- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
Category Archives: security hacks
Voja Antonic designed this fantastic retrocomputing badge for Hackaday Belgrade in 2018, and it was so much fun that we wanted to bring it stateside to the Supercon essentially unaltered. And that meant that Voja had some free time to devote to a new hardware giveaway: the Cube. So while his talk at Supercon in November was ostensibly about the badge, he just couldn’t help but tell us about his newer love, and some of the extremely clever features hidden within.
It’s funny how the hardware we design can sometimes reflect so much on the creator. Voja designed then-Yugoslavia’s first …read more
We missed this Blackhat talk back in August, but it’s so good we’re glad to find out about it now. [Christopher Domas] details his obsession with hidden processor instructions, and how he discovered an intentional backdoor in certain x86 processors. These processors have a secondary RISC core, and an undocumented procedure to run code on that core, bypassing the normal user/kernel separation mechanisms.
The result is that these specific processors have an intentional mechanism that allows any unprivileged user to jump directly to root level access. The most fascinating part of the talk is the methodical approach [Domas] took to …read more
The biggest news in the infosec world, besides the fact that balaclavas are becoming increasingly popular due to record-low temperatures across the United States, is that leet haxors can listen to you from your iPhone using FaceTime without you even answering the call. There are obvious security implications of this bug: phones should only turn on the microphone after you pick up a call. This effectively turns any iPhone running iOS 12.1 or later into a party line. In response Apple has taken group FaceTime offline in preparation of a software update later this week.
So, how does this FaceTime …read more
UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.
It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first …read more
Insurance is a funny business. Life insurance, for example, is essentially betting someone you will die before your time. With the recent focus on companies getting hacked, it isn’t surprising that cybersecurity insurance is now big business. Get hacked and get paid. Maybe.
The reason I say maybe is because of the recent court battle between Zurich and Mondelez. Never heard of them? Zurich is a big insurance company and Mondelez owns brands like Nabisco, Oreo, and Trident chewing gum, among others.
It all started with the NotPetya ransomware attack in June of 2017. Mondelez is claiming it lost over …read more
Over on the Cloudflare blog, [Marek] found himself wondering about computer memory, as we all sometimes do. Specifically, he pondered if he could detect the refresh of his SDRAM from within a running program. We’re probably not ruining the surprise by telling you that the answer is yes — with a little more than 100 lines of C and help from our old friend the Fast Fourier Transform (FFT), [Marek] was able to detect SDRAM refresh cycles every 7818.6 ns, lining right up with the expected result.
The “D” in SDRAM stands for dynamic, meaning that unless periodically refreshed by …read more
[Thomas Brewster] writes for Forbes, but we think he’d be at home with us. He had a 3D printed head made in his own image and then decided to see what phones with facial recognition he could unlock. Turns out the answer is: most of them — at least, those running Android.
The models tested included an iPhone X, an LG, two Samsung phones, and a OnePlus. Ironically, several of the phones warn you when you enroll a face that the method may be less secure than other locking schemes. Conversely, one phone had a faster feature that is known …read more
It’s a fairly safe bet that a Venn diagram of Hackaday readers and those who closely follow the careers of YouTube megastars doesn’t have a whole lot of overlap, so you’re perhaps blissfully unaware of the man who calls himself PewDiePie. As such, you might not know that a battle between himself and another YouTube channel which uploads Bollywood music videos has reached such a fever pitch that his fans have resorted to guerrilla hacking to try to sway public opinion towards their side. It’s perhaps not the dystopian future we imagined, but it just might be the one we …read more
If there’s one thing that’s making you insecure, it’s your smartphone. Your smartphone is constantly pinging the cell towers, giving out your location and potentially leaking your private information to anyone with a radio. This is the idea behind an IMSI catcher, or Stingray in common parlance, and now you too can build one with parts you can buy off of Amazon.
The key to this hack is a software defined radio dongle, or RTL-SDR, that has been repurposed to listen in on a GSM network. Literally the only hardware required is an RTL-SDR that can be bought online for …read more
We’re going to warn you right up front that this is not a hack. Or at least that’s how it turned out after [LiveOverflow] did some digital forensics on a mysterious device found lurking in a college library. The path he took to come to the conclusion that nothing untoward was going on was interesting and informative, though, as is the ultimate purpose of the unknown artifacts.
As [LiveOverflow] tells us in the video below, he came upon a Reddit thread – of which we can now find no trace – describing a bunch of odd-looking devices stashed behind garbage …read more