Sick Beats: Using Music And Smartphone To Attack A Biosafety Room

Imagine a movie featuring a scene set in a top-secret bioweapons research lab. The villain, clad in a bunny suit, strides into the inner sanctum of the facility — one of the biosafety rooms where only the most infectious and deadliest microorganisms are handled. Tension mounts as he pulls out his phone; surely he’ll use it to affect some dramatic hack, or perhaps set off an explosive device. Instead, he calls up his playlist and… plays a song? What kind of villain is this?

As it turns out, perhaps one who has read a new paper on the potential for hacking biosafety rooms using music. The work was done by University of California Irvine researchers [Anomadarshi Barua], [Yonatan Gizachew Achamyeleh], and [Mohammad Abdullah Al Faruque], and focuses on the negative pressure rooms found in all sorts of facilities, but are of particular concern where they are used to prevent pathogens from escaping into the world at large. Continue reading “Sick Beats: Using Music And Smartphone To Attack A Biosafety Room”

Digispark Spoofs IR To Get Speakers Under Control

The Microlab 6C are a pretty nice pair of speakers, but [Michał Słomkowski] wasn’t too thrilled with the 8 watts they consume when on standby. The easy fix is to just unplug them when they aren’t in use, but unfortunately the digital controls on the front panel mean he’s got to turn them on, select the correct input, and turn the volume up to the appropriate level every time they’re plugged back in. Surely there must be a better way.

His solution was to use a Digispark to fire off the appropriate IR remote codes so they’d automatically be put back into a usable configuration. But rather than putting an IR LED on one of the GPIO pins, he simply spliced it into the wire leading back from the speaker’s IR receiver. All his code needs to do is generate the appropriate pulses on the line, and the speaker’s electronics think its a signal coming in from the remote.

Distinctive patterns on the IR sensor wires.

Power for the Digispark is pulled from the speaker itself, so it turns on once [Michał] plugs them back in. The code waits five seconds to make sure the hardware has had time to start up, then proceeds with the “Power On”, “Change Input”, and “Volume Up” commands with a few seconds in between each for good measure.

Not only was it easier to skip the IR and inject the signals directly, but it also made for a cleaner installation. Since the microcontroller doesn’t need line of sight to the IR receiver, [Michał] was able to hide it inside the speaker’s enclosure. From the outside, the modification is completely invisible.

We’ve seen similar code injection tricks used before, and it’s definitely one of those techniques you should file away mentally for future reference. Even though more and more modern devices are embracing WiFi and Bluetooth control, the old school IR remote doesn’t seem like it’s going away anytime soon.

Giving Recalled Fitness Trackers A Second Chance

When it was released back in 2012, the Basis B1 fitness tracker was in many ways ahead of its time. In fact, the early smartwatch was so impressive that Intel quickly snapped up the company and made it the cornerstone of their wearable division. Unfortunately a flaw in their next watch, the Basis Peak, ended up literally burning some wearers. Intel was forced to recall the whole product line, and a year later dissolved their entire wearable division.

Given their rocky history, it’s probably no surprise that these gadgets can be had quite cheaply on the second hand market. But can you do anything with them? That’s what [Ben Jabituya] recently decided to find out, and the results of his experiments certainly look very promising. So far he hasn’t found a way to activate a brand-new Basis watch, but assuming you can get your hands on one that was actively being used when Intel pulled the plug, his hacks can be used to get it back up and running.

Examining the downloaded sensor logs.

The Basis Android application has long since been removed from the Play Store, but [Ben] said it wasn’t too hard to find an old version floating around on the web. After decompiling the application he discovered the developers included a backdoor that lets you configure advanced options that would normally be hidden.

How do you access it? As a reminder of the era in which the product was developed, you simply need to log into the application using Jersey and Shore as the username and password, respectively.

Between the developer options and API information he gleaned from the decompiled code, [Ben] was able to create a faux Basis authentication server and point the application to it. That let him get past the login screen, after which he was able to sync with the watch and download its stored data. Between examinations with a hex editor and some open source code that was already available online, he was able to write a Python script for parsing the data which he’s been kind enough to share with the world.

We’re very pleased to see an open source solution that not only gets these “bricked” smartwatches back online, but allows the user to keep all of the generated data under their own control. If you’d like to do something similar with a device that doesn’t have a history of releasing the Magic Smoke, the development of an open source firmware for more modern fitness trackers might be of interest.

Continue reading “Giving Recalled Fitness Trackers A Second Chance”

E-Book Reader Gets Page Turn Buttons, Is None The Wiser

Most e-book readers don’t have physical page turn buttons. Why? They just don’t. Virtual page turns are accomplished with a tap at a screen edge. Determined to reduce the awkwardness of one-handed use, [Sagar Vaze] modified a Kobo e-reader with two physical page turn buttons as a weekend project.

[Sagar] points out that since the underlying OS of the Kobo device is Linux, it is possible to fake touches to the screen (and therefore trigger page turns) by recording then replaying the appropriate input event. However, there was a more direct solution available to those willing to tamper slightly with the hardware. Touch sensing on the screen is done via an infrared break-beam system. Along two edges of the screen are IR emitters, and opposite the emitters are receivers. Broadly speaking, when a fingertip touches the display a minimum of two IR beams are broken, and the physical location of the fingertip can therefore be determined by analyzing exactly how the IR pattern has been changed.

To spoof page turns, [Sagar] briefly shorts two IR emitters: one on each axis. The sudden winking out of the IR is interpreted by the device as a crisp tap, and the device obediently turns the page. The only hitch is that both IR emitters must be shorted at the same time. If one is shorted before the other, the device ignores it. Double-pole switches would probably do the trick, but with the part bin coming up empty in that respect, [Sagar] instead used a few transistors to accomplish the same thing. A 3D printed enclosure rounds out the whole mod, and a brief video is embedded below.

Continue reading “E-Book Reader Gets Page Turn Buttons, Is None The Wiser”

The Inventions Of Arthur Paul Pedrick

We hear a lot about patent portfolios when we scan our morning dose of tech news stories. Rarely a day passes without news of yet another legal clash between shady lawyers or Silicon Valley behemoths, either settling spats between multinationals or the questionable activities of patent trolls.

These huge and well-heeled organisations hold many patents, which they gather either through their staff putting in the hard work to make the inventions, or by acquisition of patents from other inventors. It is not often that a large quantity of patents are amassed by any other means, for example by an individual.

There is one prolific individual inventor and holder of many patents though. He achieved notoriety not through his inventions being successful, but through their seeming impracticability while conforming to the rules of the patent system. His name was [Arthur Paul Pedrick], and he was a retired British patent examiner who filed a vast number of eccentric patents from the early 1960s until his death in the mid 1970s, all of which stretched the boundaries of practicality.

His subject matter was varied, but included a significant number of transport inventions as well as innovations in the field of energy and nuclear physics. We wish there was room to feature them all on these pages, but sadly they are so numerous that it is difficult even to pick the selection we can show you. So sit down, and enjoy the weird and wonderful world of [Pedrick] innovations.

Continue reading “The Inventions Of Arthur Paul Pedrick”

Social Logons

SpoofedMe Attack Steals Accounts By Exploiting Social Login Mechanisms

We’ve all seen the social logon pop up boxes. You try to log into some website only to be presented with that pop up box that says, “Log in with Facebook/Twitter/Google”. It’s a nice idea in theory. You can log into many websites by using just one credential. It sounds convenient, but IBM X-Force researchers have recently shown how this can be bad for the security of your accounts. And what’s worse is you are more vulnerable if the service is offered and you are NOT using it. The researcher’s have called their new exploit SpoofedMe. It’s aptly named, considering it allows an attacker to spoof a user of a vulnerable website and log in under that user’s account.

So how does it work? The exploit relies on vulnerabilities in both the identity provider (Facebook/Twitter/etc) and the “relying website”. The relying website is whatever website the user is trying to log into using their social media account. The easiest way to describe the vulnerability is to walk through an example. Here we go.

Let’s imagine you are an attacker and you want to get into some victim’s Slashdot account. Slashdot allows you to create a local account within their system if you like, or you can log in using your LinkedIn account. Your victim doesn’t actually have a LinkedIn account, they use a local Slashdot account.

The first step of your attack would be to create a LinkedIn account using your victim’s email address. This needs to be the same address the victim is using for their local Slashdot account. This is where the first vulnerability comes in. LinkedIn needs to allow the creation of the account without verifying that the email address belongs to you.

The second step of the attack is now to attempt to log into Slashdot using your newly created LinkedIn account. This is where the second vulnerability comes in. Some social media services will authenticate you to websites like Slashdot by sending Slashdot your user information. In this case, the key piece of information is your email address. Here’s the third vulnerability. Slashdot sees that your LinkedIn account has the same email address as one of their local users. Slashdot assumes that LinkedIn has verified the account and permits you, the attacker, to log in as that user. You now have access to your victim’s Slashdot account. In another scenario, Slashdot might actually merge the two credentials together into one account.

What’s really interesting about this hack is that it isn’t even very technical. Anyone can do this. All you need is the victim’s email address and you can try this on various social media sites to see if it works. It’s even more interesting that you are actually more vulnerable if you are not using the social logons. Some real world examples of this vulnerability are with LinkedIn’s social logon service, Amazon’s service, and MYDIGIPASS.com’s service. Check out the demonstration video below. Continue reading “SpoofedMe Attack Steals Accounts By Exploiting Social Login Mechanisms”

Hacking Dell Laptop Charger Identification

If you’ve ever had a laptop charger die, you know that they can be expensive to replace. Many laptops require you to use a ‘genuine’ charger, and refuse to boot when a knock off model is used. Genuine chargers communicate with the laptop and give information such as the power, current, and voltage ratings of the device. While this is a good safety measure, ensuring that a compatible charger is used, it also allows the manufacturers to increase the price of their chargers.

[Xuan] built a device that spoofs this identification information for Dell chargers. In the four-part series (1, 2, 3, 4), the details of reverse engineering the communications and building the spoofer are covered.

Dell uses the 1-Wire protocol to communicate with the charger, and [Xuan] sniffed the communication using a MSP430. After reading the data and verifying the CRC, it could be examined to find the fields that specify power, voltage, and current.

Next, a custom PCB was made with two Dell DC jacks and an MSP430. This passes power through the board, but uses the MSP430 to send fake data to the computer. The demo shows off a 90 W adapter pretending to run at 65 W. With this working, you could power the laptop from any supply that can meet the requirements for current and voltage.