Skip to Content

AOL Tech

exploit posts

Video: PSP Go hacked, says 'hello world!'

As you'd expect, as soon as the PSP Go hit the shelves the homebrew community came out in force, looking to see which of its fave hacks and exploits might have made the trip from the original PSP to its UMD-less brethren. And here we are, with two videos posted by YouTube member Freeplay offering us tantalizing proof that indeed, at least one has. Of course, the whole thing is pretty rudimentary, the result of exploiting a known bug in an existing PSP game (which this particular hacker is remaining tight-lipped about rather than see Sony patch the thing). Karl B., who helped us to this one, provides a caveat: "It's user-mode only, meaning no flash modification, no piracy, no advanced custom themes, no plug-ins -- none of that." All the same, it does our inner geek a sliver of hope, doesn't it? Videos after the break.

[Via PSP Updates, Exophase]

New SMM exploit targets Intel CPU caching vulnerability



This one delves pretty deep into head-scratching territory, but it looks like the folks at Invisible Things Lab have discovered an exploit that could open the door to some potentially serious attacks on certain Intel CPUs paired with some popular motherboards. Of course, the exploit that they've actually released is completely harmless, but it demonstrates that the CPU cache can be "poisoned" to let folks read and write into the otherwise protected SMRAM memory. As NetworkWorld notes, that could lead to some more nefarious folks developing a SMM rootkit, which would be all the more perilous considering that the user of the infected computer would have no way of detecting the attack. For its part, Intel is apparently well aware of the problem, and it has already fixed the vulnerability on some newer boards like the DQ45, but others still in widespread use (like the DQ35 pictured above) have seemingly been left hanging waiting for a fix of some sort.

[Via Network World, thanks Andrew]

The Pwn2Own trifecta: Safari, IE 8, and Firefox exploited on day 1


That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, Charlie Miller pocketed a $5,000 cash prize and a fully-patched MacBook by splitting it wide, and gaining full control of the device after a user clicked on his malicious link. Another white-hatter by the name Nils (pictured) toppled Internet Explorer 8 running on a Windows 7 laptop -- again, the five grand and compromised VAIO P laptop are now his to keep as compensation for turning over the malicious code. So much for "protection that no other browser can match," eh Mr. Ballmer? Nils then demonstrated a second Safari exploit before hacking Firefox later in the afternoon netting him a cool $15k by the close of day one. Only Google's Chrome was left unscathed -- Opera isn't part of the contest. This year's contest will also offer a $10,000 prize for every vulnerability successfully exploited in Windows Mobile, Android, Symbian, and the iPhone and BlackBerry OSes. In other words: this contest that runs through Friday isn't over by any stretch.

[Via ZDNET]

'Curse of Silence' exploit squelches inbound SMS/MMS to Nokia S60 devices

Here's an odd one for you. Tobias Engel of the Chaos Communication Congress has discovered a rather nasty exploit that'll cause any Nokia S60 devices running versions 2.6, 2.8, 3.0 or 3.1 to stop receiving SMS and MMS messages. The "Curse of Silence," which has been independently verified by F-Secure, is triggered by sending an SMS that begins with an email address that's at least 32 characters long. The attacker must also change the protocol identifier to internet electronic mail before sending. Devices with versions 2.8 and 3.1 lock up after 11 such messages and still have some limited receiving capabilities, while 2.6 and 3.0 devices will go completely mum after just one attack. In both cases a factory reset is required to fix it, and he says there is no other known workaround for the user. We don't imagine this being a pervasive issue, but if you've got any tech-savvy enemies or malevolent pranksters in your life, you've been warned. Video demonstration is after the break, or hit up the read link to see if your device is among those listed at risk.

[Via Hack a Day]

Read - Vulnerability Advisory
Read - F-Secure Verification

Refurbished iPhones are an excellent source of previous users' data


It looks like you might have to think twice before flipping that old iPhone on eBay when the 3G version finally hits -- it appears that restoring the phone doesn't actually erase the contents of the flash, meaning that your data is available to anyone with the proper tools until it's overwritten. Making matters worse, it appears that Apple doesn't do a low-level format when refurbishing iPhones either -- an Oregon State Police detective was able to use forensic software to pull files, emails, and screenshots off an out-of-the-box refurbished iPhone. This actually shouldn't be surprising to anyone -- we've seen several utilities that access "deleted" portions of storage -- but since Apple doesn't provide users direct access to the iPhone's filesystem, it's basically impossible to clear your personal data off the device short of restoring and filling the disk with junk data. Hopefully iPhone 2.0's Exchange-based "remote wipe" feature is a bit more secure, eh?

[Via TUAW]

PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat


And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.

Wii Tetris: homebrew edition


If that unplayable version of Pong we saw for the Wii wasn't quite doing it for you, you 'll be happy to know that homebrewer Christian Auby (aka DesktopMan) has just hit the next stage in evolution: Tetris. That's right, you can now get a fully functioning version of the puzzler running on your Wii, thanks to that handy Twilight Princess hack, and what was probably a gargantuan amount of work on Auby's part. The game loads from the GameCube memory slot (using an SD adapter) out of Twilight Princess, but after the hack has been engaged you can jump back to the loader to pull something new off of a card, which should make experimenting a little bit easier. Check the video after the break to see how it all works.

[Thanks, Craig]

Wii Pong: the Twilight Princess hack evolves


Those hackers work fast. Two days ago, we saw a demo of the Zelda: Twilight Princess exploit, which allowed for the possibility of Nintendo's Wii to boot homebrew code off of SD cards via stack smashing (buffer overflow). Now a clever coder named Auby has gone ahead and extended the hack to load an ELF version of Pong which was originally coded for the GameCube. Right now the controls aren't functioning, but it appears that this is a work in progress, so we should be seeing updates to it soon. Check the video after the break to watch the breathtaking drama unfold.

[Thanks, Craig]

New iPhone and iPod touch Safari exploit discovered

It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.

[Via iPhone World]

Security exploit bricks HP and Compaq laptops


A Polish security researcher calling himself porkythepig is apparently gunning hard for HP this month, first exposing a slew of vulnerabilities that affected 83 different HP and Compaq models ten days ago, and today releasing an exploit that allows an attacker to brick any HP or Compaq laptop. The 'sploit takes advantage of a vulnerable ActiveX control in HP's Software Update, allowing a hacker to easily corrupt Windows kernel files, or even take control of the machine with a little more effort. Porkythepig says the bug affects HP and Compaq laptops running Windows 2000, XP, Server 2003 and Vista, and that simply disabling the Software Update mechanism may not prevent attackers from taking advantage of the vulnerability. Even still, those of you out there running HP / Compaq machines may want take a second to shut down Software Update until HP issues a patch.

Update: Wow, we didn't realize how seriously everyone took their slang. For what it's worth, the definition of "bricked" has caused some amusingly serious discussion amongst Engadget editors today, and most agree that it should mean "dead beyond all repair" -- except for Nilay, who keeps stubbornly saying that people "un-brick" devices all the time. We'll stick to the most common definition for now, so no, this exploit didn't "brick" anything.

[Via Slashdot]

iPhone / iPod touch v1.1.1 jailbreak code posted


Well if you like looking through line after line of incomprehensible programming gibberish, make sure to hit up the Read link below, in which the TIFF exploit-based firmware v1.1.1 jailbreak code from team Toc2rta is posted in its entirety. More of an academic exercise for curious geeks than a useful bit of knowledge for the average iPod owner, we're sure there's still some interest out there in seeing exactly how this hack was developed. And as usual, if you do decide to go about 'breaking your device as previously described on these pages, we're, like, totally not responsible for any undesired consequences.

MacBook WiFi hack to be published, sound of snoring overpowers announcement


You may remember good-old David Maynor, the infamous hacker who caused a stir in the Mac community by "exploiting" a "loophole" in a MacBook's WiFi that allowed an outside user to gain control of the system. Of course, the hack was then promptly disputed by all sorts of people, said to be a hoax, and generally made fun of. A little bit later on, Maynor and co. turned up in a nerd-tastic war of words on the internet over an OS X "worm," trading barbs, assuming fake names, creating counterfeit blogs, and eventually being reduced to death-threats and public "outings" of their online personalities. Now, according to reports, Maynor is "officially" publishing the details of his original exploit, freed from legal shackles (i.e., NDAs) which he claim prevented him from revealing the truth about his hack. The hot-blooded work is to be published in the September issue of Uninformed.org (an online hacking journal). Says Maynor, "Let them tear me apart all they want but at the end of the day the technical merit of the paper will stand on its own." To which we respond: your 15 minutes are up.

Hackers crash e-passport readers -- stage set for exploits

Lukas Grunwald -- last seen cloning Germany's RFID passports -- is back with more "white hat" hackery on the world's new e-passport systems. This time, however, he's crashing RFID readers to demonstrate how a hacked passport could conceivably force approval of expired or forged passports. After all, "If you're able to crash something you are most likely able to exploit it," says Grunwald. Lukas was able to crash two passport readers made by different vendors by first cloning a passport's chip and then modding the JPEG2000 image file stored within the chip to create a buffer overflow condition -- the same vulnerabilities which make so many devices (the original Xbox, anyone?) so easily exploitable. Lukas contends that all airport readers are likely vulnerable to such an exploit as they would be using off-the-shelf libraries for decoding JPEG images. Lukas will be demonstrating his latest hack this weekend at DefCon in Vegas. Hmmm, with CES moving to RFID badges this year, we have a funny feeling that attendance is going to be way up.

[Via BoingBoing]

Safari exploit gives hackers full control over iPhones and possibly PCs and Macs

Oops, researchers just unveiled a pretty serious security vulnerability in the iPhone. More specifically, it's Apple's Safari web browser which exhibits the vulnerability. Researchers at Independent Security Evaluators have used the vulnerability to take malicious control of the iPhone from rogue websites loaded with the exploit. Once in, researchers have full administrative access over the phone allowing them to listen in on room audio or snatch the SMS log, address book, call history, email passwords and more -- we're talking full access to your phone. Researchers note that the only way to stay safe is to check those URLs and only visit sites that you trust (which isn't very reassuring) and "may or may not be exploitable" from Mac and PC versions of Safari -- the same vulnerability exists only they haven't written the proof-of-concept exploit to test it yet. Apple has been notified of the vulnerability and a proposed fix with full public disclosure coming at the BlackHat conference on August 2nd. You listening InfoSec Sellout? That's how you report a bug. Check the exploit in video form after the break.

[Via MacRumors]

Apple issues fix for recently discovered QuickTime flaw

Just over a week after a dubious duo found a way to commandeer a Mac thanks to an elusive flaw in QuickTime (of all things), Apple's security police have purportedly fixed the flaw and issued an update. Apparently, the hole could be "exploited through a rigged website and let an attacker control computers running both Mac OS X and Windows," and the firm elaborated by stating that a "maliciously crafted Java applet could lead to arbitrary code execution" if users didn't apply the patch. The newest version of QuickTime now sits at 7.1.6, and reportedly "repairs the problem by performing additional checking," and interestingly enough, Apple seemingly tipped its hat to Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. So make sure you fire up that Software Update today if you haven't already -- a presumably small bundle of downloadable joy should be waiting.
Zune HD ExposedHTC Hero: Android Evolved
Follow us on TwitterEngadget Video



AOL News

Joystiq

Download Squad

TUAW

Daily Finance

Asylum

Autoblog

Switched.com

FanHouse

Autoblog Green