Wednesday, August 31, 2016

Hardware hack

Most operating systems use a single bit to indicate whether a process is privileged (e.g. admin, root) or not.  If you can flip that bit, you can change a process from unprivileged ('normal') to privileged ('superman') giving you total access to a computer.   An attack named "Rowhammer" will hammer a row of bits in memory causing spillover into a neighboring row and flip bits.  By selectively choosing a row you can flip the "privilege" bit in a neighboring row. Here is a nice article describing Rowhammer and recent variants:

Tuesday, August 30, 2016

Sensing key strokes remotely

Side channel attacks involve using indirect methods to extract data.  In this case, the researchers used perturbations of Wi-Fi signals from hand movement to accurately detect keys being typed -- allowing one to remotely detect typing, e.g. to steal passwords.  Similar attacks exist such as the rhythm of key strokes from key-clicking sounds or screen refreshes from key strokes. A summary can be found here:

Sunday, August 28, 2016

How a computer adds

Addition is the basis of all arithmetic in a computer.  Subtraction is adding a negative number, multiplication is repeated addition, and division is a combination of the others.  Of course, a computer uses binary numbers (digits 0 and 1 rather than digits 0 through 9).  This video describes how a binary adder circuit can be built using dominoes -- mirroring what actually happens in a computer.  The result is an easy-to-grasp description of computer arithmetic:

Thursday, August 18, 2016

Lidar on a chip

Autonomous vehicles use laser range finders (lidar) to map their surroundings, often combined with radar.  Radar units are relatively small and inexpensive with no moving parts, but lidar has tended to be large and expensive (e.g. $70,000) with moving parts (something to break down).  They are the large, rotating objects on autonomous vehicle roofs.  MIT working with DARPA has shrunk lidar to a chip with no moving parts and a projected cost of $10 each -- a massive improvement:

Friday, August 12, 2016

Spoofing GPS

I am interested in malicious interference in vehicles and a related issue is the spoofing of sensors that are increasing in vehicles.  GPS mapping is common and has an article on how to spoof GPS.  The short version is that a signal is broadcast that overrides the true signal -- the hard part is to do it in a way that cannot be easily detected by the GPS receiver.  Doing so involves manipulating the pseudo-random noise code (PNC) that is contained in the true GPS signal whose purpose is to distinguish among the multiple GPS satellites used for positioning.

Quantum cryptographic communication

The word "quantum" gets attached to multiple, very different technologies related to cryptography leading to confusion. The main two to date are the quantum computer (which has the capability to crack the asymmetric cryptography that underpins the internet) and quantum key distribution (which uses quantum characteristics of photons to securely distribute a symmetric, cryptographic key over an optical fiber).  Now we have a third: quantum, cryptographically-secured communication.  Rather than simply sharing a key as in quantum key distribution, here an entangled photon is used a the key so an eavesdropper intercepting the key will disturb the key rendering the communication indecipherable to everyone, especially the eavesdropper. It is not an existing technology, but the target of recent NSF funding: 

Friday, August 5, 2016

ATM hack using new EMV cards

The new credit cards in the US now have the EMV chips that have been common elsewhere.  They make transactions more secure than the old mag-stripe cards which were easier to duplicate.  However, they are not perfect.  In this attack the point-of-sale (POS) terminal has a "shimmer" installed inside it which sits between the credit card and the POS hardware -- the classic "man-in-the-middle" attack. At some distant location is an ATM machine with an "out-of-order" sign on it.  The ATM has a smartphone that the "shimmer" communicates with to share the information that it is snooping while the credit card's EMV chip at the POS terminal is communicating with the banking system.  The "out-of-order" ATM has a device to emulate the EMV's communication as well as mechanical servos to push buttons.  Using the information from the "shimmer" a transaction is approved, the servos push buttons, and ATM throws out cash. The link ( includes a brief video of a demonstration.

Hotel door locks can be hacked.

It has been known that one brand of hotel lock, Onity, could be easily hacked by plugging into its power port that's on every lock (  At this year's Black Hat an upgraded attack can unlock all the doors in a hotel, including creating a maid's master card.  You scan one card to identify the fields and then brute force the relevant fields (  The solution is old-school: jamb a chair under the door knob or carry a door stop to jamb under the door.

Wednesday, August 3, 2016

How to Hack an Election

There is an interesting article in on a guy who claims to have hacked a number of Central and South American elections.  Basically it is "dirty tricks" using 21st century technology: accessing opponent's data and communication, setting up rumor campaigns on Twitter, etc.

NIST no longer recommends TFA on SMS

"NIST no longer recommends TFA on SMS" -- lots of acronyms! NIST is the National Institute of Standards and Technology.  TFA is two-factor authentication and SMS is the common way texting is done on a smartphone.  TFA requires a second item when logging in, e.g. for Gmail you enter your name and password which triggers Google to send a text (SMS) which a code that you also enter -- two factors: password and texted code.  In this way, if someone has stolen your password, they will be unable to log in unless they also stole and accessed your phone.  SMS fails in multiple ways.  One is a malware app on the phone.  Another is social engineering (conning) the phone company to yield access to the phone.  I believe that the latter has been more common than the former.  TFA can also be done with an authenticator app on the phone and that is still recommended by NIST.  For example, Google has an authenticator app.

Tuesday, August 2, 2016

Don't change your passwords!

Growing research indicates that mandated, frequent password changes result in passwords that users create an algorithm for.  The end result is a predictable password that is easier to crack.  A nice overview is here: