Pedro Umbelino – Page 5 – WindowsTechs.com

Ultrasonic Tracking Beacons Rising

Posted on May 4, 2017 by Pedro Umbelino

An ultrasonic beacon is an inaudible sound with encoded data that can be used by a listening device to receive information on just about anything. Beacons can be used, for example, inside a shop to highlight a particular promotion or on a museum for guided tours where the ultrasonic beacons can encode the location. Or they can be used to track ~~people~~ consumers. Imagine if Google find outs… oh, wait… they already did, some years ago. As with almost any technology, it can be used to ‘do no harm’ or to serve other purposes.

Researchers from the Technische Universitat Braunschweig …read more

Continue reading Ultrasonic Tracking Beacons Rising→

Stealing Cars for 20 Bucks

Posted on April 27, 2017 by Pedro Umbelino

[Yingtao Zeng], [Qing Yang], and [Jun Li], a.k.a. the [UnicornTeam], developed the cheapest way so far to hack a passive keyless entry system, as found on some cars: around $22 in parts, give or take a buck. But that’s not all, they manage to increase the previous known effective range of this type of attack from 100 m to around 320 m. They gave a talk at HITB Amsterdam, a couple of weeks ago, and shown their results.

The attack in its essence is not new, and it’s basically just creating a range extender for the keyfob. One radio stays …read more

Continue reading Stealing Cars for 20 Bucks→

You Think You Can’t Be Phished?

Posted on April 19, 2017 by Pedro Umbelino

Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple, it is actually the domain: “https://www.xn--80ak6aa92e.com/“. If you open the page, you can …read more

Continue reading You Think You Can’t Be Phished?→

Broken Yoga Becomes Firewall

Posted on April 17, 2017 by Pedro Umbelino

It seems the older I get, the density of broken and/or old laptops on my garage grows. That’s one of the reasons it’s interesting to know which projects are being made to bring back to life these things. [zigzagjoe] sent us an interesting project he made out of a Lenovo Yoga 2 motherboard: a pfsense router/firewall.

The laptop was damaged, but the main board was functioning just fine. What started as adding an old Pentium heatsink to it and see how good it would work, escalated to a fully working, WiFi, 4 port gigabyte NIC, 3D printed case firewall. The …read more

Continue reading Broken Yoga Becomes Firewall→

Broken Yoga Becomes Firewall

Posted on April 17, 2017 by Pedro Umbelino

Continue reading Broken Yoga Becomes Firewall→

Pi Time – A Fabric RGB Arduino Clock

Posted on April 17, 2017 by Pedro Umbelino

Pi Time is a psychedelic clock made out of fabric and Neopixels, controlled by an Arduino UNO. The clock started out as a quilted Pi symbol. [Chris and Jessica] wanted to make something more around the Pi and added some RGB lights. At the same time, they wanted to make something useful, that’s when they decided to make a clock using Neopixels.

Neopixels, or WS2812Bs, are addressable RGB LEDs , which can be controlled individually by a microcontroller, in this case, an Arduino. The fabric was quilted with a spiral of numbers (3.1415926535…) and the actual reading of …read more

Continue reading Pi Time – A Fabric RGB Arduino Clock→

OBD-II Dongle Attack: Stopping a Moving Car via Bluetooth

Posted on April 14, 2017 by Pedro Umbelino

Researchers from the Argus Research Team found a way to hack into the Bosch Drivelog ODB-II dongle and inject any kind of malicious packets into the CAN bus. This allowed them to, among other things, stop the engine of a moving vehicle by connecting to the dongle via Bluetooth.

Drivelog is Bosch’s smart device for collecting and managing your vehicle’s operating data. It allows a user to connect via Bluetooth to track fuel consumption and to be alerted when service is necessary. It was compromised in a two stage attack. The first vulnerability, an information leak in the authentication process, …read more

Continue reading OBD-II Dongle Attack: Stopping a Moving Car via Bluetooth→

Is My Password Safe? Practices for People Who Know Better

Posted on April 7, 2017 by Pedro Umbelino

A couple of weeks back a report came out where [Tavis Ormandy], a widely known security researcher for Google Project-Zero, showed how it was possible to abuse Lastpass RPC commands and steal user passwords. Irony is… Lastpass is a software designed to keep all your passwords safe and it’s designed in a way that even they can’t access your passwords, the passwords are stored locally using strong cryptography, only you can access them via a master-key. Storing all your passwords in only place has its downfalls. By the way, there is no proof or suggestion that this bug was abused …read more

Continue reading Is My Password Safe? Practices for People Who Know Better→

Modern DIY FM radio

Posted on March 23, 2017 by Pedro Umbelino

Back in the day, building a DIY radio was fun! We only had to get our hands at a germanium diode, make some coils, and with a resistor and long wire as an antenna maybe we could get some sound out of those old white earplugs. That was back then. Now we have things like the Si4703 FM tuner chip that can tune in FM radio in the 76–108 MHz range, comes with integrated AGC and AFC, controlled by I2C, as well as a bunch of other acronyms which seem to make the whole DIY radio-building process outdated. The challenges …read more

Continue reading Modern DIY FM radio→

From XP to 10, DoubleAgent pwns all your Windows?

Posted on March 22, 2017 by Pedro Umbelino

The Cybellum team published a new 0-day technique for injecting code and maintaining persistency on a target computer, baptized DoubleAgent. This technique uses a feature that all Windows versions since XP provide, that allows for an Application Verifier Provider DLL to be installed for any executable. The verifier-provider DLL is just a DLL that is loaded into the process and is supposedly responsible for performing run-time verifications for the application. However, its internal behaviour can be whatever an attacker wants, since he can provide the DLL himself.

Microsoft describes it as:

Application Verifier is a runtime verification tool for unmanaged