Category Archives: security hacks

LibSSH Vuln: You Don’t Need to See my Authentication

Another day, another CVE (Common Vulnerabilities and Exposures). Getting a CVE number assigned to a vulnerability is a stamp of authenticity that you have a real problem on your hands. CVE-2018-10933 is a worst case scenario for libssh.  With a single response, an attacker can completely bypass authentication, giving full access to a system.

Before you panic and yank the power cord on your server, know that libssh is not part of OpenSSH. Your Linux box almost certainly uses OpenSSH as the SSH daemon, and that daemon is not vulnerable to this particular problem. Libssh does show up in a …read more

Continue reading

Posted in computer security, CVE-2018-10933, libssh, news, security hacks, ssh | Leave a comment

FIDO2 Authentication In All The Colors

Here at Hackaday, we have a soft spot for security dongles. When a new two-factor-authentication dongle is open source, uses USB and NFC, and supports FIDO2, the newest 2FA standard, we take notice. That just happens to be exactly what [Conor Patrick] is funding on Kickstarter.

We’ve looked at [Conor]’s first generation hardware key, and the process of going from design to physical product.  With that track record, the Solo security key promises to be more than the vaporware that plagues crowdfunding services.

Another player, Yubikey, has also recently announced a new product that supports FIDO2 and NFC. While Yubikey …read more

Continue reading

Posted in 2FA, computer security, kickstarter, news, open source, security hacks | Leave a comment

Hacker Pops Top On NFC Vending Machines

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a …read more

Continue reading

Posted in android, Android Hacks, apktool, Cellphone Hacks, database, disclosure, NFC, root, security, security hacks, vending machine | Leave a comment

Foreshadow: The Sky Is Falling Again for Intel Chips

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate …read more

Continue reading

Posted in cpu, foreshadow, intel, intel CPU, Meltdown, news, security, security hacks, Spectre | Leave a comment

Screaming Channels Attack RF Security

As long as there has been radio, people have wanted to eavesdrop on radio transmissions. In many cases, it is just a hobby activity like listening to a scanner or monitoring a local repeater. But in some cases, it is spy agencies or cyberhackers. [Giovanni Camurati] and his colleagues have been working on a slightly different way to attack Bluetooth radio communications using a technique that could apply to other radio types, too. The attack relies on the ubiquitous use of mixed-signal ICs to make cheap radios like Bluetooth dongles. They call it “Screaming Channels” and — in a nutshell …read more

Continue reading

Posted in bluetooth, cybersecurity, security hacks, tempest, wireless hacks, wireless security | Leave a comment

Ask Hackaday: What Is The Future Of Implanted Electronics?

Biohacking is the new frontier. In just a few years, millions of people will have implanted RFID chips under the skin between their thumb and index finger. Already, thousands of people in Sweden have chipped themselves to make their daily lives easier. With a tiny electronic implant, Swedish rail passengers can pay their train ticket, and it goes without saying how convenient opening an RFID lock is without having to pull out your wallet.

That said, embedding RFID chips under the skin has been around for decades; my thirteen-year-old cat has had a chip since he was a kitten. Despite …read more

Continue reading

Posted in Interest, Medical hacks, Original Art, rfid, security hacks, Wearables | Leave a comment

“Watch Dogs” Inspired Hacking Drone Takes Flight

They say that life imitates art, which in modern parlance basically means if you see something cool in a video game, movie or TV show, you might be inclined to try and build your own version. Naturally, such things generally come in the form of simple props, perhaps with the occasional embedded LED or noise making circuit. It’s not as if you can really build a phaser from Star Trek or a phone booth that’s bigger on the inside.

But after seeing the hacking quadcopter featured in the video game Watch Dogs 2, [Glytch] was inspired to start work …read more

Continue reading

Posted in penetration testing, pineapple, quadcopter, security hacks | Leave a comment

Explaining Efail and Why It Isn’t the End of Email Privacy

Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation …read more

Continue reading

Posted in html, news, Original Art, PGP, security hacks, vulnerabilities, vulnerability | Leave a comment

DIY Pi Zero Pentesting Tool Keeps it Cheap

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own …read more

Continue reading

Posted in key injection, pentesting, PiBunny, Raspberry Pi, rspiducky, security hacks, tool hacks | Leave a comment

A Home Network, Security System, And A Hidden Room Behind A Bookcase

Ok, now this is something special. This is a home network and security system that would make just about anyone stop, and with jaw hanging agape, stare, impressed at the “several months of effort” it took [timekillerjay] to install their dream setup. Just. Wow.

Want a brief rundown of the diverse skill set needed to pull this off? Networking, home security, home automation, woodworking, running two thousand feet(!) of cat 6a cable, a fair hand at drywall work for the dozens upon dozens of patches, painting, staining, and — while not a skill, but is definitely necessary — an amazingly …read more

Continue reading

Posted in home, home hacks, magnetic lock, Network Hacks, Raspberry Pi, security, security hacks, ups, woodworking | Leave a comment