Category Archives: security hacks

Explaining Efail and Why It Isn’t the End of Email Privacy

Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation …read more

Continue reading

Posted in Current Events, eFail, email client, encrypted email, Featured, html, news, Original Art, PGP, security hacks, vulnerabilities, vulnerability | Leave a comment

DIY Pi Zero Pentesting Tool Keeps it Cheap

It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.

[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own …read more

Continue reading

Posted in covert, hak5, key injection, pentesting, PiBunny, Raspberry Pi, rspiducky, security hacks, tool hacks | Leave a comment

A Home Network, Security System, And A Hidden Room Behind A Bookcase

Ok, now this is something special. This is a home network and security system that would make just about anyone stop, and with jaw hanging agape, stare, impressed at the “several months of effort” it took [timekillerjay] to install their dream setup. Just. Wow.

Want a brief rundown of the diverse skill set needed to pull this off? Networking, home security, home automation, woodworking, running two thousand feet(!) of cat 6a cable, a fair hand at drywall work for the dozens upon dozens of patches, painting, staining, and — while not a skill, but is definitely necessary — an amazingly …read more

Continue reading

Posted in automation, bookshelf, Drywall, home, home hacks, magnetic lock, Network Hacks, Raspberry Pi, security, security hacks, ups, woodworking | Leave a comment

Battery Backup Conceals a Pentesting Pi

Over the last few years one thing has become abundantly clear: hackers love cramming the Raspberry Pi into stuff. From classic game systems to mirrors, there’s few places that haven’t been invaded by everyone’s favorite Linux SBC. From the inspired to the bizarre, we’ve brought such projects to your attention with minimal editorialization. As we’ve said before: it’s not the job of Hackaday to ask why, we’re here to examine how.

That said, some builds do stand out from the crowd. One such project is the “Pentesting BBU Dropbox” which [b1tbang3r] has recently posted to Hackaday.io. Noticing the battery …read more

Continue reading

Posted in Cyberpower, pentesting, Raspberry Pi, security hacks, TRENDnet, ups | Leave a comment

Fix Your Insecure Amazon Fire TV Stick

I recently spent a largely sleepless night at a hotel, and out of equal parts curiosity and boredom, decided to kill some time scanning the guest network to see what my fellow travelers might be up to. As you’d probably expect, I saw a veritable sea of Samsung and Apple devices. But buried among the seemingly endless number of smartphones charging next to their sleeping owners, I found something rather interesting. I was as picking up a number of Amazon-made devices, all of which had port 5555 open.

As a habitual Android tinkerer, this struck me as very odd. Port …read more

Continue reading

Posted in adb, amazon, android, Android Hacks, chromecast, Featured, Fire TV Stick, home entertainment hacks, security hacks, streaming | Leave a comment

Hide Secret Messages In Plain Sight With Zero-Width Characters

Fingerprinting text is really very nifty; the ability to encode hidden data within a string of characters opens up a large number of opportunities. For example, someone within your team is leaking confidential information but you don’t know who. Simply send each team member some classified text with their name encoded in it. Wait for it to be leaked, then extract the name from the text — the classic canary trap.

Here’s a method that hides data in text using zero-width characters. Unlike various other ways of text fingerprinting, zero width characters are not removed if the formatting is stripped, …read more

Continue reading

Posted in fingerprinting, security hacks, software hacks, text, zero width, zwfp | Leave a comment

Cracking A Bluetooth Credit Card

You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.

[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From …read more

Continue reading

Posted in ble, bluetooth, reverse engineer, security, security hacks, wearable hacks | Leave a comment

All Your iPhone Are Belong To Us

Apple’s commitment to customer privacy took the acid test after the San Bernadino shooting incident. Law enforcement demanded that Apple unlock the shooter’s phone, and Apple refused. Court cases ensued. Some people think that the need to protect the public outweighs the need for privacy. Some people think that once they can unlock one iPhone, it won’t stop there and that will be bad for everyone. This post isn’t about either of those positions. The FBI dropped their lawsuit against Apple. Why? They found an Israeli firm that would unlock the phone for about $5,000. In addition, Malwarebytes — a …read more

Continue reading

Posted in apple, iphone, iphone crack, iphone hack, law enforcement, news, phone hacks, security hacks | Leave a comment

Cracking an Encrypted External Hard Drive

As far as hobbies go, auditing high security external hard drives is not terribly popular. But it’s what [Raphaël Rigo] is into, and truth be told, we’re glad it’s how he gets his kicks. Not only does it make for fascinating content for us to salivate over, but it’s nice to know there’s somebody with his particular skill set out there keeping an eye out for dodgy hardware.

The latest device to catch his watchful eye is the Aigo “Patriot” SK8671. In a series of posts on his blog, [Raphaël] tears down the drive and proceeds to launch several attacks …read more

Continue reading

Posted in cold boot stepping, Computer Hacks, encryption, external hard drive, peripherals hacks, security, security hacks | Leave a comment

Color-Coded Key Opens Doors, Opportunities

Of all the ways to open up a lock, there are some tried and true methods. Keys, combinations, RFIDs, picks, and explosives have all had their time and place, but now someone else wants to try something new. [Erik] has come up with a lock that opens when it is shown a pattern of colors.

The lock in question uses a set of color coded cards as the “keys”. When the cards are inserted in the lock, a TCS230 color sensor interprets the pattern on the cards and sends the information over to an Arduino Uno. From there, the Arduino …read more

Continue reading

Posted in arduino, color, combination, key, lock, security, security hacks, sensor | Leave a comment