hacks
Latest
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
Amazon, Apple stop taking key account changes over the phone after identity breach
By now, you may have heard the story of the identity 'hack' perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone -- and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn't been as direct about what's going on, but Wired believes there's been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required. Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren't followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.
Adafruit launches Raspberry Pi Educational Linux Distro, hastens our hacking
The Raspberry Pi is already considered a hacker's paradise. However, that assumes that owners have all the software they need to start in the first place. Adafruit wants to give the process a little nudge through its Raspberry Pi Educational Linux Distro. The software includes a customized distribution of Raspbian, Occidentalis, that either turns on or optimizes SSHD access, Bonjour networking, WiFi adapter support and other hack-friendly tools. The build further rolls in Hexxeh's firmware and a big, pre-built 4GB SD card image. Before you start frantically clicking the download link, be aware that the "educational" title doesn't refer to a neophyte's playground -- Adafruit still assumes you know enough about Linux and Raspberry Pi units to be productive (or dangerous). Anyone who was already intrigued by the Raspberry Pi by itself, though, might appreciate what happens when it's tossed into a fruit salad.
Report: Ubisoft's UPlay service may have browser exploit on PC [update: Ubisoft responds]
Between delays and draconian DRM, Ubisoft doesn't exactly have the best track record when it comes to the PC versions of its products. We might have to add browser exploits to that list, if a post on Seclists.org is to be believed. According to a poster by the name of Tavis Ormandy, Ubisoft's UPlay browser plugin, designed to let users launch a game from the web, contains an exploit – namely one that allows "wide access to websites."Ormandy discovered the flaw in the PC version of Assassin's Creed Revelations, though it's reasonable to assume it would appear in all of Ubisoft's UPlay enabled PC titles. The upshot of this, according to TechDirt, is that the exploit could allow any website – i.e. "bad websites" – access to your computer. Both Joystiq and Engadget have contacted Ubisoft to confirm the flaw. In the meantime, you may want to disable the UPlay browser plugin. Update: Ubisoft has made a statement on the issue, reports RPS. The company has acknowledged the flaw and has made a "forced patch" to resolve the issue. The company recommends that "all Uplay users update their Uplay PC application without a Web browser open," which will "allow the plug-in to update correctly." The UPlay PC installer has also been updated to include the patch, and is available via the UPlay website.
Defcon 20 visitors get their own 'pirate' cellular network in Ninja Tel, exclusive One V to match
The annual Defcon hacking meetup produces its share of unique creations. You know you're in for something special when even your entrance badge is an adventure. Defcon 20 might be winding to a close, but about 650 guests may just have the fondest memory of all: access to a private, ad hoc GSM carrier from Ninja Networks. While the collective's Ninja Tel is really an invitation to a party at the Rio Hotel, where the lone cell site operates out of a van, it lets the privileged few call and text each other to their hearts' content over cellular and WiFi. The network operators can unsurprisingly eavesdrop on any of the completely unencrypted calls -- this is a hacker's convention, after all -- but we don't think guests mind after getting an equally rare, customized HTC One V for free to make the calls in question. The Android 4.0 phone gets unique perks like triggering a nearby vending machine with Qualcomm's AllJoyn or making apps on the spot through Google's Integrated Development Environment. Owners can even reflash the One V to hop on AT&T or T-Mobile afterwards. Just don't expect to see Ninja Tel popping up in your hometown anytime soon; when Defcon shuts its doors, the cellular network shuts down.
Motorola to allow bootloader unlocking from Photon Q 4G LTE onwards
Motorola's initial promise to allow unlocked bootloaders came across to many enthusiasts as somewhat hollow: as long as there was an escape clause, carriers like AT&T and Verizon could clamp down and maintain the tough-to-modify status quo. RAZR-philes will be happy to know that there's a plan to cut their own chains loose, after all. Starting with the Photon Q 4G LTE's August launch, owners will have the option to unlock the bootloader of at least some devices in an official way that reportedly keeps carriers satisfied. Details of how the process works will come later; we don't know if Motorola will take a cue from HTC's identifier tokens or try something more exotic, even if it's likely in either case to offer a big, fat disclaimer regarding the warranty. The option won't be the same as buying a phone that's unlocked from the start, but we don't think too many custom ROM lovers will mind after knowing that one more Android manufacturer is on their side. [Thanks, RTbar]
Hacker finds flaw in hotel locks, can ruin your vacation with $50 DIY gadget
Admittedly, the headline is designed to get your dander up. You're in no immediate danger of a technologically-gifted thief plugging a couple of wires into your hotel door and making off with your sack of souvenirs from the Mall of America. But that's not to say it's impossible. Cody Brocious, who was recently brought on by Mozilla to work on Boot to Gecko, is giving a presentation at the annual Black Hat conference in Vegas where he demonstrates a method for cracking open keycard locks with a homemade $50 device. The hack only works on locks made by Onity at the moment, and real life testing with a reporter from Forbes only succeeded in opening one of three hotel doors. Still, with between four and five million Onity locks installed across the country (according to the company), that is a lot of vulnerable rooms. The attack is possible thanks to a DC jack on the underside of the lock that's used to reprogram the doors. This provides direct access to the lock's memory, which is also home to the numeric key required to release the latch -- a key that is protected by what Brocious described as "weak encryption." Ultimately the source code and design for the Arduino-based unlocker will be published online alongside a research paper explaining how these locks work and why they're inherently insecure. The hope is that manufacturers will take notice and improve the security of their wares before the world's ne'er-do-wells perfect Brocious' technique.
Apple to present at Black Hat conference for first time, talk about iOS' padlocks
Apple is taking a different, more cautious tack when it comes to security these days. That doesn't make it any less surprising that the company is planning to give a presentation at the Black Hat conference: the company will have someone on stage for the first time and won't just socialize in the corridors. When he takes to the podium on July 26th, platform security manager Dallas De Atley will go into detail regarding iOS' security measures in front of an audience used to finding a way around them. The company hasn't said whether that involves current or future technology; we suspect that Apple may be eager to show what iOS 6 brings to the table, however. If it all goes down like Black Hat general manager Trey Ford says it will, Apple may both open up a bit on security and set more of the agenda this week -- instead of letting conference goers set it themselves.
DARPA-backed Power Pwn is power strip by day, superhero hack machine by night
Call the Power Pwn the champion of white hat hacking. Underneath that Clark Kent power strip exterior, there's a Superman of full-scale breach testing that can push the limits of just about any company network, whether it takes 3G, Ethernet or WiFi to get there. Pwnie Express' stealthy sequel to the Pwn Plug ships with a Debian 6 instance of Linux whose handy hacking tools are as easy to launch as they are tough to detect. There's just one step needed to create a snoop-friendly Evil AP WiFi hotspot, and the box dodges around low-level NAC/802.1x/RADIUS network authentication without any help; in the same breath, it can easily leap into stealth mode and keeps an ongoing encrypted link to give do-gooders a real challenge. The hacker doesn't even need to be in the same ZIP code to crack a firewall or VPN -- the 3G link lets the Power Pwn take bash command-line instructions through SMS messages and doles out some of its feedback the same way. While the $1,295 device can theoretically be used for nefarious purposes, DARPA's blessing (and funding) should help keep the Power Pwn safely in the hands of security pros and thwart more than a few dastardly villains looking for weak networks.
HTC HD2 gets unofficial Android 4.1 Jelly Bean port, becomes the Phone That Would Not Die
There's a golden rule for the HTC HD2: if there's a new mobile OS, the HD2 must get a port. It's practically a law of nature, then, that Evervolv at the XDA-Developers forums has produced a pre-alpha port of Android 4.1 for the originally Windows Mobile-based legend. More components are working than not despite the extremely early state, with the camera, Google Now and web browser being the remaining bugaboos. We're still warned that the experimental firmware isn't meant for day-to-day use, but there's every intention of making the release stable -- good news for anyone who's eager to avoid a flash-in-the-pan ROM. If that happens, the HD2 will have had nearly as many lives as a cat.
CyanogenMod developers slap Jelly Bean on an Optimus 4X HD, tease CM10 (video)
That didn't take long. The boys behind CyanogenMod promised a quick turnaround for its upcoming JellyBean-based update and are already teasing workable CM10 ROMs. CyanogenMod's Ricardo Cerqueira tossed a video of an early CM10 build on his YouTube page, declaring "it lives!" The early build is running on an LG Optimus 4X HD, and runs through unlocking the screen and recording and playing back a video. The build is still having some trouble with Google's revamped search integration, but considering Android 4.1's source code was released only days ago, the quick development is promising. Check out Cercuiera's quick demo for yourself after the break.
Q2 and Q4 Xbee controllers have the gimbals to handle your most unwieldy robotics projects
Yes, we've seen an XBee radio interface with RC robots before, but Quantum Robotics' open-source Xbee handheld controllers have enough gimbals, push buttons and toggle switches to leave us starry-eyed. The Q2 and Q4, both open for funding on Kickstarter, use a XBee wireless transceiver to transfer data and a Parallex Propeller to act as the main processor, and both models put most controllers to shame with a ton of options. While the Q4 uses four PlayStation-style joysticks, the Q2 sports two RC gimbals, and both can be modified to add extra functionality based on the project at hand. Clearly, the more complicated the robot, the more fun these controllers are -- take a look at the Q4 interacting with a hexapod and a robotic arm in the video below.
Nexus Q hacked to launch apps, gets remote control web app
So, that first round of Nexus Q hacks? Impressive in terms of turn around time, not so much when functionality is your primary metric. But, a couple of weeks with the gorgeous, if questionably useful device, has started to produce some truly exciting results. The one that has our tinkering fingers itching most, puts a launcher and apps right at your finger tips... well, mouse pointer. The hack is hardly for the meek but, if you're already in possession of a Nexus Q, we're sure pushing a few .apks via adb won't unsettle you too much. The solution is far from perfect, but the Android foundation is able to recognize keyboards and mice it seems without issue. What really makes this a great hack, of course, is the ability to install apps like Netflix and Angry Birds finally freeing the Q from its arguably artificial shackles. If you're looking for something a little less involved (and decidedly less cool) there's also QRemote, an .apk you can push to your Q that lets you control it via a web browser. It doesn't expose any additional functionality, but at least it lets you skip tracks from your PC or other non-Jelly Bean device. You can see both in action after the break, and all the relevant files and accompanying instructions live at the source links.
OUYA's Android-based, hackable game console now official: we chat with designer Yves Behar (update: funded)
A handful of details briefly slipped out about the project earlier, but now it's here: the OUYA, an attempt not just to delve into the cutthroat world of TV game consoles but to try and shift the goal posts. At its heart, the design sounds more like a smartphone than a gaming rig with a quad-core Tegra 3 and 8GB of storage running Android 4.0. The upscale, RF wireless gamepad's standout is a built-in trackpad for playing mobile games alongside the familiar sticks and buttons -- clever, though not entirely new. But with completely open hardware and software, an emphasis on free-to-play gaming and an all-important $99 price, the system is a gamble by a handful of game industry luminaries that at least a subset of players are frustrated with the status quo enough to want a real break. Read on for the full details, including a Kickstarter project as well as added details from our chat with OUYA (and Jambox) designer Yves Behar.
Verizon support blames Samsung for locked bootloader in Galaxy S III (updated)
Verizon cleared up its stance on locking the bootloaders in phones using its network earlier this year. In short: it encourages OEMs to do so, to keep its network humming along as Big Red feels it should. Well, it seems that VZW Support is telling a different story, as it's laid blame for the Galaxy S III's closed bootloader squarely at Samsung's feet, claiming that it's locked "per the Manufacturer." Now, that doesn't explicitly state that VZW had no part to play in denying users access, but it surely seems like this is a game of PR pass the buck to us. Of course, as we reported earlier, there's a workaround to be had by rooting the GSIII, which revealed a vulnerability allowing non-stock ROMs to be flashed to the device. But it's only a partial workaround, as the kernel's signed and implementing a full custom ROM experience is neither for the unskilled nor the faint of heart. We reached out to both Verizon and Samsung for comment on the matter, but have yet to hear back. While you wait for official word, feel free to check out the ongoing conversation at the source link below. [Thanks, @supercurio] Update: Seems that Verizon's still singing the same tune it was back in February, claiming that unauthorized software brought by open bootloaders could harm the overall network user experience: Verizon Wireless has established a standard of excellence in customer experience with our branded devices and customer service. There is an expectation that if a customer has a question, they can call Verizon Wireless for answers that help them maximize their enjoyment and use of their wireless phone. Depending on the device, an open bootloader could prevent Verizon Wireless from providing the same level of customer experience and support because it would allow users to change the phone or otherwise modify the software and, potentially, negatively impact how the phone connects with the network. The addition of unapproved software could also negatively impact the wireless experience for other customers. It is always a delicate balance for any company to manage the technology choices we make for our branded devices and the requests of a few who may want a different device experience. We always review our technology choices to ensure that we provide the best solution for as many customers as possible.
SRK contest produces a 26-button Starcraft II arcade controller, probably won't stop Zerg rushes (video)
Almost as a dare, Shoryuken (SRK) challenged its fans to produce a fighting game-style controller for Starcraft II. Mauricio Romano took them up on that contest and won with a surprisingly polished arcade stick of his own. Its cornerstone is a heavily modified Ultrastik joystick that's turned into an on-controller, two-button mouse. You didn't think a PC gamer would cling to a plain joystick, did you? In the process, the usual 101 keys of a typical keyboard have been pared down to a set of 26 buttons most relevant for Blizzard's real-time strategy epic. Packaged up in a single, polished USB peripheral, the one-off prototype's design is good enough to imagine a Major League Gaming pro taking it out on the road. We'd put that idea on ice for now, though: as Mauricio shows in the video below, the learning curve is steep enough that most players won't be fending off diamond-league marine and zergling blitzes anytime soon.
CyanogenMod plans a quick leap to Jelly Bean for version 10, existing devices likely to tag along
Whenever there's a new version of Android, Steve Kondik and the CyanogenMod team tend to swing into action almost immediately with plans for a major revision of the fan-favorite platform overhaul. For Android 4.1 Jelly Bean, that swing will be faster than ever. The crew's early looks suggest that there will only be a few minor tweaks needed to merge Google's latest with the custom Android code, making CyanogenMod 10 a relative snap to produce. The update's release is still very much up in the air without the Android Open Source Project code available to modify; that said, device compatibility also isn't expected to be an obstacle. Any device that can run CyanogenMod 9 should run version 10 when it's released. As long as we're willing to wait for a stable 9.0 to emerge first, there are few barriers to making Jelly Bean that much sweeter.
Chromium OS gets ported to Raspberry Pi
Hexxeh has already proven his love for Chromium OS and the Raspberry Pi, obviously the next step was for the hacker to combine his passions into one project. Thus was born Chromium OS for the tiny ARM-powered computer from the UK. The initial commit of the port was officially approved by the Chromium team, meaning that anyone lucky enough to get their mitts on the board can download the code themselves. Of course, there's a long road to hoe before we see a stable version -- if we ever see such a thing. Right now the OS does little more than boot up, but if the embedded version of Chromium can be made to function without issue it could make browsing the web on the Broadcom SOC-sporting PC much less painful. Then again, performance is a big question mark. Seeing how much the 700MHz ARM11 chip struggled with the Midori browser, we wouldn't hold our breath for miracles. Then again, the underlying system is far less demanding than a full fledged Linux distro with a desktop. Hit up the source link to download Chromium OS for the Raspberry Pi yourself.
Intel's NUC mini-desktop said to cost around $400
Intel's Next Unit of Computing mini-desktop is reportedly going to cost around $400 when it arrives in the third quarter of the year. Designed for kiosks and digital signage setups, the weeny box has attracted so much interest from solder-wielding modders that the company expects it to go on general sale. The initial unit will include a Sandy Bridge Core i3, 4GB RAM and a 40GB SSD, while on the outside it'll come with three USB 2.0 ports and dual HDMI outputs. That high price might dampen the spirits of those hoping for an Intel-powered Arduino / Raspberry Pi, but we still expect to see it crop up in plenty of brilliant mods next year.
LinkedIn confirms security breach, 'some passwords' affected
Reports began swirling this morning that around six million passwords attached to LinkedIn accounts had been compromised, and after looking into the matter, the site has confirmed that "some of the passwords" attached to accounts of LinkedIn members have been affected. The network doesn't specify the number of passwords leaked, nor does it confirm the rumored count of six million. It does, however, promise that it will invalidate passwords of the hit accounts -- and vows to send an email to each affected user with instructions on how to reset their password, followed by another piece of correspondence explaining what happened. Below you'll find the company's official statement, as well as what it is doing to ensure its members are safe.
