Pedro Umbelino – Page 4 – WindowsTechs.com

Broadpwn – All Your Mobiles are Belong to Us

Posted on July 29, 2017 by Pedro Umbelino

Researchers from Exodus Intel recently published details on a flaw that exists on several Broadcom WiFi chipsets. It’s estimated to affect nearly 1 Billion devices, from Android to iPhone. Just to name a few in the top list:

Samsung Galaxy from S3 through S8, inclusive
All Samsung Notes3. Nexus 5, 6, 6X and 6P
All iPhones after iPhone 5

So how did this happen? And how does a bug affect so many different devices?

A smart phone nowadays is a very complicated mesh of interconnected chips. Besides the main processor, there are several other secondary processors handling specialized tasks which …read more

Continue reading Broadpwn – All Your Mobiles are Belong to Us→

Hackaday Prize Entry: Water Level Station

Posted on June 3, 2017 by Pedro Umbelino

All over the world, in particular in underdeveloped countries, people die every year by the thousands because of floods. The sudden rise of water levels often come unannounced and people have no time to react before they are caught in a bad spot. Modern countries commonly have measure equipment deployed around problematic areas but they are usually expensive for third world countries to afford.

[Benne] project devises a low-cost, cloud-connected, water level measuring station to allow remote and central water level monitoring for local authorities. He hopes that by being able to monitor water levels in a more precise and …read more

Continue reading Hackaday Prize Entry: Water Level Station→

Malduino Elite – First Impressions

Posted on May 31, 2017 by Pedro Umbelino

A while back, I wrote an article about Malduino, an Arduino-based, open-source BadUSB device. I found the project interesting so I signed up for an Elite version and sure enough, the friendly postman dropped it off in my mail box last Friday, which means I got to play around with it over the weekend. For those who missed the article, Malduino is USB device which is able to emulate a keyboard and inject keystrokes, among other things. When in a proper casing, it will just look like a USB flash drive. It’s like those things you see in the movies …read more

Continue reading Malduino Elite – First Impressions→

Nitro Powered Rotary Tool

Posted on May 30, 2017 by Pedro Umbelino

We really don’t know if the world needs it but we’re sure glad [johnnyq90] took the time to build one. We’re talking about a nitro powered rotary tool. Based on a Kyosho GX-12 nitro engine, commonly used in R/C cars, [johnnyq90] machines almost all other parts in his shop to make a really cool ‘Nitro-Dremel’. But success didn’t come at the first try.

The first prototype was made using a COX 049 engine but the lack of proper lubrication cause damage to the crankshaft. Because of this setback, [johnnyq90] swaps it out with a O.S Max 10 Aero engine he …read more

Continue reading Nitro Powered Rotary Tool→

Hackaday Prize Entry: LiFePO4wered/Pi+

Posted on May 26, 2017 by Pedro Umbelino

For some of you the title might seem familiar, as [Patrick Van Oosterwijck] LiFePO4wered/Pi project is a quite successful Hackaday.io project. Now he’s designing from scratch the plus version to fill in some gaps and solve some of the challenges that affected the initial project. So what exactly is LiFePO4wered/Pi+ and what can it do?

In a nutshell, it’s a smart UPS for the Raspberry Pi. The standard version allows a Model A+ and Pi Zero to run on battery for over 2 hours, and the B+, B2 and B3 to run for at least an hour (it maybe less, …read more

Continue reading Hackaday Prize Entry: LiFePO4wered/Pi+→

Hacked by Subtitles

Posted on May 25, 2017 by Pedro Umbelino

CheckPoint researchers published in the company blog a warning about a vulnerability affecting several video players. They found that VLC, Kodi (XBMC), Popcorn-Time and strem.io are all vulnerable to attack via malicious subtitle files. By carefully crafting a subtitles file they claim to have managed to take complete control over any type of device using the affected players when they try to load a video and the respective subtitles.

According to the researchers, things look pretty grim:

We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most

Continue reading Hacked by Subtitles→

Linux SambaCry

Posted on May 25, 2017 by Pedro Umbelino

Great news everyone, Windows is not the only operating system with remote code execution via SMB. Linux has also its own, seven-year-old version of the bug. /s

This Linux remote execution vulnerability (CVE-2017-7494) affects Samba, the Linux re-implementation of the SMB networking protocol, from versions 3.5.0 onwards (since 2010). The SambaCry moniker was almost unavoidable.

The bug, however, has nothing to do on how Eternalblue works, one of the exploits that the current version of WannaCry ransomware packs with. While Eternalblue is essentially a buffer overflow exploit, CVE-2017-7494 takes advantage of an arbitrary shared library load. To exploit it, a …read more

Continue reading Linux SambaCry→

Hackaday Prize Entry: Heart Failure Detection Device

Posted on May 25, 2017 by Pedro Umbelino

Early and low-cost detection of a Heart Failure is the proposal of [Jean Pierre Le Rouzic] for his entry for the 2017 Hackaday Prize. His device is based on a low-cost Doppler device, like those fetal Doppler devices used to listen an unborn baby hearth, feeding a machine learning algorithm that could differentiate between a healthy and an unhealthy hearth.

The theory behind it is that a regular, healthy hearth tissue has a different acoustic impedance than degenerated tissue. Based on the acoustic impedance, the device would classify the tissue as: normal, degenerated, granulated or fibrous. Each category indicates specific …read more

Continue reading Hackaday Prize Entry: Heart Failure Detection Device→

Hackaday Prize Entry: WiFi ePaper

Posted on May 22, 2017 by Pedro Umbelino

[Frank Buss] designed an electronic version of a sticky note: a WiFi enabled, solar-powered ePaper, with magnets embedded in the casing. It’s based on the new ESP32, and the idea is that you can update it via your smart-phone or over the internet via a cloud app to show any message you want. Being an ePaper display, the power consumption is greatly reduced, at least if you are cautious using the ESP32.

The final version plans to poll a server once per hour to get a new image to display. Depending on the final size and battery constraints, our guess …read more

Continue reading Hackaday Prize Entry: WiFi ePaper→

Git Shell Bypass, Less is More

Posted on May 11, 2017 by Pedro Umbelino

We’ve always been a fans of wargames. Not the movie (well, also the movie) but I’m referring to hacking wargames. There are several formats but usually you have access to an initial shell account somewhere, which is level0, and you have to exploit some flaw in the system to manage to get level1 permissions and so forth. Almost always there’s a level where you have to exploit a legitimate binary (with some shady permissions) that does more than what the regular user thinks.

In the case of CVE-2017-8386, less is more.

[Timo Schmid] details how the git-shell, a restricted …read more

Continue reading Git Shell Bypass, Less is More→