Tag Archives: hacks

75 Percent of Bluetooth Smart Locks Can Be Hacked

Posted on by

Twelve out of 16 Bluetooth smart locks examined could be unlocked by a remote attacker, a researcher said at the DEF CON hacker conference.

Source: 75 Percent of Bluetooth Smart Locks Can Be Hacked

The problems didn’t lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock’s companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.

From: http://xkcd.com/538/

The Ken Thompson Hack

Posted on by

Ken describes how he injected a virus into a compiler. Not only did his compiler know it was compiling the login function and inject a backdoor, but it also knew when it was compiling itself and injected the backdoor generator into the compiler it was creating. The source code for the compiler thereafter contains no evidence of either virus.

Ken wrote, In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

Source: The Ken Thompson Hack

Syrian rebels debut homemade fighting vehicle

Posted on by

The Sham II is also outfitted with five cameras — three in the front, one mounted on or near the machine gun, and one in the back — all of which are seemingly controlled by — a Sony PlayStation remote control. It should be noted that, apparently on the side of caution, Syrian rebels have even outfitted the Sham II with an operable headlight.

via Syrian rebels debut homemade fighting vehicle – Threat Matrix.

Phonetic attack commands crash bank phone lines

Posted on by

The attacks targeted the DTMF algorithms, which converted user commands into actions, such as pulling customer bank records from databases.

Vulnerabilities in those databases could be exploited by speaking attack commands down the phone. In one instance, Sasi trigged a buffer overflow against a demonstration system.

via Phonetic attack commands crash bank phone lines – Networks – SC Magazine Australia – Secure Business Intelligence.

More information on this from:  DTMF Telephony Denial of Service (TDoS) Issues for IVRs

Since most of these attacks simply involves transmission of DTMF, they are very easy to execute and automate. These vulnerabilities could impact any IVR, whether it is TDM, VoIP, the latest UC, etc.

Reverse-Engineered Irises Look So Real, They Fool Eye-Scanners

Posted on by

The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people. The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.

via Reverse-Engineered Irises Look So Real, They Fool Eye-Scanners | Threat Level | Wired.com.

MIT Completes the “Holy Grail of Hacks,” Turning the Green Building into a Game of Tetris

Posted on by

Home of the Institute’s Department of Earth, Atmospheric and Planetary Science, the Green Building lends itself as an ideal grid for the game. According to the IHTFP Hack Gallery, “MIT hackers have long considered ‘Tetris on the Green Building’ to be the Holy Grail of hacks.”

via MIT Completes the “Holy Grail of Hacks,” Turning the Green Building into a Game of Tetris [Slideshow + Video] | BostInno.