30c3 video: hacking RFID public access control systems

In this video from the 30th Chaos Communications Congress, Adrian Dabrowski lectured on RFID based access control systems which are becoming common in Europe. These systems debuted in 2006 and use RFID cards as a substitute for a previous mechanical key system to allow emergency service, delivery and other personnel unassisted access to the common […]

Academic paper: hacking with RF replay attacks

If you’re new to RF hacking you may have heard the term “replay attack” and wondered what it takes to implement one. In this academic presentation Practicing a Record-and-Replay System on USRP a group of researchers from the Shenzhen Key Lab of Advanced Communications and Information Processing and Shenzhen University, give a succinct and practical […]

Dissertation: security analysis of contactless payment cards

Here’s an interesting academic document we found related to hardware hacking. In this published doctoral dissertation, Timo Kasper from the Ruhr-University Bochum, Germany, presents in detail his efforts in analyzing the security of Mifare smart cards. “The tools are first employed for analyzing a contactless payment application, which is based on Mifare Classic technology, with […]

GrrCON 2013 – Pwnage from the Skies!

At the GrrCON 2013 conference last Fall, Philip Polstra presented on the use of the AirDeck Linux based aero mobile pen testing device. This presentation will introduce the AirDeck which is the latest extension to The Deck penetration testing and forensics program. The Deck made its US debut at GrrCON 2012. The Deck is a […]

NSA wants to build quantum computer to penetrate “hard targets”

The Washington Post is reporting that the NSA is building a computer to defeat all forms of encryption commonly used to ensure privacy of personal communications and data. The project seeks to build “a cryptologically useful quantum computer” which would open the door to easily breaking the strongest encryption tools in use today, including a […]

CCC Video: Extracting keys from FPGAs, OTP tokens and door locks

This presentation on extracting keys from FPGAs, OTP Tokens and door locks is from the recent Chaos Communications Conference (CCC) in Hamburg, Germany. In it David briefly introduces implementation attacks and side-channel analysis (SCA) in particular, along with related methods to bypass security mechanisms and extract secret keys. “The main focus is on three case […]

Android privacy controls appear, disappear in 4.3 – 4.4 transition

Apparently what “the Google” gives, “the Google” can take away. Recently Android was being lauded for adding additional privacy controls to Android 4.3+, allowing users to install apps while denying some of the apps’ attempts to collect the user’s data. This feature was accessible by installing a tool like App Ops Launcher (pictured above.) However, […]

Secure Drop open source project

“SecureDrop is an open-source whistleblower submission system managed by Freedom of the Press Foundation that media organizations use to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz.” SecureDrop is dependent on the Tor project, meaning sources who submit documents and journalists who download these documents must connect to […]

The street lights really ARE tracking you

Reuters has reported that overhead street lights are being retrofitted with multi-sensor capabilities. One such platform being used is known as Netsense by Sensity. The Sensity site describes the platform thusly: NetSense integrates LED lighting, sensors, high-speed networking, cloud computing, and big data analytics into a single, MultiService Platform (MSP). With NetSense you get distributed […]

Blackhat Euro: cheap open source USB drive write blocker

At last year’s Blackhat Europe con, Philip A. Polstra, Sr. from the University of Dubuque gave a presentation detailing how to protect your USB security drive toolkit from auto erasure by the target machine. He describes the design of an open source USB flash drive write blocker based on the FTDI VNC2 MCU. His presentation […]

One Time Password (OTP) doorlock

Luca Dentella has just published his latest project, an Arduino-based door lock you can open using time-based OTP codes (compliant to the RFC 6238). “The simplest way to generate those codes is the use of Google Authenticator, a free mobile app. I’ve also prepared a simple webpage you can use to configure (scanning a QRCode) […]

HP laptop security flaw discovered using RTL-SDR

Cronek reports discovering a security flaw in the microphone on certain HP laptops. Using his RTL-SDR dongle and SDR# he observed unusual signals around 24 MHz. He discovered that his HP EliteBook 8460p laptop computer was continuously and unintentionally transmitting the audio from the built in microphone at 24 MHz in FM modulation anytime the […]

Advice: what to expect when authorities confiscate your electronics

It’s unfortunate that we have to consider these matters, but with governments worldwide obsessed with violating the privacy of ordinary citizens we found a well documented post which puts some flesh on what some naively view as skeletal paranoia. In this comprehensive article Violet Blue of ZDNet outlines the tools and techniques government agents worldwide […]

Blackhat presentation slides: Android master key

Bluebox CTO, Jeff Forristal’s presentation slide package entitled “Android: One Root to Own Them All” about his research that uncovered the Android Master Key is now available. This presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013. The vulnerability involves discrepancies in how Android […]

What is tomographic motion detection?

Recognizing the shortcomings of traditional PIR and ultrasonic sensors used in alarm systems, security researcher Connected Ape decided to explore other options. He discovered this patent for a mesh system of RF nodes, designed to detect the presence of humans based on changes in the baseline signal strength between nodes. While such commercial systems are […]

Internet census maps usage via network of open embedded devices

A security research group has completed an Internet census revealing interesting facts on usage. According to the abstract by the crew from Carna Botnet, While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login […]

Dead drop file sharing revisited

The concept of dead drops, where USB thumbdrives are installed in public places for the distribution of files “off the grid” has been a popular topic. Now Steve Schuler writes in with his new take on this concept currently featured in Science 2.0. His article describes low tech ways to place dead drop drives in […]

HITB Amsterdam 2013: Aircraft RF hacking

At the recently concluded HackInTheBox 2013 (HITB) conference German security consultant Hugo Teso has once again drawn into question the security of aero comms. In a presentation at the Amsterdam conference, Hugo highlighted the security vulnerabilities of the Automatic Dependent Surveillance-Broadcast (ADS-B) and Aeronautical Communications Addressing and Reporting System (ACARS) digital aero radio data systems. […]

Shmoocon 2013: Sniffing Bluetooth low energy

In this presentation from the recent Shmoocon 2013 conference in Washington, DC, Mike Ryan from iSec Partners discusses the new generation of wireless hacking tools to intercept and inject Bluetooth Low Energy (BTLE) communications. Also known as Bluetooth Smart, BTLE was defined in the BT 4.0 spec and will be appearing in a growing number […]