Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Hardware Some materials adapted from Sam BowneSam Bowne.

Published byBeverly Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Hardware Some materials adapted from Sam BowneSam Bowne."— Presentation transcript:

1 Hacking Hardware Some materials adapted from Sam BowneSam Bowne

2 Physical access  Lock bumping: see next slides. Don't rely solely on locks: use two-factor authentication Lock bumping: – PIN keypad – Fingerprint – Security guard zCloning access cards: not so easy.Cloning access cards: yMagstripe vs RFID cardsMagstripeRFID yOpen RFID reader, andRFID reader ya RFID hack reader and writer.hack reader and writer

3 Normal Key

4 Bump Key zEvery key pin falls to its lowest point zThe key is hit with a screwdriver to create mechanical shocks zThe key pins move up and briefly pass through the shear line zThe lock can be opened at the instant the key pins align on the shear line

5 zEven Medeco locks used in the White House can be bumped

6 Magstripe Cards zISO Standards specify three tracks of data zThere are various standards, but usually no encryption is used

7 Magstripe Card Reader/Writer zUSB connector zAbout $350

8 Magnetic-Stripe Card Explorer

9 Hacking RFID Cards zRFID cards use radio signals instead of magnetism zNow required in passports zData can be read at a distance, and is usually unencrypted  Mifare is most widely deployed brand of secure RFID chips (vulnerabilities). Mifarevulnerabilities

10 Cloning Passports z$250 in equipment zCan steal passport data from a moving car

11 Boston Subway Hack zThe Massachusetts Bay Transportation Authority claims that they added proprietary encryption to make their MiFare Classic cards secure zBut Ron Rivest's students from MIT hacked into it anyway

12 ATA Hardrives ATA Hardrives zBypassing ATA password security

13 ATA Security zRequires a password to access the hard disk zVirtually every hard drive made since 2000 has this feature zIt is part of the ATA specification, and thus not specific to any brand or device. zDoes not encrypt the disk, but prevents access zCountermeasures Don't trust ATA Security Encrypt the drive with Bitlocker, TrueCrypt, PGP, etc.BitlockerTrueCrypt PGP

14 ATA Password Virus zATA Security is used on Microsoft Xbox hard drives and laptops zBUT desktop machines' BIOS is often unaware of ATA security zAn attacker could turn on ATA security, and effectively destroy a hard drive, or hold it for ransom yThe machine won't boot, and no BIOS command can help yThis is only a theoretical attack at the moment

15 Bypassing ATA Passwords zHot Swap yWith an unlocked drive plugged in, enter the BIOS and navigate to the menu that allows you to set a HDD Password yPlug in the locked drive and reset the password zUse factory default master password yNot easy to find ySome examples given in 2600 magazine volume 26 number 12600 magazine

16 Bypassing ATA Passwords zVogon Password Cracker PODVogon yChanges the password from a simple GUI yAllows law enforcement to image the drive, then restore the original password, so the owner never knows anything has happened yWorks by accessing the drive service area xA special area on a disk used for firmware, geometry information, etc. xInaccessible to the user

17 USB drives U3: Software on a Flash Drive zCarry your data and your applications in your pocket! zIt’s like a tiny laptop!

18 U3 Launchpad zJust plug it in, and the Launchpad appears zRun your applications on anyone’s machine zTake all data away with you 18

19 How U3 Works zThe U3 drive appears as two devices in My Computer yA “Removable Disk” yA hidden CD drive named “U3” zThe CD contains software that automatically runs on computers that have Autorun enabled yFor more details, see http://www.everythingusb.com/u3.html http://www.everythingusb.com/u3.html 19

20 Hacking Software On The Disk Partition zPocketKnife is a suite of powerful hacking tools that lives on the disk partition of the U3 drivePocketKnife zJust like any other application zYou can create a custom file to be executed when a U3 drive is plugged in zOr replace the original CD part by a hack.hack 20

21 U3 PocketKnife zSteal passwords zProduct keys zSteal files zKill antivirus software zTurn off the Firewall zAnd more…

22 Military Bans USB Thumb Drives 22

23 USB drives Risk Reduction zTraditional yBlock all USB devices in Group Policy yDisable AutoRun yGlue USB ports shut (?!?!)  Better Solution: IEEE 1667IEEE 1667 yStandard Protocol for Authentication in Host Attachments of Transient Storage Devices  USB devices can be signed and authenticated, so only authorized devices are allowed yin Windows 7, Linux. 23

24 Default Configuration Example: ASUS Eee PC Rooted Out of the Box zThe Eee PC 701 shipped with Xandros Linux zThe Samba file-sharing service was on by default zIt was a vulnerable version, easily rooted by MetasploitMetasploit Easy to learn, Easy to work, Easy to root

25 Default Passwords zMany devices ship with default passwords that are often left unchanged yEspecially routers (seen before)

26 ATM Passwords zIn 2008, these men used default passwords to reprogram ATM machines to hand out $20 bills like they were $1 bills

27 Bluetooth Attacks zBluetooth supports encryption, but it's off by default, and the password is 0000 by default

28 Reverse Engineering Hardware zMostly an engineering endeavor yMapping the device ySniffing the bus data yfirmware reversing yJTAG -- testing interface device for printed circuit boards. Read the book for more details.

Download ppt "Hacking Hardware Some materials adapted from Sam BowneSam Bowne."

Similar presentations

Module 3 Configuring Hardware on a Computer Running Windows XP Professional.

Module 3 Configuring Hardware on a Computer Running Windows XP Professional.
Rambling on the Private Data Security

Rambling on the Private Data Security
© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.

© 2012 All rights reserved to Ceedo. Enhanced Mobility with Tighter Security.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Objectives Overview Define an operating system

Objectives Overview Define an operating system
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Handheld TFTP Server with USB Andrew Pangborn Michael Nusinov RIT Computer Engineering – CE Design 03/20/2008.

Handheld TFTP Server with USB Andrew Pangborn Michael Nusinov RIT Computer Engineering – CE Design 03/20/2008.
Hacking Exposed 7 Network Security Secrets & Solutions

Hacking Exposed 7 Network Security Secrets & Solutions
IS 2101---Fall 2009 Chapter 3 9/2/2009. Epidemics and Health H1N1 – Younger are more at risk – Easily spread in crowds (like classes) Two of your lowest.

IS Fall 2009 Chapter 3 9/2/2009. Epidemics and Health H1N1 – Younger are more at risk – Easily spread in crowds (like classes) Two of your lowest.
Mobility for the Enterprise

Mobility for the Enterprise
Computer Parts There are many parts that work together to make a computer work.

Computer Parts There are many parts that work together to make a computer work.
MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi

MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi
KEEP YOUR COMPUTE SAFE AND HOW TO FIX IT 1. OBJECTIVE Keep your computer safe. -Not about spam, phishing or browser hijacks Designed for the non-geek.

KEEP YOUR COMPUTE SAFE AND HOW TO FIX IT 1. OBJECTIVE Keep your computer safe. -Not about spam, phishing or browser hijacks Designed for the non-geek.
Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog: http://blogs.technet.com/aviraj.

Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:
Chapter 4: Operating Systems and File Management 1 Operating Systems and File Management Chapter 4.

Chapter 4: Operating Systems and File Management 1 Operating Systems and File Management Chapter 4.
The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security

Similar presentations

Ads by Google