This Week In Security:Malicious Previews, VNC Vulnerabilities, Powerwall, And The 5th Amendment

Malware embedded in office documents has been a popular attack for years. Many of those attacks have been fixed, and essentially all the current attacks are unworkable when a document is opened in protected view. There are ways around this, like putting a notice at the top of a document, requesting that the user turn off protected view. [Curtis Brazzell] has been researching phishing, and how attacks can work around mitigations like protected view. He noticed that one of his booby-trapped documents phoned home before it was opened. How exactly? The preview pane.

The Windows Explorer interface has a built-in preview pane, and it helpfully supports Microsoft Office formats. The problem is that the preview isn’t generated using protected view, at least when previewing Word documents. Generating the preview is enough to trigger loading of remote content, and could feasibly be used to trigger other vulnerabilities. [Curtis] notified Microsoft about the issue, and the response was slightly disappointing. His discovery is officially considered a bug, but not a vulnerability.

VNC Vulnerabilities

Researchers at Kaspersky took a hard look at several VNC implementations, and uncovered a total of 37 CVEs so far. It seems that several VNC projects share a rather old code-base, and it contains a plethora of potential bugs. VNC should be treated similarly to RDP — don’t expose it to the internet, and don’t connect to unknown servers. The protocol wasn’t written with security in mind, and none of the implementations have been sufficiently security hardened.

Examples of flaws include: Checking that a message doesn’t overflow the buffer after having copied it into said buffer. Another code snippet reads a variable length message into a fixed length buffer without any length checks. That particular function was originally written at AT&T labs back in the late 90s, and has been copied into multiple projects since then.

There is a potential downside to open source that is highlighted here. Open source allows poorly written code to spread. This isn’t a knock against open source, but rather a warning to the reader. Just because code or a project uses an OSS license doesn’t mean it’s secure or high quality code. There are more vulnerabilities still in the process of being fixed, so watch out for the rest of this story. Continue reading “This Week In Security:Malicious Previews, VNC Vulnerabilities, Powerwall, And The 5th Amendment”

The Easiest Thermal Camera Build You’ll Ever See

Thermal cameras are one of those tools that we all want, but just can’t justify actually buying. You don’t really know what you would do with one, and when even the cheap ones are a couple hundred dollars, it’s a bit out of the impulse buy territory. So you just keeping waiting and hoping that eventually they’ll drop to the price that you can actually own one yourself.

Well, today might be the day you were waiting for. While it might not be the prettiest build, we think you’ll agree it can’t get much easier than what [vvkuryshev] has put together. His build only has two components: a Raspberry Pi and a thermal camera module he picked up online for about $80 USD. There isn’t even any wiring involved, the camera fits right on the Pi’s GPIO header.

Of course, you probably wouldn’t be seeing this on Hackaday if all he had to do was just buy a module and solder it to the Pi’s header. As with most cheap imported gadgets, the GY-MCU90640 module that [vvkuryshev] bought came with some crusty Windows software which wasn’t going to do him much good on the Raspberry Pi. But after going back and forth a bit with the seller, he was able to get some documentation for the device that put him on the right track to writing a Python script which got it working under Linux.

The surprisingly simple Python script reads a frame from the camera four times a second over serial and run it through OpenCV. It even adds some useful data like the minimum and maximum temperatures in the frame to the top of the image. Normally the script would output to the Pi’s primary display, but if you want to use it remotely, [vvkuryshev] says he’s had pretty good luck running it over VNC. In fact, he says that with a VNC application on your phone you could even use this setup on the go, though the setup is a bit awkward for that in its current incarnation.

This isn’t the first DIY thermal camera build we’ve seen, and it isn’t even the first one we’ve seen that leveraged a commercially available imaging module. But short of buying a turn-key camera, we don’t see how it could get any easier to add heat vision to your bag of tricks.

Hacker Heroism: Building Your Way Out Of AV Hell

Many years ago, in a rainy concrete jungle on the west coast of Australia, I worked for a medium-sized enterprise doing a variety of office-based tasks. Somehow, I found myself caught up in planning a product launch event outside the official remit of my position. We got through it, but not before the audiovisual (AV) setup of the event turned into one giant hack.

The initial planning stages went remarkably smoothly until less than a month out from the big day when three weeks of frantic changes and revisions to the presentation rained down. These were some of the hardest days of my working life to date, as it seemed that we would lock in a new arrangement, only to tear it up days later as some new vital criteria came to light, throwing everything back into disarray.

Things came to a head on the night before the event. Working with two different AV teams we had planned for four projection screens and five flat screen televisions spread throughout the venue and controlled from the central AV desk. But somewhere in all those changes the televisions were set up to all display a still image, or nothing at all. I needed to show different videos on each and have the ability to black them all out.

It was at this point I realized we were screwed. The production team simply didn’t have the hardware to drive another five screens, but they could source it — for the sum of $5000. Management were furious, and were under the impression, like myself that this was what we had asked and paid for already. I was at an impasse, and beginning to wonder if I’d have a job come Monday. I wandered off to a corner to curse, and more importantly, think. After all, I’m a hacker — I can get through this.

Continue reading “Hacker Heroism: Building Your Way Out Of AV Hell”

Networking: Pin The Tail On The Headless Raspberry Pi

Eager to get deeper into robotics after dipping my toe in the water with my BB-8 droid, I purchased a Raspberry Pi 3 Model B. The first step was to connect to it. But while it has built-in 802.11n wireless, I at first didn’t have a wireless access point, though I eventually did get one. That meant I went through different ways of finding it and connecting to it with my desktop computer. Surely there are others seeking to do the same so let’s take a look at the secret incantations used to connect a Pi to a computer directly, and indirectly.

Continue reading “Networking: Pin The Tail On The Headless Raspberry Pi”

Control Alexa Echo From Anywhere In The World

If you are not within ear-shot of your Alexa Echo, Dot or Tap device and need to command it from anywhere in the world, you’d most likely use the handy mobile app or web interface to control it. For some strange reason, if you’d rather use voice commands from anywhere in the world, you can still do it using apps such as Alexa Listens or Reverb, among many others. We’d be the first ones to call these out and say “It’s not a hack”. But [pat dhens] approach is above reproach! He has posted details on how to Remote Control the Alexa Echo from Anywhere in the World. Short version of the hack — he’s using a Raspberry Pi with a speaker attached to it which commands his Alexa Tap using a text-to-speech converter program.

The long version is short as well. The user uses a VPN, such as OpenVPN, to log in to their home network where the Alexa device is located. Then, use VNC to connect to the Raspberry Pi to access its shell. Finally, the user issues a text command which is converted to speech by the ‘festival‘ program on the Raspberry Pi. The output goes to an external speaker via the Raspberry Pi’s 3.5 mm audio out jack. And that’s all there is to it. You’ve just issued a voice command to your Alexa from across the world.

Maybe it will save your vocal chords from damage due to excessive hollering, we guess. He’s even made a short video to prove that it works. Now all it needs is a microphone to listen to Alexa, convert speech-to-text, and then transmit it back to you across the world to complete the cycle.

We’re not sure, but he thinks this hack will lead him to world domination. Good Luck with that.

Continue reading “Control Alexa Echo From Anywhere In The World”

When Your Screen Breaks In The Himalayas

If you’ve ever had the screen break on your laptop, you’ll know it can be rather annoying to have to use an external monitor for a while as you either wait for a replacement panel to arrive from the other side of the world, or wait for that new laptop you were just desperate for an excuse to upgrade to.

Spare a thought, then, for [tom bh] whose laptop screen broke while he was in Ladakh, Northern India. Two days bus ride from the nearest city in which he could hope to source a replacement part, he had to make do with the resources in front of him. A laptop with a broken screen, and his Android phone.

He was fortunate in that a few lines at the top of the screen still worked intermittently. So after logging in blind and finding himself in a shell, he could execute commands and then scroll the results up to the point at which they were visible. He first enabled an SSH server, then connected his phone via USB. A bit of work to find the laptop’s IP address, and he could get himself a laptop shell on his phone with an Android SSH client. He goes into detail about how he was able to use the laptop’s keyboard to emulate a Bluetooth device which he connected to the phone. He could then run a VNC server on the laptop and connect to it with a VNC client on the phone, resulting in a phone-sized laptop display using the laptop’s keyboard as input. Not a perfect physical terminal by any means, but enough for him to continue working.

His writeup is an especially interesting read for its side-by-side evaluation of the various different application choices he made, and contains some useful suggestions as to how anyone might prepare themselves for a dead screen related emergency.

We’ve featured a dead-screen laptop connected as a serial terminal with an Arduino in the past, but unlike this one that only gave its owner a prompt.

Via Hacker News.

DTMF Robot Makes Rube Goldberg Proud

Sometimes you start building, and the project evolves. Layers upon layers of functionality accrue, accrete, and otherwise just pile up. Or at least we’re guessing that’s what happened with [Varun Kumar]’s sweet “Surveillance Car Controlled by DTMF“.

In case you haven’t ever dug into not-so-ancient telephony, Dual-tone, multi-frequency signalling is what made old touch-tone phones work. DTMF, as you’d guess, encodes data in audio by playing two pitches at once. Eight tones are mapped to sixteen numbers by using a matrix that looks not coincidentally like the old phone keypad (but with an extra column). One pitch corresponds to a column, and one to a row. Figure out which tones are playing, and you’ve decoded the signal.

Anyway, you can get DTMF decoder chips for pennies on eBay, and they make a great remote-control interface for a simple robot, which is presumably how [Varun] got started. And then he decided that he needed a cell phone on the robot to send back video over WiFi, and realized that he could also use the phone as a remote controller. So he downloaded a DTMF-tone-generator app to the phone, which he then controls over VNC. Details on GitHub.

Continue reading “DTMF Robot Makes Rube Goldberg Proud”