Hackers: Cip, cip, Predator - Focus.pl
It's so simple that I wouldn't be surprised if a thousand other people had figured it out sooner, said Cody Brocious, showing at an international Black Hat conference how he uses $ 50 components to open an Onity electronic lock - the kind that secures a typical room hotel.
The trick is to use the small hole in the bottom of the device's case to charge the battery and reprogram. By connecting to it, you can read a 32-bit key. If you send it back after a few seconds, the door will open obediently.
The worst part is that it's not an easy hole to patch. According to Brocious, the software replacement will not help - the lock should be replaced with a new one. Until then, anyone who expects unexpected visits at night must barricade the door with a chair.
Hijack the drone
Parts for the construction of a hacking device for unmanned airplanes used by the US army, such as Predator, known from the war with the Afghan Taliban, cost slightly more, around a thousand dollars. Taking control of the drone is not difficult at all. To do this, scientists from the American University of Texas constructed a device that sent false GPS satellite navigation data. The plane, following its pre-programmed course, had the view at all times that it was on the right course, even when, on the orders of the scientists, it began a rapid dive that was interrupted at the last moment by them.
A similar technique has probably already been used by the Iranian army. First, Iranian engineers jammed the signal transmitting commands to the drone from the control center. This put the aircraft in automatic pilot mode. You can take control over such an unmanned aerial vehicle without communication with the base. The Iranians claim that their attempts were successful (they resulted in the crash of several copies and at least one successful landing at an Iranian airport). But that is where the list of the Iranian ayatollahs' hacking successes ends. Despite the successful attacks on remotely controlled planes, the Iranians are definitely losing in the cybernetic war with the West.
American Trojan Horses
Stuxnet, Duqu, Flame and Gauss - the first letters of the names of hacker programs called Trojan horses are arranged in the order known from the computer keyboard. Trojan horses have been constructed in such a way as to - like air-to-air rockets - to reach a target far beyond the horizon and direct themselves to the target. The idea is simple and brilliant at the same time. American and Israeli interviews, which are credited with authorship of viruses, were modeled on nature. Just as the herpes virus - which is carried by 80 percent of the population - only activates under the right conditions, these Trojans only emerged from hiding when they entered Iran. However, they did not get there through obvious channels, i.e. via internet connections. They were transferred using USB sticks, i.e. popular flash drives. It took months for them to jump from computer to computer, yet they managed to get there in chronological order. First, Stuxnet attacked centrifuges at the Natanz uranium enrichment plant, then Duqu attacked a broader front, stealing information from industrial computers, then Flame launched the attack (whose purpose is unknown to this day, and understanding is hindered by extremely complex code).
Just before this issue was put to print, the last of the family, Gauss, reached Arab computers, targeting not only Iran but also Syria, Sudan, Saudi Arabia, Lebanon and Yemen. He is different from his older brothers. The previous worms were supposed to hit specific devices used in heavy industry and oil processing. Encrypted Gauss is activated when it encounters specific conditions in an ordinary computer - it could be a matter of operating system language or keyboard layout - that uniquely identify the victim's Iranian ancestry.
When the worm is activated, it copies, inter alia, login details for social networking sites, banks (mainly Middle Eastern banks, but also Citibank and Paypal), internet messengers and mailboxes. After exiting hibernation, Gauss begins sending computer screenshots, conversations recorded with a computer microphone and documents found on disk to his principals. Because the worm is modular in structure, its control can change the way it operates at any time and turn an informant into a destroyer.
Computer science experts are sure that this is not the end of the series. They just wonder if the next family member will continue the tradition and whether his name will start with the next letter on the keyboard. These viruses that spread almost by touch are a perfect illustration of a new trend that can be noticed not only in computer science: it is not enough to disconnect the device from the Internet to immunize it against attacks.
Tradition and modernity
Statistics show that the number of thefts of a BMW M1 luxury car has recently tripled in the UK. All because thieves learned to hack these cars. This method involves accessing the diagnostic connector located in the car's cabin. So you have to break the window - and this is where the traditional part of car theft ends. In the next step, burglars connect to the socket under the control board and program a new, clean card - then press the "Start" button and drive away towards the rising sun. The entire operation takes three minutes.
You can also take control of the traffic lights - e.g. using infrared. Some of the traffic lights at intersections in some metropolises are controlled by such signals, which is intended to facilitate the passage of emergency vehicles. However, there have been cases where witty hackers have paralyzed the traffic - the last time it happened in Los Angeles a few years ago. Their Dutch colleagues went even further, using more traditional methods, hacked into the computer controlling traffic lights and ... changed the pictogram of a marching man on the green lights at pedestrian crossings into a picture only for adults. A thing that was impossible in the days of traditional incandescent lamps ...
Infrared was also used by a teenager from Łódź, who four years ago led to several derailments of city trams. The young man constructed a device which - as the policemen searched his apartment put it - "in appearance and design indicated that it could serve as an infrared radiator controlling the position of the switches". The boy confessed to having changed them in three cases, but the investigators also accused him of leading to the most dangerous derailment, which injured twelve passengers.
Take care of the ID!
More and more devices that surround us are equipped with wireless RFID communication. Behind this abbreviation (Radio Frequency Identification) there are small radio devices, used, among others, in access cards known from offices, contactless payment and city cards or electronic tags attached to the packaging of goods, which, replacing traditional bar codes, significantly improve their subsequent handling.
There are many possibilities to modify RFID devices for illicit benefits - from the most obvious, such as lowering the price you pay at the checkout for merchandise, to gaining unauthorized access to secure premises.
The technique used in this case is cloning. Equipped with a coil in the sleeve or under the jacket, the criminal supposedly "bumps" into his victim - for example, an employee going out for lunch. The device placed in the burglar's pocket instantly activates the original ID, which is even easier as many people wear it around their necks. The information goes to the hacker and then it is copied onto a blank sheet. This allows you to impersonate a given person and gain access to protected premises; this is especially dangerous if the identification cards are used as the sole control element for, for example, server rooms.
Anyway - other systems, such as biometrics, are also easy to cheat. Anyone who has a modern smartphone running Android can turn on the lock function that uses face recognition. If your device's camera doesn't notice its user, it won't unlock your phone. But a photo of the owner is also enough to run the phone.
Given these technological flaws, traditional door locks and passwords on computers appear quite secure.
