Category Archives: security hacks

Weaponized Networked Printing is Now a Thing

It’s a fairly safe bet that a Venn diagram of Hackaday readers and those who closely follow the careers of YouTube megastars doesn’t have a whole lot of overlap, so you’re perhaps blissfully unaware of the man who calls himself PewDiePie. As such, you might not know that a battle between himself and another YouTube channel which uploads Bollywood music videos has reached such a fever pitch that his fans have resorted to guerrilla hacking to try to sway public opinion towards their side. It’s perhaps not the dystopian future we imagined, but it just might be the one we …read more

Continue reading

Posted in advertisement, Current Events, Featured, internet of things, IPP, JetDirect, LPD, network security, peripherals hacks, PRET, printer, python, security hacks, spam | Leave a comment

It Might Be Possible To Build A Stingray With A Raspberry Pi

If there’s one thing that’s making you insecure, it’s your smartphone. Your smartphone is constantly pinging the cell towers, giving out your location and potentially leaking your private information to anyone with a radio. This is the idea behind an IMSI catcher, or Stingray in common parlance, and now you too can build one with parts you can buy off of Amazon.

The key to this hack is a software defined radio dongle, or RTL-SDR, that has been repurposed to listen in on a GSM network. Literally the only hardware required is an RTL-SDR that can be bought online for …read more

Continue reading

Posted in IMSI, motherboard, Raspberry Pi, RTL-SDR, security hacks | Leave a comment

Non-Nefarious Raspberry Pi Only Looks Like a Hack

We’re going to warn you right up front that this is not a hack. Or at least that’s how it turned out after [LiveOverflow] did some digital forensics on a mysterious device found lurking in a college library. The path he took to come to the conclusion that nothing untoward was going on was interesting and informative, though, as is the ultimate purpose of the unknown artifacts.

As [LiveOverflow] tells us in the video below, he came upon a Reddit thread – of which we can now find no trace – describing a bunch of odd-looking devices stashed behind garbage …read more

Continue reading

Posted in bluetooth, dongle, ext4, FAT32, InfoSec, linux, normies, Raspberry Pi Zero, security hacks, wifi | Leave a comment

E-Mail Service Claims it Doesn’t Store Your Mail

There have been many news stories lately about companies misusing your data, including your e-mails. What’s more, these giant repositories of data are favorite targets for hackers. Even if you trust the big corporations, you are also betting on their security. Criptext claims they have (possibly) the most private e-mail service ever. It uses the open Signal protocol and stores private keys and encrypted mail only on your device. All the applications to access your mail are open source, so presumably, someone would eventually spot any backdoors or open holes.

At the moment the service is free and the company …read more

Continue reading

Posted in cybersecurity, email, encryption, InfoSec, security, security hacks | Leave a comment

Shakespeare in a Zip in a RAR, Hidden in an Image on Twitter

Steganography involves hiding data in something else — for example, encoding data in a picture. [David Buchanan] used polyglot files not to hide data, but to send a large amount of data in a single Twitter post. We don’t think it quite qualifies as steganography because the image has a giant red UNZIP ME printed across it. But without it, you might not think to run a JPG image through your unzip program. If you did, though, you’d wind up with a bunch of RAR files that you could unrar and get the complete works of the Immortal Bard in …read more

Continue reading

Posted in internet hacks, polyglot, rara, security hacks, steganography, twitter, William Shakespeare, zip | Leave a comment

Apple Kernel Code Vulnerability Affected All Devices

Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.

This is a buffer overflow issue in the error handling for network packets. The kernel is expecting a fixed length of those packets but doesn’t check to prevent writing past the end of the buffer. The fact Apple’s XNU kernel powers all their products is remarkable, but issues like this are a reminder of the potential downside …read more

Continue reading

Posted in apple, buffer overflow, computer hacks, CVE-2018-4407, Hackaday Columns, kernel, news, security hacks, XNU | Leave a comment

LibSSH Vuln: You Don’t Need to See my Authentication

Another day, another CVE (Common Vulnerabilities and Exposures). Getting a CVE number assigned to a vulnerability is a stamp of authenticity that you have a real problem on your hands. CVE-2018-10933 is a worst case scenario for libssh.  With a single response, an attacker can completely bypass authentication, giving full access to a system.

Before you panic and yank the power cord on your server, know that libssh is not part of OpenSSH. Your Linux box almost certainly uses OpenSSH as the SSH daemon, and that daemon is not vulnerable to this particular problem. Libssh does show up in a …read more

Continue reading

Posted in computer security, CVE-2018-10933, libssh, news, security hacks, ssh | Leave a comment

FIDO2 Authentication In All The Colors

Here at Hackaday, we have a soft spot for security dongles. When a new two-factor-authentication dongle is open source, uses USB and NFC, and supports FIDO2, the newest 2FA standard, we take notice. That just happens to be exactly what [Conor Patrick] is funding on Kickstarter.

We’ve looked at [Conor]’s first generation hardware key, and the process of going from design to physical product.  With that track record, the Solo security key promises to be more than the vaporware that plagues crowdfunding services.

Another player, Yubikey, has also recently announced a new product that supports FIDO2 and NFC. While Yubikey …read more

Continue reading

Posted in computer security, kickstarter, news, open source, security hacks | Leave a comment

Hacker Pops Top On NFC Vending Machines

Vending machines used to be a pretty simple affair: you put some coins in, and food or drink that in all likelihood isn’t fit for human consumption comes out. But like everything else today, they are becoming increasingly complex Internet connected devices. Forget fishing around for pocket change; the Coke machine at the mall more often than not has a credit card terminal and a 30 inch touch screen display to better facilitate dispensing cans of chilled sugar water. Of course, increased complexity almost always goes hand in hand with increased vulnerability.

So when [Matteo Pisani] recently came across a …read more

Continue reading

Posted in Cellphone Hacks, database, disclosure, NFC, root, security, security hacks, vending machine | Leave a comment

Foreshadow: The Sky Is Falling Again for Intel Chips

It’s been at least a month or two since the last vulnerability in Intel CPUs was released, but this time it’s serious. Foreshadow is the latest speculative execution attack that allows balaclava-wearing hackers to steal your sensitive information. You know it’s a real 0-day because it already has a domain, a logo, and this time, there’s a video explaining in simple terms anyone can understand why the sky is falling. The video uses ukuleles in the sound track, meaning it’s very well produced.

The Foreshadow attack relies on Intel’s Software Guard Extension (SGX) instructions that allow user code to allocate …read more

Continue reading

Posted in cpu, foreshadow, intel, intel CPU, Meltdown, news, security, security hacks, Spectre | Leave a comment