Pwnie Express’ Pwn Plug R2 lets you hackproof networks over 4G

Pwnie Express' Pwn Plug R2 lets you hackproof networks over 4G

Pwnie Express has a knack for stuffing powerful security testing tools into innocuous housings, and this time their flexing that unique talent with the Pwnie Plug R2. Ars Technica's gotten ahold of the contraption ahead of its debut at the Black Hat conference, and it's boasting a healthy number of upgrades, including 4G service through AT&T and T-Mobile. Security hawks keen on testing network safety will be greeted with a fresh UI, one-click penetration tests and a new OS dubbed Pwnix, which is a custom version of the Debian-based Linux distro Kali. When it comes to hardware, the box packs a 1.2GHz Armada-370 ARM CPU, 1GB of RAM, a 32GB microSDHC card, a pair of gigabit Ethernet ports, a high-gain industrial Bluetooth adapter, two USB slots and a microUSB port. Naturally, the package supports WiFi 801.11 b/g/n and carries a SIM slot for those cases where you need to SSH in from halfway 'round the globe. If the $895 asking price doesn't make you flinch -- or you dig daydreaming about hacking for good or evil -- venture to the source for a breakdown of the gear's abilities.

Filed under:

Comments

Source: Ars Technica

Automotive takeover schemes to be detailed at Defcon hacker conference

Automotive takeover schemes to be detailed at Defcon hacker conference

It's not like Toyota hasn't already faced its fair share of Prius braking issues, but it appears that even more headaches are headed its way at Defcon this week. Famed white hats Charlie Miller and Chris Valasek are preparing to unleash a 100-page paper at the annual hacker conference in Las Vegas, and notably, hacks that overtake both Toyota and Ford automotive systems will be positioned front and center. The information was gathered as part of a multi-month project that was funded by the US government, so it's important to note that the specifics of the exploits will not be revealed to the masses; they'll be given to the automakers so that they can patch things up before any ill-willed individuals discover it on their own.

Using laptops patched into vehicular systems, the two were able to force a Prius to "brake suddenly at 80 miles an hour, jerk its steering wheel, and accelerate the engine," while they were also able to "disable the brakes of a Ford Escape traveling at very slow speeds." Of course, given just how computerized vehicles have become, it's hardly shocking to hear that they're now easier than ever to hack into. And look, if you're really freaked out, you could just invest in Google Glass and walk everywhere.

Filed under: ,

Comments

Source: Reuters

Some SIM cards can be hacked ‘in about two minutes’ with a pair of text messages

Some SIM cards can be hacked 'in about two minutes' with a pair of text messages

Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.

Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.

Filed under: ,

Comments

Source: New York Times

Security experts hack payment terminals to steal credit card info, play games

Security experts show payment terminal vulnerabilities by playing racing game with pinpad

If a payment terminal could be forced into servitude as a crude handheld gaming device, what else could it be made to do? Researchers at the Black Hat conference showed just what mischief a commonly used UK PoS terminal could get up to when they inserted a chip-and-pin card crafted with malicious code. That enabled them to install a racing game and play it, using the machine's pin pad and screen. With the same hack, they were able to install a far less whimsical program as well -- a Trojan that could record card numbers and PINs, which could be extracted later by inserting another rogue card. On top of that, criminals could use the same method to fool the terminal into thinking a transaction was bank-approved, allowing them to walk out of a store with goods they hadn't paid for. Finally, the security gurus took a device popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control. Makes you want to put those credit cards (and NFC devices) away and stick to cash -- at least you can see who's robbing you blind.

[Original image credit: Shutterstock]

Filed under:

Security experts hack payment terminals to steal credit card info, play games originally appeared on Engadget on Fri, 27 Jul 2012 06:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourcePC World  | Email this | Comments

Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY gadget

Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY gadget

Admittedly, the headline is designed to get your dander up. You're in no immediate danger of a technologically-gifted thief plugging a couple of wires into your hotel door and making off with your sack of souvenirs from the Mall of America. But that's not to say it's impossible. Cody Brocious, who was recently brought on by Mozilla to work on Boot to Gecko, is giving a presentation at the annual Black Hat conference in Vegas where he demonstrates a method for cracking open keycard locks with a homemade $50 device. The hack only works on locks made by Onity at the moment, and real life testing with a reporter from Forbes only succeeded in opening one of three hotel doors. Still, with between four and five million Onity locks installed across the country (according to the company), that is a lot of vulnerable rooms. The attack is possible thanks to a DC jack on the underside of the lock that's used to reprogram the doors. This provides direct access to the lock's memory, which is also home to the numeric key required to release the latch -- a key that is protected by what Brocious described as "weak encryption." Ultimately the source code and design for the Arduino-based unlocker will be published online alongside a research paper explaining how these locks work and why they're inherently insecure. The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.

Filed under:

Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY gadget originally appeared on Engadget on Tue, 24 Jul 2012 18:34:00 EDT. Please see our terms for use of feeds.

Permalink Ubergizmo  |  sourceForbes, Black Hat  | Email this | Comments

Apple to present at Black Hat conference for first time, talk about iOS’ padlocks

iPhone 4 rooted with Cydia

Apple is taking a different, more cautious tack when it comes to security these days. That doesn't make it any less surprising that the company is planning to give a presentation at the Black Hat conference: the company will have someone on stage for the first time and won't just socialize in the corridors. When he takes to the podium on July 26th, platform security manager Dallas De Atley will go into detail regarding iOS' security measures in front of an audience used to finding a way around them. The company hasn't said whether that involves current or future technology; we suspect that Apple may be eager to show what iOS 6 brings to the table, however. If it all goes down like Black Hat general manager Trey Ford says it will, Apple may both open up a bit on security and set more of the agenda this week -- instead of letting conference goers set it themselves.

Filed under: , ,

Apple to present at Black Hat conference for first time, talk about iOS' padlocks originally appeared on Engadget on Tue, 24 Jul 2012 11:51:00 EDT. Please see our terms for use of feeds.

Permalink Bloomberg  |  sourceBlack Hat  | Email this | Comments

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets

Windows 7 with Gadgets

Whether you see Windows Vista and Windows 7 Gadgets as handy tools or a blight upon a pristine desktop, you might want to shut them off for safety's sake. Mickey Shkatov and Toby Kohlenberg have found that the desktop widgets' web-based code have flaws that would allow malicious Gadgets, or even hijacked legitimate Gadgets, to compromise a PC without having to go through the usual avenues of attack. Microsoft's short-term answer to the vulnerability is a drastic one, though: a stopgap patch disables Gadgets entirely, leaving just a barren desktop in its wake. There's no word on a Gadget-friendly solution arriving before Kohlenberg and Shkatov present at the Black Hat Conference on July 26th, but we suspect Microsoft's ultimate answer is to move everyone to Windows 8, where Gadgets aren't even an option. We understand the importance of preventing breaches, of course -- we're just disappointed that we'll have to forgo miniature stock tickers and weather forecasts a little sooner than expected.

Filed under:

Microsoft advises nuking Windows Gadgets after security hole discovery, we mourn our stock widgets originally appeared on Engadget on Wed, 11 Jul 2012 14:42:00 EDT. Please see our terms for use of feeds.

Permalink Computerworld  |  sourceMicrosoft, Black Hat Conference  | Email this | Comments