0]

Shoulder Surfing With OpenCV

July 12, 2011 by Mike Nathan 14 Comments

shoulder_surfing_with_shoulder_pad

While it seems that many people are wise to shoulder surfing, keeping a lookout for anyone spying on their passwords, [Haroon] wrote in to remind us that the threat is just as real today as it ever was.

The subjects of his research are touch screen phones and tablets, which utilize on-screen keyboards for data entry. He says that while nearly all password entry boxes on these devices are obscured with the traditional line of asterisks, the keyboards themselves are quite an interesting vulnerability.

Since touch screen technology can be finicky at times, most vendors ship their devices with some sort of key press verification system. On the iPhone and iPad, for instance, each key is highlighted in blue following a button press. This functionality makes it quite easy for shoulder surfers to casually steal your password if you’re not paying attention.

But what if you are well aware of your surroundings? [Haroon] has developed a piece of software he calls shoulderPad, which is based on openCV that does the surfing for him. The application can monitor a video stream, live or recorded, extracting the user’s password from the highlighted button presses. His demonstrations show the recording taking place at a relatively close distance, but he says that it would be quite easy to use surveillance footage or zoom lenses to capture key presses from afar.

He does say that the button highlighting can be easily disabled in the iPhone’s options pane, which should negate this sort of attack for the most part.

Continue reading to see a quick video of shoulderPad in action.

Continue reading “Shoulder Surfing With OpenCV” →

Tweeting Home Alarm System

June 30, 2011 by Mike Nathan 9 Comments

Instructables user [willnue] wanted to build a DIY Tweeting alarm system from the ground up, but reconsidered after taking a close look at the scope of such a project. He settled on using an off the shelf security system, taking care of the Twitter interface on his own. He bought a GE 45142 Wireless alarm and promptly disassembled it to see how he might retrieve status messages from the unit.

He figured that monitoring the alarm’s LEDs would make the most sense, so he used a bit of Ethernet cable and wired all of the system’s indicators to his Arduino board. He hooked up an Ethernet shield to the Arduino, then wrapped the pair up in a plastic project box that closely matched the look of the security system. Once that was done, he wrote some simple code for the Arduino that monitors each of the alarm system’s six status lights, sending updates to Twitter via the ThingTweet service.

With this system you might not get your status messages in time to foil whoever is carrying off your plasma TV, but at least you will know what to expect once you get home!

If you want to keep tabs on [Will’s] security system to ~~find out the best time to rob him~~ see how things are going, check out his Twitter feed here.