Small Disposable Devices that Own Wi-Fi Networks with Help from DARPA

If you haven’t seen Brendan O’Connor’s security conference presentations on “Reticle and F-BOMB” you should really take the time out and check them out. It is a fascinating project on using low cost computer boards to create a disposal, bot-net like, distributable Wi-Fi spying system. 

Once deployed, the sub $50 devices can crack and use the target’s wireless network to communicate back to the attacker using encrypted channels. As explained the F-BOMB, or “Falling or Ballistically-launched Object that Makes Backdoors“, can be deployed by being thrown into the target’s complex, hidden inside other objects, or even delivered via quad rotor drone.

But what would an F-BOMB be without brains? And this is where Reticle comes in.

Reticle is the software brain behind the cheap hardware brawn. Basically it is “Leaderless Command and Control” software that combines several open source products that in essence create an intelligent, fault tolerant and fully encrypted remote spying platform.

And get this, the software part of the project was created with funding from DARPA, the government’s advanced DoD research organization. Reticle was created under DARPA’s Cyber Fast Track program. A program that helps get idea’s to functional tech with greatly reduced paperwork and overhead.

Here is Brendan’s Bsides Las Vegas 2012 provided on YouTube by Adrian Crenshaw (aka IronGeek):

(NSFW intro comment)


Later this month at Black Hat USA 2013 Brendan will talk about his latest creation of this technology called CreepyDOL.

According to the presentation overview:

“CreepyDOL is a distributed sensing and data mining system combining very-low-cost sensors, open-source software, and a focus on user experience to provide personnel identification, tracking, and analysis without sending any data to the targets. In other words, it takes you from hand-crafted, artisan skeeviness to big-box commodity creepiness, and enables government-level total awareness for about $500 of off-the-shelf hardware.”

Sounds cool, in a really creepy way!

So, check out Brendan’s Bsides video from last year, and if you are at Black Hat this month, be sure to stop in and check out his presentation!

Advertisements

Google Glass – Yup it’s Hackable!

Google_Glass

As the way cool Google Glasses roll out to customers, it makes one wonder, what if it could be hacked?

Well, it can!

Early adopters have begun to receive their Google Glasses, the Android based wearable computer, and some couldn’t help but to try to hack it. And hack it they did.

Android and iOS developer Jay Freeman hacked his in just a couple hours, while he ate dinner…

It took me two hours while I was having dinner with friends at the time,Freeman told Forbes.The implementation from B1nary is for normal Android tablets and phones, I learned how it worked and then did the same thing on Glass…which was quite simple.

Being an Android based system, it is susceptible to the same attacks that affect smart phones and tablets.

Sadly, due to the way Glass is currently designed, it is particularly susceptible to the kinds of security issues that tend to plague Android devices,” Freeman wrote on his blog.

The one saving grace of Android’s track record on security is that most of the bugs people find in it cannot be exploited while the device is PIN-code locked. Google’s Glass, however, does not have any kind of PIN mechanism: when you turn it on, it is immediately usable.”

But apparently that was the point, according to a Google developer, the units are shipped so they can be hacked!

Not to bring anybody down… but seriously… we intentionally left the device unlocked so you guys could hack it and do crazy fun shit with it.  I mean, FFS, you paid $1500 for it… go to town on it.  Show me something cool.

That’s cool that they want people to go nuts on these things to find out what really can be done with them. I just have one question. What would a Denial of Service look like on Google Glass?

I mean will people be walking around bumping into things?

Or will the Google Glass user just stand there in a zombie like state with drool dripping down their chin?

Inquiring minds want to know!  🙂

Raspberry Pi: Creating a Pentesting Platform with PwnPi – Intro & Requirements

SSH Interface

Finally got my hands on a Raspberry Pi – the $35 computer. My first project that I wanted to do with this little wonder was create a security testing platform with it. How hard would it be to make this little wonder into a pentesting platform?

Not hard at all – With the help of PwnPi!

PwnPi brings the power of over 200 security tools to the Raspberry Pi platform. In this article I will cover getting PwnPi installed on the Raspberry Pi using a Windows based system.

First you need to get a Raspberry Pi. There are several places to get them, Google it. I purchased mine from the RIT Linux club. I know the professor that runs it and it was for a good cause.

Next you need a SD Card, power and peripheral devices. The Pi does not come with any of these. I will leave this step up to you also. But note, the video you use must either have an HDMI or RCA jack. Also the power plug type and amperage is a bit picky. From what I read you need one that puts out 1-2 amps of current. If it puts out 1 or less amps the PI may become unstable if your peripherals are not low power.

The power adapter that I had that fit it was only 700ma. Using this I could only have the keyboard, mouse or network line connected, but not more than one. This wasn’t a problem, as you can use SSH to connect to it from a Windows machine. I will discuss this later.

Also, are saying that class 4 SD Cards are very slow, and recommend higher ones. I found a Sony 16GB card with a  speed of 15MB/S which works great! (You could probably get a way with an 8GB one for PwnPi).

Okay, let’s get this going! In my next post I will cover installing PwnPi.

Military using 3D Printing at Army Bases in Afghanistan

Imagine being at a remote military base and a critical piece of equipment breaks. Or needing a new piece of equipment for a job but prototyping and having it shipped over from the States would take months. What would you do?

How about just print what you need?

The army is using new 3D printers labs at remote bases in Afghanistan to create replacement parts or rapid prototype entirely new ones. The technology is like the Replicators in Star Trek according to a Foxnews article.

The labs contain 3D printers, CNC mills laser & water based cutters and are contained in a 20 foot container that can be placed where needed. The video above from US RDECOM shows some of the technology available in the units at work.

Having worked at a super precision machine shop I am impressed with the selection of devices. The prototyping can be created using CAD and then printed on the 3D printers. This usually creates plastic type products. Then if the tool works as needed, it can then be sent to the CNC mills and cutters to make a much more durable version made out of metal.

The Army currently has two of these labs in service with another one coming soon.  Giving our troops the ability to make what they need on the fly, what a great idea!

(For more information on the printer used in the video above check out the Objet Connex webpage)