Archive for the ‘Hacking’ Category
Heat Hacking: Criminals Can Steal Your ATM PIN Code Via the Heat Your Fingers Leave Behind
But while its easy enough for a criminal type to determine the digits in your pin with an IR camera, it’s fairly difficult to determine the order. And the hack only seems to work on plastic keypads--metal returns too much heat noise for the IR camera to reliably discern with keys were just pressed.
Then there’s the fact that an IR camera isn't exactly an implement of petty crime. By the time one amassed the princely sum (around $18,000 to buy a good rig--the won't cut it) necessary to acquire one, he or she probably wouldn’t need to steal ATM PINs anymore.
But none of that changes the fact that a security scheme on which most people regularly rely has a fairly exploitable hole. And it doesn’t just go for ATM machines--keypad safes, security doors, keypad activated garage doors, even the keypads that open up some car doors are susceptible to the IR hack, particularly where plastic keypads are involved.
Of course, to thwart the scheme you could simply place your hand over the entire keypad to impart heat to every key after you punch in your PIN. And if that doesn’t jive with you germophobic readers, you can always just preemptively Mace the person behind you in line each time you visit the ATM. Better safe than sorry.
[]
Kinect Hack Makes Last Week’s April Fool Prank Gmail Motion A Reality
A group of developers at the University of Southern California Institute for Creative Technologies hacked the Kinect () using software they already had from other projects and built a fully-functional Gmail Motion, which they call the Software Library Optimizing Obligatory Waving (SLOOW). “No offense to the geniuses at Google, but we weren’t able to get their application running on our computers,” one hacker says in the video. He then goes on to demonstrate that the silly motions Google came up with – licking a stamp and sticking it to your leg to send a message, for instance – really work in this program.
You can download the program here. Looks like the joke's on Google after all.
The History of the Teardown: The Need to See Our Gear Undressed
The documented teardown has become a necessary part of any gadget's release. But why do we feel this need to take our gear apart?
iFixit was established in 2003 in a dorm room at Cal Poly, San Luis Obispo, a smallish college town in California's central coast, by students Kyle Wiens and Luke Soules. Wiens repaired Apple computers in high school and had been a lifelong tinkerer, so when he accidentally dropped his iBook G3, breaking the power cord housing, he figured it'd be an easy fix. "I managed to get my computer apart, fixed the power plug, but could not get it back together for the life of me," he says. "I needed a manual, but Apple actually uses legal threats to keep their manuals out of the public domain." Despite his frustration, or maybe because of it, Wiens saw a problem to which he could provide a solution. It was the start of an idea which would become iFixit, and the iBook G3 (which Wiens loved despite its "toilet seat" design) became one of the first gadgets to receive a proto-iFixit repair manual.
Early Teardowns
"I was always taking things apart as a kid," says Wiens, "and if my parents were lucky, I'd be able to put them back together again." The desire to see what's inside a device—how it works—is an innate curiosity in all of us. Wiens isn't the first, by any means, to document his efforts and circulate them for an appreciative audience. In the last half-century or so, when photography has been easy and cheap to include in journals, magazines, and other publications (and later, online), teardowns have been a part of just about every publication that could come up with a reason to include one. Way back in 1947, Popular Science was engaging in our nearly carnal need to take stuff apart, showing a Navy jet engine all disassembled and vulnerable.
And in late 2006, PopSci.com had one of its all-time highest traffic days when . At that point, we had beaten even iFixit to the punch (our early evaluation model was disassembled for a photoshoot, and like Wiens, we could not put it back together).
"The kind of world I want to live in is the kind where we care about the things we have."In magazines like , , and , teardowns were always a go-to concept for complex or otherwise interesting items. They were usually presented as having a higher purpose, either for instruction or repair, but underneath the noble intentions was a simpler, more childlike role. In some ways, iFixit is using that same two-pronged approach: Their teardowns are designed as modern repair manuals, but when they take apart gadgets their readers are unlikely to actually need to repair, they're serving more as an outlet for curiosity than a pragmatic, Wiki-fied repair site.
Still, regardless of the intentions of their audience, iFixit has a greater purpose in mind—one that's eminently practical. "Initially, it was just, 'We need to teach people how to fix things,'" says Wiens. But iFixit has grown into a thoroughly modern entity, which these days means a thriving community with an open-source mentality, serving as both a work of reference and an activist organization. As activists, iFixit thinks along the lines of the "Maker" community (one example of which is ), one that's heavy on self-reliance and recycling, which has led to alliances with some tech companies and minor vendettas against others. Adherents of this philosophy abhor the trend of amazingly designed, incredibly powerful, nearly disposable gadgets whose manufacturers intend for them to be tossed in the garbage after a year or two.
A Culture of Repair
As I spoke to Wiens, the conversation turned to repair as a broader topic. To him, carefully documented, professionally edited (and iFixit's teardowns are impeccably photographed and composed) teardowns are an essential tool for his repair evangelism. Repair of some sort is the basis for most teardowns. Early online guides, like those from , focused on repair or DIY upgrades. , for example, shows how to swap out the hard drive of one of the first important MP3 players, released well before the iPod. While this sort of teardown never really went away, the culture changed. "We have a culture that has moved away from repair," he says. "That's not sustainable, and it's not fun. The kind of world I want to live in is the kind where we care about the things we have."
A culture of repair fanatics would be rough on the tech manufacturers who rely on pumping out marginally changed gear, year after year, but would have a pretty astounding effect everywhere else. Cellphones are Wiens's pet peeve: "I think cellphones should last as long as the network architecture does, about five to ten years each." That means one phone for 3G, and one for 4G. To take Apple's iPhone line as an example, there have been three 3G-compatible phones--the iPhone 3G, iPhone 3GS, and iPhone 4--with, in all likelihood, a fourth one to come this June. Many iPhone-crazy users have had all three, trashing one or two working or barely-broken phones. Problems like worn-out batteries, cracked outer cases--buying a new phone due to those issues "would be like buying a new car every time the tires wore out," says Wiens. The "one phone per network architecture" model might be optimistic--software in the smartphone world moves obscenely fast, and sometimes new hardware is needed to take advantage of software advances. Of course, Wiens might prefer the ability to upgrade RAM, processor, or storage in every phone.
"In the '50s, it was cool to tinker with your car," Wiens says. That changed by the 2000s, due to a variety of factors. The culture of consumerism has made it deeply uncool to own anything but the newest and flashiest gadgets. That's helped along by the tech companies and the breathless tech press, covering every minor spec bump like it physically destroys the year-old gadget it replaces. Then there's the complexity, or at least perceived complexity, of the gadgets themselves. A mechanical device is easy to understand--this moves, and then this moves, and then this is the result. A digital device, especially one with no moving parts (as many modern gadgets are), looks impenetrable. Who knows what's happening down in that silicon brain?
A Hostile Industry
The tech companies themselves aren't helping. "The manufacturers are more hostile now," says Wiens. "The Apple II came with complete schematics," but newer Apple products boast proprietary and hard-to-find screws, unlabeled components, batteries that Apple says must be replaced by the company and not the user, and no user documentation whatsoever. Apple is typically held as the worst or at least the most obvious example of this kind of repair-unfriendliness. The second-generation iPod Nano was the the manufacturer name and model number from some of the internal components, like the processor and memory, which makes it much harder for a teardown-inclined user to replace them or even find them. The iPhone 4, a few years later, features screws that were created by Apple expressly for this purpose. These weird, five-lobed, flower-shaped Torx screws have no practical advantage over, say, a Philips—except to keep tinkerers out. That didn't stop iFixit, of course: "We actually had to make a screwdriver—had to file a flat-head screwdriver down to fit [the Apple screw]," says Wiens.
In Apple's case, it's probably a combination of secrecy and simple greed, but even some of the "good" companies, like Dell and HP, bury their manuals deep in their sites, difficult to find for many consumers. Then there's the sheer number of models--phone manufacturers like HTC churn out models like Taco Bell items, shuffling the same four ingredients around every few months to make it seem like a new product. Luckily, there are just as many people on the other side: in addition to iFixit, there's iSuppli, which tears down gadgets in order to price them by component (the , which retails for $650 sans contract, contains $171.35 worth of components, in case you were wondering). Some companies have taken advantage of the internet to make repairs easier—Parrot, for example, which makes the , has on their site to help users make repairs.
A Fan of Design Engineering
Teardowns as items of sheer curiosity have always accompanied the more repair-minded teardowns. iFixit isn't unaware of the pure "ooh, look at that!" reader; as high-minded as Kyle Wiens is, iFixit takes special care to make sure their teardowns are not just informative, but beautiful to look at and fun to read. The Pleo, a robotic toy dinosaur, was one of Wiens's favorite teardowns. "It's a $300 toy, but it's phenomenally complex inside. So complex the company went out of business," he says. The "warning" section on the Pleo teardown page notes, "We immediately bonded to the little dinosaur. This was the most difficult take apart we've ever done. Disassembling inanimate iPods is one thing, but Pleo was more. Ah, Pleo-- we hardly knew you."
Similar is the Microsoft Kinect teardown, another of Wiens's favorites. "That was a completely new and mysterious idea, and will completely revolutionize how we'll interact with computers," he says. For the Pleo and Kinect, curiosity became the main motivation: How do these amazing new things work? In the case of the Kinect, there was also an element of history involved. Wiens and the iFixit team tend to look at designers and engineers almost the same way other people look at bands or film directors--analyzing their new work in comparison to their old work, seeing how they've improved, how their voice is changing. "It's always fun to see the evolution of the design team, how they don't make the same mistakes. There were cooling problems with the Xbox, for example, so they over-engineered [the cooling system] on the Kinect," Wiens says. Wiens's curiosity, and the general interest of the public in teardowns, makes the step from "teardown as curiosity" to "teardown as art" a small one.
Teardown as Art
Artist Paul Veroude created , entitled "View Suspended II," of a completely dismantled Mercedes-Benz GP Formula 1 racecar. It includes around 3,200 separate pieces, all suspended on wires (very similar to the we created for our 2006 How It Works issue). Canadian artist Tom McLellan's "Disassembly" series is along the same lines, though with vintage machines like typewriters and film cameras: He takes them apart, down to their smallest piece, and arranges them in ways that can be strikingly beautiful.
iFixit, too, have some photography chops. These aren't hastily-snapped cellphone images, taken in a race to get the first photos online. iFixit takes the time to carefully compose and construct their teardowns, using professional equipment and know-how to create razor-sharp but also visually interesting photos. Their writing, too, is often wry and funny, with an obvious enthusiasm for the task of taking gadgets apart. But sometimes they have to go to extreme lengths to secure the time they need to get the job done both right and quickly. In June 2008, that meant flying across the Pacific to snag an iPhone 3G before anyone else.
Racing Across Time Zones
Since the original iPhone was available in only the U.S. and a few European countries, for the release of the follow-up, the iPhone 3G, Apple pulled out all the stops for a release in 28 countries simultaneously. The iFixit team looked at a time zone map and figured out that New Zealand would be the first country to score the newest iPhone, more than a day before it arrive on the West Coast. So they flew out to New Zealand, waited in line--Luke Soules "was the fourth person in the world to get the iPhone 3G," says Wiens--and relocated to an office offered by an iFixit customer and community member to take it apart. The iFixit guys share the love of to-the-second broadcast with notorious speed-freak gadget blogs like Engadget and Gizmodo, where publishing a story two minutes later than a competitor is a game lost. Gizmodo, remember, scored an iPhone 4 weeks before the actual unveiling of the phone. What did they do? Soules, for his part, live-streamed his teardown of the iPhone 3G from what was essentially a stranger's office in Auckland.
"One of the first photos of us holding the iPhone 3G had dirt under [the model's] fingernails," says Wiens, "and we got reamed for it."The iFixit teardown kit gets upgraded every year or so, but is designed to cover all possible bases. "You don't really know what you're going to encounter, so you have to have every tool you might possibly need. It's different and exciting every time," says Wiens. These days, they pack a 54-bit electronics screwdriver kit (including many different sizes of Philips and Torx bits), a heat gun, a sort of DIY collapsible lighting kit, and a , a tough but flexible pointed plastic prying tool used by Apple technicians for a variety of purposes. After the New Zealand liveblog, the team added another item to the kit: a fingernail care kit. "One of the first photos of us holding the iPhone 3G had dirt under [the model's] fingernails," says Wiens, "and we got reamed for it." After that, a cuticle hygiene kit became a permanent addition to the iFixit suitcase of tools.
This month's is brought to you by Digikey. All posts are purely editorial content, which we are pleased to present with the help of a sponsor; the sponsor has no input in the content itself.
Video: Android App Hacks Into Cardkey-Protected Doors With One Click
The app (which is not in the Android Market, so don't even bother looking for it) is called Caribou, and relies on a vulnerability in these sorts of security systems that allows them to be unlocked remotely. It's actually a surprisingly lo-fi sort of app: You have to input the IP address of the system you're trying to hack, and then the app will perform a brute force attack (basically trying every single possible combination) until it lands on the correct one. Then the app will unlock the door for 30 seconds while you scoot inside the not-so-secure door.
This isn't exactly cause for panic--more of a warning to those in charge of security system upkeep to make a few easy changes to block this sort of attack. For one thing, if the data the app needs to access is simply behind a firewall, the app won't be able to access it. Some lackadaisical systems make the error of leaving it out in the open for anyone to swipe, which this app does ably.
There's also the small problem of the app needing the IP address of the door it's trying to unlock. It's not clear whether that information is easily obtained, but the fact is that it has to be obtained, somehow. You can't just walk up to any door and hit a button; there needs to be some recon work to secure the IP addresses first. Still, it's a nice illustration of a weakness in this sort of security system, and the team is actually working with US-CERT (the U.S. Computer Emergency Readiness Team) to ensure that the loophole is patched.
[ via ]
Anonymous Activist Hackers Attack Wikileaks’s Enemies, Bring Down MasterCard.com
Several major companies have made the operation of Wikileaks much more difficult. Mastercard and PayPal both blocked all donations to the site, claiming Wikileaks dabbles in "illegal activities" (despite Wikileaks has never been formally charged with a crime). That's a major source of revenue for Wikileaks, the cessation of which is going to prove a serious problem for continued operation. Other targets of the wrath of Anonymous include Amazon, which briefly hosted the site before booting them due to concerns over terms of service violations (including proper ownership of stored documents and possible security concerns), the Swedish lawyer representing the women who are accusing Julian Assange of sex crimes, and the Swiss postal system's financial arm (which blocked Assange's accounts).
Anonymous is not really a traditional group, a fact easily divined from its name. There's no leader, and no real organization. Instead, various hackers (who often populate messageboards like 4Chan and wikis like the Encyclopedia Dramatica), working independently, identify under the "Anonymous" banner. The group, which has in the past targeted the Church of Scientology and, um, Gene Simmons, typically uses denial-of-service attacks, which flood the target's servers, often disabling them or shutting them down outright.
In this case, some 1,500 hackers operating under the name Anonymous decided to appoint themselves the defenders of Wikileaks and Assange, flooding their targets with denial-of-service attacks. Some, like Amazon, managed to fend off the attacks, but others weren't so lucky. Mastercard's site, thought to be extremely secure, has at the time of this writing been shut down for hours. (Side note: It's a nice quirk that the news coverage of this outage invariably points readers to mastercard.com--but if readers go there, they'll only be making Mastercard's recovery harder but adding more traffic to the pile!)
To Anonymous, all of these companies have been pressured politically to cripple Wikileaks in any way they can. Though Amazon, for one, has denied it, the group continues its attack, hoping to bring visibility to the fight for transparency and openness--or at least extract a little revenge. Hey, Wikileaks knows how to do security, so why shouldn't Mastercard, right?
Hacker jailbreaks the iPad less than a day after release
A lot of people complained about the iPad’s closed-off software. But no one did anything about it — until now, apparently.
A well-known hacker of the iPhone, who previously defeated Apple’s restrictions on developers, to have hacked the iPad. Just a day after release, the hacker, who goes by “MuscleNerd” online, said that he has gained root access to the iPad, a process known as “.”
“Jailbreaking” is a technical term which refers literally to and more figuratively to the feelings developers have about such restrictions. An Apple device that’s been “jailbroken” can run any code, not just company-approved software available through its online stores. But such jailbreaking is a violation of Apple’s terms of service, which may mean Apple Stores will refuse to fix broken devices.
The iPad jailbreak technique is similar to an exploit of the iPhone operating system Hackers have shown time after time that they can break into Apple’s security software for new iPhones, often within a day of release. One motivation: getting access to pirated software. It’s not known how much piracy happens as a result of jailbreaking, but it’s believed to be considerable.
Here’s MuscleNerd’s account:
Companies:
People:
Basics of Hacking
Any computer user can become a hacker within a couple of hours. There are hacking tools, such as IntelliTamper 2.07, Trojan horse, Backdoor.IRC.ColdLife.30, John The Ripper 1.0, NMap Win 1.2.12, etc. along with instructions, available for free in the internet. But remember, the path to become a certified ethical hacker isn't easy. The act of computer hacking started out innocently and was basically a method of trying to figure out how systems worked. Today there are three categories of hackers white, grey, and black. White hat hackers are cyber heroes who use their knowledge for constructive purposes, and they are well paid for their talents. Grey hackers, though harmful, are just proud peacocks. Black hat hackers also known as crackers are cyber criminals.
Targets of hackers
Although millions of computers operate without adequate security, government agencies and big companies are the preferred targets of hackers. Almost 80% of the cyber crimes are hurled on the login pages, shopping carts, dynamic content etc. Black hat hackers use a great variety of software security holes to befool even the general internet users by tricking them into disclosing their financial information and other secrets. Of late, mobile phone hacking, email hacking, credit card hacking, password hacking, and Google hacking have become very common.
Prevent hacking
As a preventive measure you can; a) update your operating system and your web browser, b) install firewalls, c) install antivirus programs, and d) install the anti-spyware programs.