security

470 Articles

Google Two-factor Authentication In A Wristwatch

February 27, 2011 by 13 Comments

chronos_two_factor_authentication

The Chronos watch from Texas Instruments is a handy little piece of hardware if placed in the right hands. If you are not familiar with the platform, it is marketed as a “wearable wireless development system that comes in a sports watch”. In plain English, it’s a wearable wireless MCU mated with a 96 segment LCD, that boasts an integrated pressure sensor and 3-axis accelerometer. It is capable of running custom firmware, which allows it to do just about anything you would like.

[Huan Trong] wanted to take advantage of Google’s new two-factor authentication, and decided his Chronos would make a great fob, since he would likely be wearing the watch most of the time anyhow. He put together some custom firmware that allows the watch to function as an authentication fob, providing the user with a valid Google passcode on command.

He does warn that the software is alpha code at best, stating that it doesn’t even allow the watch to keep time at the moment. We are definitely looking forward to seeing more code in the near future, keep up the great work!

Be sure to stick around to see a video of his watch in action.

Continue reading “Google Two-factor Authentication In A Wristwatch”

Security Audit Kit In A Mouse

January 29, 2011 by 23 Comments

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

Continue reading “Security Audit Kit In A Mouse”

Wireless Sniffing And Jamming Of Chronos And Iclicker

January 25, 2011 by 1 Comment

The ubiquitous presence of wireless devices combined with easy access to powerful RF development platforms makes the everyday world around us a wireless hacker’s playground. Yesterday [Travis Goodspeed] posted an article showing how goodfet.cc can be used to sniff wireless traffic and also to jam a given frequency. We’ve previously covered the work of [Travis] in pulling raw data from the IM-ME spectrum analyzer, which also uses goodfet.cc.

The Texas Instruments Chronos watch dev platform contains a C1110 chip, which among other things can provide accelerometer data from the watch to an interested sniffer. The i>clicker classroom response device (which houses a XE1203F chip) is also wide open to this, yielding juicy info about your classmates’ voting behaviour. There is still some work to be done to improve goodfet.cc, and [Travis] pays in beer–not in advance, mind you.

With products like the Chronos representing a move towards personal-area wireless networks, this sort of security hole might eventually have implications to individual privacy of, for example, biometric data–although how that might be exploited is another topic. Related to this idea is that of sniffable RFID card data. How does the increasing adoption of short-range wireless technologies affects us, both for good and bad? We invite you to share your ideas in the comments.

Radio Controlled Hard Drive Security

December 7, 2010 by 46 Comments

[Samimy] has put together this really neat video tutorial on building a Radio Controlled secure hard drive. How can a hard drive be radio controlled? That’s the first thing we thought too. He has torn apart a remote-controlled car and is using the guts to remotely switch on power to the drive. This means that the drive is only active if you boot the computer after you put the fob in the hidden security system. It looks like it would be fairly effective. We’re curious though, if he is putting the entire drive assembly inside his PC, why rely on batteries for the circuit? Why not pull from the PC power supply? Another neat upgrade might be connecting to an internal USB connection on the motherboard so a reboot isn’t necessary.

Check out the entire video after the break.
Continue reading “Radio Controlled Hard Drive Security”

Software Security Courtesy Of Child Labor

October 28, 2010 by 34 Comments

We couldn’t help but poke a little fun in the headline. This is [Alex Miller], a twelve year old who claimed a $3000 bounty from Mozilla. See, [Alex] is a self-taught security guru. When Mozilla upped the reward for discovering and reporting critical security flaws in their software he went to work searching for one. He estimates that he spent an hour and a half a day for ten days to find the hole. Fifteen hours of work for $3000? That’s pretty good!

Is it good or bad to pay for these kind of submissions? The real question: Is the bounty high enough to get blackhats to report vulnerabilities, rather than selling software that exploits them? Let us know what you think in the comments.

[via Zero Day]

Security Flaw Bypasses IPhone Lock Screen

October 26, 2010 by 53 Comments

It looks like the iPhone lock screen provides just a marginal level of protection. [Jordand321] discovered a key combination that opens the contact app on a locked iPhone. Just tap the emergency call button, enter the pound sign three times (###), then tap call and immediately tap the lock key on the top of the phone. If this is confusing just look at the video after the break to see how it’s done.

You don’t get access to everything on the device. But this does give an attacker access to all of your contact data and allows that person to make any calls they desire.

Continue reading “Security Flaw Bypasses IPhone Lock Screen”

Arduino, RFID, And You

October 7, 2010 by 13 Comments

[Matt] has mixed up a batch of two RFID reading door lock systems. While the “door lock” part of the setup has yet to come into existence, the “RFID reading” section is up and running. By using the Parallax RFID readers (for cheap, remember?) and an Arduino, [Matt] is able to parse an RFID tag, look its number up in a database, and then have a computer announce “Access Denied” in a creamy “Douglas Adam’s sliding door of Hitchiker’s Guide” kind of way with Python.

Good books aside, catch a not as exciting as you’re thinking video after the jump.

Continue reading “Arduino, RFID, And You”