Twelve out of 16 Bluetooth smart locks examined could be unlocked by a remote attacker, a researcher said at the DEF CON hacker conference.
Source: 75 Percent of Bluetooth Smart Locks Can Be Hacked
The problems didn’t lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock’s companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.
Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.
Ken wrote, In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.
Source: The Ken Thompson Hack
The Sham II is also outfitted with five cameras — three in the front, one mounted on or near the machine gun, and one in the back — all of which are seemingly controlled by — a Sony PlayStation remote control. It should be noted that, apparently on the side of caution, Syrian rebels have even outfitted the Sham II with an operable headlight.
via Syrian rebels debut homemade fighting vehicle – Threat Matrix.
The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.
Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.
via Phonetic attack commands crash bank phone lines – Networks – SC Magazine Australia – Secure Business Intelligence.
More information on this from: DTMF Telephony Denial of Service (TDoS) Issues for IVRs
Since most of these attacks simply involves transmission of DTMF, they are very easy to execute and automate. These vulnerabilities could impact any IVR, whether it is TDM, VoIP, the latest UC, etc.
The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people. The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.
via Reverse-Engineered Irises Look So Real, They Fool Eye-Scanners | Threat Level | Wired.com.
Bad news: With less than $50 of off-the-shelf hardware and a little bit of programming, it’s possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms.
via Black Hat hacker gains access to 4 million hotel rooms with Arduino microcontroller | ExtremeTech.
Home of the Institute’s Department of Earth, Atmospheric and Planetary Science, the Green Building lends itself as an ideal grid for the game. According to the IHTFP Hack Gallery, “MIT hackers have long considered ‘Tetris on the Green Building’ to be the Holy Grail of hacks.”
via MIT Completes the “Holy Grail of Hacks,” Turning the Green Building into a Game of Tetris [Slideshow + Video] | BostInno.
For this project you are going to need scissors, a utility knife, some adhesive putty and an empty beer can. More than one empty beer can is acceptable but don’t kid yourself, the router only needs the one.
Via Boost Your WiFi Signal Using Only a Beer Can : Discovery Channel.