#92 - Posted on
4 February 2014 - Author: SM - Category: Hacking
I have heard of Ubertooth for a while now and it seems it use to attack bluetooth devices keep growing. Once recent attack described HERE can leverage the Ubertooth sniffing capability to crack the encryption algorithm used by the Bluetooth Low Energy (BLE) standard. BLE is also referred to as Bluetooth Smart.
Sure, BLE/Bluetooth Smart is different from Bluetooth, but it issupported by most recent mobile devices (i.e.: the latest iPads and iPhone as well as some Android devices), and will be increasingly used in “smart” appliances, from toothbrushes to fridge if you believe this ... >>[READ MORE]
#89 - Posted on
30 October 2013 - Author: SM - Category: Hacking, Security
There is an interesting paper from Georgia Tech College describing a clever proof of concept where a phone is used to eavesdrop on keystrokes. This is done by leveraging the phone motion sensor capability and placing it next to a keyboard. They managed to create a dictionary of words/vibrations that is able to recognise words typed on a keyboard just by analysing the vibrations made from typing. Of course, you are likely to notice someone’s else phone sitting next to your keyboard but what if your phone got hacked and that software loaded onto it?
They conducted their proof of concept on an iPhone 4 but this is likely to be also possible on other platforms/devices.
In fact, with upcoming smart watches this concept will be even more relevant! Now I can see a use for that Apple M7 chip! ;)
As I am typing this note, my phone is next to my keyboard. Maybe I should move it awayR... >>[READ MORE]
#82 - Posted on
14 February 2013 - Author: SM - Category: Hacking
As seen on the Hacker news, there is currently a way to bypass the iPhone lock screen (iPad with SIM too?) running iOS 6.1.x
I had to change the steps listed in “The Hacker news” slightly for it to work:
-Go to emergency call, push down the power button and tap cancel.
-Dial 112 and tap green and inmediately red.
-Go to lock screen, by pressing the power button -Go to passcode screen, by pressing the home button -Keep pushing down the power button …1…2…3…seconds and before showing the slider “turn off”…tap the emergency call button and …voila!
-Then without releasing the power button press the home button and let go…
From there you gain full access to the phone application and can change/add/delete conta... >>[READ MORE]
#75 - Posted on
17 October 2012 - Author: SM - Category: Hacking, Security
There is something about deception, it can bypass a lot of security controls through a very basic principle, to make you believe about something that isn’t there. It is a bit like magic.
Like this WEBSITE, where you can see an example of what the new HTML5 fullscreen function could make you believe. That you are on a bank website, where in fact you are on a phishing site. The previous link is harmless and only serves as an example, one I would advise you to try yourself (you can’t enter any details anyway in case you haven’t understood it isn’t really a Bank of America website).
Basically, they use the HTML5 Fullscreen function to recreate your browser TABS and URL. If you are not used to browse the internet in full screen mode then you would see the trickstraightaway. However, if you are following the trend to browse in full screen mode, especially on mobile phones or on MACs where app... >>[READ MORE]
#73 - Posted on
25 September 2012 - Author: SM - Category: Hacking
According to this FRENCH WEBSITE, a major security vulnerability has been disclosed at the Ekoparty 2012Security Conferencewhich affects some android handsets. It it is possible to reset those affected handsets to factory default settings and in the process wipe out all data.This vulnerability exploits a “secret” code that can be used to trigger the factory reset automatically, without asking any confirmation from the user. That code is:*2767*3855#
There are different methods known to date to push that code onto those handsets:
– SMS in Wap Push mode (where the user would have to click on a link)
#72 - Posted on
17 June 2012 - Author: SM - Category: Hacking
Thinkst is a small security organisation and one of its member recently published a post on their blog regarding the security of an encrypted USB drive. One of his friend lost the password to his USB Freecom Self Encrypted Drive (SED) drive and one of the protection in place was the need to power cycle the hard drive after every 5 bad attempts. This meant a brute force attack was impossible due to the time to plug/unplug the device.
Here comesingenuity, although the author call this a “lame hack”, I actually really like it as he thought outside the box (pun intended). He basically build a new controller to automatically power cycle the drive, and managed to find the lost password after 500 attempts.
I don’t do electronics and am always impressed when hack... >>[READ MORE]
#70 - Posted on
12 June 2012 - Author: SM - Category: Hacking, Security
CloudFlare is an interesting young company, a few years old, as introduced in this Bloomberg article. Although it is tempting to just describe it as being similar to Akamaibecauseit provides web acceleration and DOS protection through the use of a Content Distributed Network (CDN), it is also different. As explained by its founder, Matthew Price, it can understand, analyse and protect all requests to a website, not just a subset. It also has a different price model starting with a free offering and generally being much less expensive than the competition even with its pro/business/enterprise options.
In a nutshell, CloudFlare appears to be a service that can help optim... >>[READ MORE]
#69 - Posted on
6 June 2012 - Author: SM - Category: Security, Hacking
In the last few weeks there has been a lot of noise about what looks like the latest State sponsored malware, Flame. You can find a lot of information about it from Kaspersky and also from the CrySyS lab who seems to have done some parallel investigation and call it differently (sKyWIper).
This malware is quite interesting for several reasons: 1) It seems to focus on stealing information rather than being directly disruptive. 2) It has been active for 5+ years and has remained undetected until now. 3) It has an option to delete itself, but in doing so leaves one file. a ~DEB93D.tmp file. 4) It is modular and can/has been used to intercept Microsoft update using fake certificates t... >>[READ MORE]
#66 - Posted on
2 March 2012 - Author: SM - Category: Hacking
After looking at the new features listed for Windows 8, one in particular caught my attention: The Picture Password Login. It is a very refreshing approach to authentication!
You are presented with a photo at log in and instead of entering a password, you have to touch the image according to the “allowed” touch sequence you registered your user with. In some respect it is similar to the existing gesture based authentication mechanisms you can find on some smartphones (anyone remember that feature on the Palm V?!), but I think it is taken to the next step. Microsoft is maybe trying to do to passwords what Apple did to the Walkman.
By providing you with a photo of your choice (i.e.: your own family picture), and a restricted number of gestures (point, draw a line and circle) it is easier to remember a sequence, more natural and more personal. For exemple, you would circle the head of your best friend, touch the feet of your child and stroke your dog&... >>[READ MORE]
#64 - Posted on
24 February 2012 - Author: SM - Category: Hacking
There is a new vulnerability with iOS5 powered device with a SIM card. I have tried it and it works. You need to know the number of your victim and by combining a missed called, removing the SIM card, putting it back in and swiping the missed call alert it is possible to bypass the lock screen and access the phone.
Look at the video from the weirdly named group called iPhoneIslam, you need to get the timing right!
RSS Feeds
Bluetooth under attack