Teensy AVRs Used In Penetration Testing

June 28, 2011 by Mike Nathan 42 Comments

netragard_penetration_testing_mouse

While some people know that you should be wary of USB drives with unknown origins, the same care is rarely, if ever exercised with USB peripherals. The security firm Netragard recently used this to their advantage when performing a penetration test at a client’s facility. When the client ruled out the use of many common attack vectors including social networks, telephones, social engineering, and unauthorized physical access from the test, the team at Netragard knew they would have to get creative.

They purchased a Logitech USB mouse and disassembled it in order to add their clever payload. A Teensy uC was programmed to emulate keyboard input, entering commands via the mouse’s USB connection once it had been connected to a computer. Using an undocumented exploit in McAfee’s antivirus suite, they were able to evade detection while their system entered commands to install malware from the flash drive they hid along side the Teensy.

Once the mouse was reassembled, they repackaged it along with some marketing materials to make it look like part of a promotional event. They purchased a detailed list of employees and singled out an easy target, sending their malicious mouse on its way. Within three days, their malware was loaded onto the victim’s computer and their test was deemed a success.

[Thanks, Aaron]

Ubuntu Laika – An Android Phone Pen Testing Platform

June 9, 2011 by Mike Nathan 11 Comments

laika_screenshot

Once [Ruan] over at AndroidClone heard that Android devices were capable of running a full Linux environment, he started contemplating all of the things he might be able to do with a full Linux OS in his pocket.

He decided that a portable penetration testing platform would be great to have on hand, so he got busy installing Ubuntu 10.10 on his Lenovo LePhone. Once he had it up and running, he stripped out all of the unnecessary fluff and added some common tools such as Wireshark, Nmap, and Kismet, among others. He says it easily runs side by side with Android, allowing you to switch between the Ubuntu install and your standard Android applications with ease.

While this all started out as a proof of concept, he has continued to refine the project, releasing several new versions along the way. If you are interested in giving it a try, he has installation instructions available in the AndroidClone forums.

[thanks Stephen]

Reverse Engineering Embedded Device Firmware

May 30, 2011 by Mike Nathan 17 Comments

While not necessarily an easy thing to learn, the ability to reverse engineer embedded device firmware is an incredibly useful skill. Reverse engineering firmware allows you to analyze a device for bugs and vulnerabilities, as well as gives you the opportunity to add features if you happen to be so inclined. When it comes to things such as jailbroken iPhones, Android phones, and Nooks, you can guarantee that a close look at the firmware helped to move the process along.

[Craig] works with embedded systems quite frequently and put together a detailed walkthrough demonstrating how he reverse engineers device firmware. The subject of his hacking was a new firmware package he obtained for a Linksys WWAG120 Wireless-N router.

His tutorial walks through some of the most common reverse engineering methods and tools, which allow him to slowly unravel the firmware’s secrets. When finished, he had a working copy of the router’s boot loader, kernel, and file system – all ready to be further analyzed. His writeup includes tons of additional details, so be sure to swing by his site if reverse engineering is something you are interested in.

Uber Keyboard Hides Security Tools In Plain Sight

May 18, 2011 by Mike Nathan 38 Comments

uber_keyboard

[EverestX] works in the Security industry and is often required to recover or penetrate various systems for a variety of reasons. He wanted to create an all-in-one tool that he could easily carry from job to job which would provide him with several essential functions. He required that the device house a bootable operating system through which he can perform his work, have an Internet connection capable of injection, and have enough storage capacity to back up passwords, images, etc.

He decided to build the system inside an old IBM M-type keyboard, which provides a solid typing experience and plenty of real estate for his various components. After converting the keyboard from PS/2 to USB, he installed a USB hub along with his flash drive and WiFi card.

Once he gets everything reassembled, it should prove to be a pretty stealthy and useful piece of equipment. A word to the wise – if you happen to see someone sneaking around your office with a 20-year old Type-M keyboard, be wary.

Modular Security System Is Portable Too

May 5, 2011 by Mike Nathan 11 Comments

diy_security_system

Hackaday reader [Oneironaut] wrote in to share a modular, portable security system he built for himself.

He likes visiting the Caribbean, but his favorite vacation spot is apparently rife with cat burglars. He enjoys sleeping with the windows open and wanted to find a way to scare off ne’er do wells. At home, there are a few different buildings on the property he owns, and he was looking to keep curious trespassers away.

The alarm system was built using a matrix keypad that interfaces with an ATMega88 micro controller. The micro controller handles all the logic for the system, triggering an attached “pocket alarm” when ever the sensor is tripped. Like most household alarms, it is armed and disarmed via the keypad, giving the user 60 seconds to enter the disarm code if the alarm has been mistakenly tripped. A wide array of trigger methods can be used, from mercury switches to motion detectors, since his alarm uses a simple plug interface that accepts any two-wire sensor.

Now, no one is claiming that this is high security by any means – the alarm addresses a couple of specific scenarios that apply to [Oneironaut], which may also be applicable to others out there. At the end of the day, the alarm is more meant to scare an intruder into fleeing than anything else, and in that respect, it works perfectly.

Continue reading to see a quick video demonstration of his alarm system in action.

Continue reading “Modular Security System Is Portable Too” →

Playstation Network Breached, No End To Downtime In Sight

April 27, 2011 by Mike Nathan 103 Comments

psn_logo

If you are not a gamer, or simply a casual player, you may not have heard about the recent breach of Sony’s Playstation Network. In short, the network was infiltrated on April 17th, and the service was completely shut down on the 19th as a precautionary measure. Now, more than a week later services have yet to be restored, but Sony is finally starting to talk a bit more about what happened.

At this point, nobody knows the total extent of the data stolen, but stories are emerging that indicate just about everything that could be accessed was accessed. Sony admits that information such as names, addresses, passwords, and security questions have all been accessed by an unauthorized third party. They have also not completely ruled out the possibility that credit card data has been stolen as well.

It seems the situation has turned from a mere inconvenience to PSN users into a full-blown security and PR nightmare. After a breach like this with so many questions left unanswered, and the gaming network rendered completely useless, we have to ask:

When everything is “fixed” and back to normal, what could Sony possibly do to regain your trust?

Location Tracking? ‘Droid Does

April 25, 2011 by Mike Nathan 40 Comments

i_spy

Last week, the Internet was alight with stories of iPhone location tracking. While this wasn’t exactly breaking news in security circles, it was new information to many people out there. Lots of blogs were full of commentary on the situation, including ours, with many Android users chiming in saying, “Android doesn’t do that”.

Well, that’s not entirely true – the playing field is far more level than most people would like to admit.

Android does have the same tracking capability, as do Windows Mobile phones for that matter. Both companies also monitor the cell towers you have connected to, as well as which Wi-Fi hotspots you have passed by. All three companies anonymize the data, though they do assign a unique ID to your location details in order to tell you apart from other users.

Where things really differ is in regards to how much information is stored. Microsoft claims that they only store the most recent location entry, while Andriod systems store the 200 most recent Wi-Fi hotspot locations as well as the most recent 50 cell towers.

At the end of the day each vendor does allow you to opt out of the tracking services, and if you are seriously concerned about the data they are tracking, you can always periodically wipe the information from your handset, should you desire.

[Image via TheTelecomBlog]