Foil Impressioning Defeats Security Locks

February 3, 2010 by Mike Szczys 32 Comments

Apparently it’s been around for fifteen years but using foil impressions to pick locks is new to us. This is similar to using bump keys but it works on locks that are supposedly much more secure. This method uses a heavy gauge aluminum foil to grab and hold the pins in the correct place for the lock to be turned. The foil is folded over and slits are cut where each pin will fall. It is then inserted into a lock on a tool shaped like a key blank. Jiggle the tool for a bit and the cylinder will turn. This just reminds us that we’re much more dependent on the good will of our fellow citizens to not steal our stuff, rather than the deterrent that a lock provides.

We’ve embedded a detail and fascinating demonstration of this method after the break. The materials in the video are from a Chinese-made kit. We’re not sure where you find these types of locks, but we don’t feel any less secure since our keys could be obtained from a distance anyway.

Update: Video now embedded after the break. The link is down but you can try the Google Cache version.

Continue reading “Foil Impressioning Defeats Security Locks” →

NES Console To Cartridge Security In Depth

January 20, 2010 by Mike Szczys 45 Comments

[Segher] has reverse engineered the hardware and command set for the NES CIC chips. These chips make up the security hardware that validates a cartridge to make sure it has been licensed by Nintendo. Only after authentication will the console’s CIC chip stop reseting the hardware at 1 Hz. The was no hardware information available for these chips (go figure) so [Segher] had to do some sleuthing with the tools at hand which include some rom dumps from the chip pairs. He was nice enough to share his findings with us. We’re betting they’re not of much use to you but we found it an interesting read.

[Thank ppcasm]

[Photo credit: Breaking Eggs and Making Omelets]

Arduino Security With Frickin’ Laser

January 3, 2010 by Mike Szczys 15 Comments

[over9k] used his Arduino to set up a laser trip wire. The laser is mounted along side the Arduino, reflects off of a mirror, and shines on a photoresistor that interfaces via a voltage divider. The signal from the voltage divider is monitored for a change when the laser beam is broken. [over9k] set things up so that a webcam snaps a picture of the intruder and Twitters the event for easy notification. Video after the break walks through each of these steps.

This build is a bit rough around the edges but unlike other laser trip wires this keeps all the electronics in one place. The laser interface could be a bit more eloquent, and we’re wondering just how much current it is pulling off of the Arduino pins. But if you’re bored and have this stuff on hand it will be fun to play around with it. Continue reading “Arduino Security With Frickin’ Laser” →

GSM Cracked

December 30, 2009 by Devlin Thyne 14 Comments

[Karsten Nohl], with a group of security researchers has broken the A5/1 Stream Cipher behind GSM. Their project web site discusses their work and provides slides(pdf) presented at 26C3. A5/1 has had known vulnerabilities for some time now and is scheduled to be phased out for the newer KASUMI or A5/3 block cipher. This should be an interesting time in the cell phone business.

Thanks to [Tyco] and [MashupMark] for pointing us to this story.

http://online.wsj.com/article/SB10001424052748703510304574626451948722542.html?mod=rss_Today%27s_Most_Popular

GSM Enabled Security Door

November 28, 2009 by Mike Szczys 14 Comments

The security door at the front of [Oliver’s] building uses an intercom system to let in guests remotely. Each unit has an intercom handset with a button that unlocks the door. [Oliver] wanted a way to enter without carrying any extra items so he built a system to unlock the door with his cell phone.

He patched into the intercom and attached a GSM module. The module runs python so he wrote a script that will monitor the entryway buzzer, then wait for an approved cell phone connection to unlock it. He went through a couple of different iterations for the final project. The first attempt used XBee modules to communicate between the intercom handset and the GSM module. For the final version, he snaked cable through his wall using rare-earth magnets (creative!) in order to forgo the use of a battery in the handset.

Who doesn’t carry a cell phone with them? Because of this, the use of GSM modules in automation is a trend we think will continue to gain popularity.

Disabling Your Cell Phone’s Mic For Security

September 14, 2009 by Caleb Kraft 115 Comments

reedswitch

[Dan] set up this simple cell phone hack to disable his microphone when he’s not using his cell phone. He had read that the government can listen to you using your cell phone, even when it is off. This concerned him enough to hack into his phone. He removed the expansion port and wired the microphone to a magnetic reed switch. A strong magnet located in the screen side of his flip phone opens the circuit when he closes the phone. He notes that you could always just pop the battery out of your phone, but then you are left completely disconnected. This mod allows you to still receive phone calls.

Create A Temporary Phone Number With Inumbr

September 9, 2009 by Chris Gilmer 27 Comments

Maybe you don’t want that one person that has barged into your life to know your private phone number? Could be a salesperson or a co-worker who you aren’t that impressed with, but have to get in contact with. Check out inumbr.

inumbr is a free online service that gives US users the ability to set up a unique phone number, have it forwarded to any number within the US and then have it set to expire without a trace when finished with it. The unique inumbr’s are never reused, and can be extended if longer terms are required. Users choose from a list of 22 area codes from major US cities like Chicago, Los Angeles and New York, select an expiry date and set a number that it should be forwarded to. When the term is up, the number is expired from the system, and never used again for any other user. If you wish to use the number at a later date, you can log into the inumbr system and reactivate it.

As we are becoming more and more mobile and security conscious, the desire for these types of services grows. A phone number can now be given out at will, with security and privacy remaining intact. Google Voice is a major player in this arena. A somewhat similar service, they allow for a unique number with voice mail to forward to other numbers at will, creating a masked or unidentified private number that can be used to give out to 3rd parties. inumbr makes this process simpler with the ability to cut off and reactivate numbers as desired.