security

473 Articles

Researchers Discover That Cars Can Be Hacked With Music

March 17, 2011 by 32 Comments

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

Passcode Protected Laser Tripwire Alarm System

March 11, 2011 by 13 Comments

laser_tripwire

Sometimes security doesn’t need to be overly complex to be effective. Instructables user [1234itouch] recently built a simple laser tripwire alarm that can be mounted virtually anywhere, complete with a keypad for disarming the device.

He mounted a photo cell in a project box, along with an Arduino and a 12-button key pad. A laser pointer is aimed at the photo cell from across a gap, which results in a steady voltage being read by the Arduino. When the laser beam is broken, a drop in voltage is detected, and the alarm sounds until you enter the proper pre-configured passcode. Entering the passcode triggers a 15 second grace period during which the the alarm cannot be tripped again.

It might not be built with triple-thick steel doors and thermo-sensors, but it’s a simple device for simple needs. In its current form it could be pretty useful, and with a little reworking, there are a wide range of things it could be used for.

Continue reading to see a demo video of the tripwire alarm, and be sure to check out these other tripwire-based security systems.

Continue reading “Passcode Protected Laser Tripwire Alarm System”

Remote Operated Security Gate Lets You Phone It In

March 2, 2011 by 20 Comments

ring_detection_circuit

[Itay] has a friend who works in a rented office where the parking lot is secured by a remote-controlled gate. Unfortunately, while his friend shares an office with several people, they only received a single remote. To help his friends out, he built a small device that triggers the remote control whenever a phone call is received.

The remote modification was rather straightforward. He simply opened the device, adding a single wire to each button terminal. Rather than connect to the remote using wires, he decided to fit it with what looks like a scavenged DC power jack. The ring detector circuitry was constructed and stuffed in a small phone box, which is connected to the remote using a DC power plug. It’s a great solution to the problem, but let’s just hope no one gets a hold of the phone number they used for the trigger!

There are plenty of pictures on his site, as well as video of the ring detector being tested. Unfortunately [Itay] lost the original schematics for the circuit, so you will have to flesh that part out on your own if you wish to build a similar device.

Keep reading to see a few videos of the remote in testing and in use.

Continue reading “Remote Operated Security Gate Lets You Phone It In”

Google Two-factor Authentication In A Wristwatch

February 27, 2011 by 13 Comments

chronos_two_factor_authentication

The Chronos watch from Texas Instruments is a handy little piece of hardware if placed in the right hands. If you are not familiar with the platform, it is marketed as a “wearable wireless development system that comes in a sports watch”. In plain English, it’s a wearable wireless MCU mated with a 96 segment LCD, that boasts an integrated pressure sensor and 3-axis accelerometer. It is capable of running custom firmware, which allows it to do just about anything you would like.

[Huan Trong] wanted to take advantage of Google’s new two-factor authentication, and decided his Chronos would make a great fob, since he would likely be wearing the watch most of the time anyhow. He put together some custom firmware that allows the watch to function as an authentication fob, providing the user with a valid Google passcode on command.

He does warn that the software is alpha code at best, stating that it doesn’t even allow the watch to keep time at the moment. We are definitely looking forward to seeing more code in the near future, keep up the great work!

Be sure to stick around to see a video of his watch in action.

Continue reading “Google Two-factor Authentication In A Wristwatch”

Security Audit Kit In A Mouse

January 29, 2011 by 23 Comments

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

Continue reading “Security Audit Kit In A Mouse”

Wireless Sniffing And Jamming Of Chronos And Iclicker

January 25, 2011 by 1 Comment

The ubiquitous presence of wireless devices combined with easy access to powerful RF development platforms makes the everyday world around us a wireless hacker’s playground. Yesterday [Travis Goodspeed] posted an article showing how goodfet.cc can be used to sniff wireless traffic and also to jam a given frequency. We’ve previously covered the work of [Travis] in pulling raw data from the IM-ME spectrum analyzer, which also uses goodfet.cc.

The Texas Instruments Chronos watch dev platform contains a C1110 chip, which among other things can provide accelerometer data from the watch to an interested sniffer. The i>clicker classroom response device (which houses a XE1203F chip) is also wide open to this, yielding juicy info about your classmates’ voting behaviour. There is still some work to be done to improve goodfet.cc, and [Travis] pays in beer–not in advance, mind you.

With products like the Chronos representing a move towards personal-area wireless networks, this sort of security hole might eventually have implications to individual privacy of, for example, biometric data–although how that might be exploited is another topic. Related to this idea is that of sniffable RFID card data. How does the increasing adoption of short-range wireless technologies affects us, both for good and bad? We invite you to share your ideas in the comments.

Radio Controlled Hard Drive Security

December 7, 2010 by 46 Comments

[Samimy] has put together this really neat video tutorial on building a Radio Controlled secure hard drive. How can a hard drive be radio controlled? That’s the first thing we thought too. He has torn apart a remote-controlled car and is using the guts to remotely switch on power to the drive. This means that the drive is only active if you boot the computer after you put the fob in the hidden security system. It looks like it would be fairly effective. We’re curious though, if he is putting the entire drive assembly inside his PC, why rely on batteries for the circuit? Why not pull from the PC power supply? Another neat upgrade might be connecting to an internal USB connection on the motherboard so a reboot isn’t necessary.

Check out the entire video after the break.
Continue reading “Radio Controlled Hard Drive Security”