Hackaday Links: February 14, 2010

February 14, 2010 by Mike Szczys 15 Comments

$30,000?

Is it art or is it a puzzle? Well, it functions as a game but it’s certainly a work of art and priced accordingly. The Superplexus was featured in Make Mazine and Hammacher Schlemmer sells it for thirty grand (you can’t just click to add it to your cart though). Think of the work that went into developing this! [via The Awesomer]

Rollable Display Update

[SeBsZ] continues work on his rollable display matrix. He’s got twenty five controller boards now and has them working as a matrix. We originally covered this in January but now it’s much easier to see how this can be made portable by mounting it on fabric or canvas. Check out the demo video if your interested.

Security testing suite

BackTrack 4 final has been released. If you didn’t like it when it was rough around the edges, you should give it another try. This lean and mean Linux ditro is made for security testing and is approachable for noob and pro alike. [Thanks Steve]

Power on the go

[Csae] uses this portable power center to fire up some studio strobes outside. It consists of a case, an uninterruptible power supply, and a couple of extension cords all hacked together into one. At first you might think this is a bit ghetto but it’s portable and it does what is intended.

Happy Valentine’s Day

Giving this LED-heart adorned shirt as a gift is sure to make your Valentine head for the hills. This project’s a few year’s old, but gawdy T-shirts never go out of style, right?

Chip And Pin Broken And Other Security Threats

February 12, 2010 by Mike Szczys 22 Comments

Another exploit has been found in the Chip and PIN system. The exploit is a man-in-the middle attack that wouldn’t take too much know-how to pull off. You can watch the BBC report on the issue or check out the paper (PDF) published by the team that found the vulnerability. A stolen card resides in a reader that connects to a dummy card via a small cable. When the dummy card is inserted into a card reader, any PIN can be used to complete the transaction. The chip on the original card gets confirmation that the sale was completed via signature and the vendor’s card reader gets confirmation that the pin was correct. The UK based Chip and PIN system seems like a great idea, but it has had its share of security loopholes. This makes us wonder how hard it is to roll out security patches to the hardware readers in the system. Obviously this needs to be patch but does it take a technician visiting each terminal to flash an upgrade?

Switching to the topic of wide-scale attacks, we caught the NPR interview with [James Lewis] on Wednesday when they discussed the growing threat of Cyberterroism. He feels an attack on the US electrical grid is currently the biggest threat and will happen in the next ten years. Obviously taking the grid down would endanger lives and bring things to a standstill; traffic lights, refrigeration, heat, etc. We’re just glad that when asked if he thinks there is already malicious code residing in the control system, he doesn’t think that’s the case.

[Thanks to Whatsisface and Mcinnes]

Foil Impressioning Defeats Security Locks

February 3, 2010 by Mike Szczys 32 Comments

Apparently it’s been around for fifteen years but using foil impressions to pick locks is new to us. This is similar to using bump keys but it works on locks that are supposedly much more secure. This method uses a heavy gauge aluminum foil to grab and hold the pins in the correct place for the lock to be turned. The foil is folded over and slits are cut where each pin will fall. It is then inserted into a lock on a tool shaped like a key blank. Jiggle the tool for a bit and the cylinder will turn. This just reminds us that we’re much more dependent on the good will of our fellow citizens to not steal our stuff, rather than the deterrent that a lock provides.

We’ve embedded a detail and fascinating demonstration of this method after the break. The materials in the video are from a Chinese-made kit. We’re not sure where you find these types of locks, but we don’t feel any less secure since our keys could be obtained from a distance anyway.

Update: Video now embedded after the break. The link is down but you can try the Google Cache version.

Continue reading “Foil Impressioning Defeats Security Locks” →

NES Console To Cartridge Security In Depth

January 20, 2010 by Mike Szczys 45 Comments

[Segher] has reverse engineered the hardware and command set for the NES CIC chips. These chips make up the security hardware that validates a cartridge to make sure it has been licensed by Nintendo. Only after authentication will the console’s CIC chip stop reseting the hardware at 1 Hz. The was no hardware information available for these chips (go figure) so [Segher] had to do some sleuthing with the tools at hand which include some rom dumps from the chip pairs. He was nice enough to share his findings with us. We’re betting they’re not of much use to you but we found it an interesting read.

[Thank ppcasm]

[Photo credit: Breaking Eggs and Making Omelets]

Arduino Security With Frickin’ Laser

January 3, 2010 by Mike Szczys 15 Comments

[over9k] used his Arduino to set up a laser trip wire. The laser is mounted along side the Arduino, reflects off of a mirror, and shines on a photoresistor that interfaces via a voltage divider. The signal from the voltage divider is monitored for a change when the laser beam is broken. [over9k] set things up so that a webcam snaps a picture of the intruder and Twitters the event for easy notification. Video after the break walks through each of these steps.

This build is a bit rough around the edges but unlike other laser trip wires this keeps all the electronics in one place. The laser interface could be a bit more eloquent, and we’re wondering just how much current it is pulling off of the Arduino pins. But if you’re bored and have this stuff on hand it will be fun to play around with it. Continue reading “Arduino Security With Frickin’ Laser” →

GSM Cracked

December 30, 2009 by Devlin Thyne 14 Comments

[Karsten Nohl], with a group of security researchers has broken the A5/1 Stream Cipher behind GSM. Their project web site discusses their work and provides slides(pdf) presented at 26C3. A5/1 has had known vulnerabilities for some time now and is scheduled to be phased out for the newer KASUMI or A5/3 block cipher. This should be an interesting time in the cell phone business.

Thanks to [Tyco] and [MashupMark] for pointing us to this story.

http://online.wsj.com/article/SB10001424052748703510304574626451948722542.html?mod=rss_Today%27s_Most_Popular

GSM Enabled Security Door

November 28, 2009 by Mike Szczys 14 Comments

The security door at the front of [Oliver’s] building uses an intercom system to let in guests remotely. Each unit has an intercom handset with a button that unlocks the door. [Oliver] wanted a way to enter without carrying any extra items so he built a system to unlock the door with his cell phone.

He patched into the intercom and attached a GSM module. The module runs python so he wrote a script that will monitor the entryway buzzer, then wait for an approved cell phone connection to unlock it. He went through a couple of different iterations for the final project. The first attempt used XBee modules to communicate between the intercom handset and the GSM module. For the final version, he snaked cable through his wall using rare-earth magnets (creative!) in order to forgo the use of a battery in the handset.

Who doesn’t carry a cell phone with them? Because of this, the use of GSM modules in automation is a trend we think will continue to gain popularity.