SparkFun bluesmirf PIN Scam

That is an officer of the law holding a modified pin pad discovered in Waterloo, Ontario, Canada. You can barely see it in this image but among other mods the pin pad has a BlueSmirf module attached to it. This allows someone sitting within ~100 feet away to capture all of the information transmitted by the pin pad including credit card information and the PIN number. Now SparkFun commented on this issue , and I agree with Nate that all things can be used for good or evil including their products. I don’t believe SparkFun should be blamed in any way for this, it’s the companies that make the pin-pads that should take care more of the security of their devices.

Bad guys will always try to trick the systems but it’s the companies who make credit card processing devices that should be one step ahead of them. I’ve read the comments on SparkFun’s blog and someone who works in a company that makes this devices said that they have all kind of security features that will make the pin pad unusable once someone tried to open it without authorisation. Someone else said they even have an internal battery for monitoring even if the pin-pad is unplugged or has it’s main battery removed so I’m not sure how someone managed to mount the BlueSmirf inside the pin-pad.

Keykeriki, the universal wireless keyboard sniffer

Wireless equipment ranging from mobile phones to routers, car alarms or PC peripherals have become an important part of our lives. Most of us use at least one wireless device every day whether you’re at home or at work because it’s a lot more comfortable having no wires connected.

Keykeriki (from ‘kikeriki’, the sound of a rooster) is a very useful tool for verifying the security level of transmissions from someone’s wireless keyboard. An OpenSource hardware and software project currently working with Microsoft keyboards and free for non-commercial use, the Keykeriki can also demonstrate sniffing attacks for educational purposes only.

Using the Texas Instruments TRF7900 chip, an ATMEL ATMEGA microcontroller and an SDCard interface for logging, the sniffer also has a USART channel for future hardware add-ons that the designers like to call ‘backpacks’. The device requires a 5V power source and can also be powered using the USB port. It can be used with a terminal application or the keyctrl software partially provided in the software package of the project.

Being a very small and flexible project in terms of hardware, but quite ambitious in terms of information provided to the user, most features are built within the software. And it’s a pretty long feature list, with radio frequency channel switching, signal strength display, encryption key handling, deciphering Microsoft’s XOR based encryption, decoding of keystrokes from Microsoft 27Mhz based keyboards and more.

Entitled as ‘universal’, the creators of the sniffer pride themselves with having decoded Logitech keyboards transmissions and they plan on adding this feature in a future release. They are also working on designing a few Backpacks, including LCD display and Iphone interface and they plan on providing ready-made boards at a fair price in just a few weeks.

While the project raises some questions about privacy, it’s definitely an interesting and useful one. As I have mentioned before, it’s an OpenSource project, so coding and hardware schematics are available for download in the link below.

Keykeriki, the universal wireless keyboard sniffer: [Link][Via]

July 15th, 2008

Caller Line Identification

Caller Line Identification

Caller Line Identification

Caller Line Identification

Caller Line Identification displays on a (216) LCD the phone number of the person who is ringing you, before you even answer. Even though most modern phones have this option built-in it’s nice to learn how this things works and who knows it might even be usefull when you try to integrate such a function in a future project. The number stays on the LCD till its replaced by a new received phone number OR if the button is pressed.

The circuit has allot more functions, but I’m not gonna present them here, just visit it’s page to see the full info.

Caller Line Identification: [Link]

Webcam With Servo And Web Interface

The purpose of this project is to show, how you can build a surveillance system with web-page interface. The webcam can be moved vertical or horizontal through the interface, but only in the area that border sensors will allow. The control page is secured with login system, where the user types in an user-name and a password.

On the control page the user can control how the webcam will turn and how many steps it will run. The user can also turn the webcam on and off via web interface. Information about the states will immediately update on the screen. User can also turn the motion detector online, if the camera detects motion, it will automatically save the frames. Naming of the pictures is done with “timestamps”, so it is possible to find out when the picture was taken.

The part that interests me on this project is the servo, because a few years ago i was thinking to something like this, but i never build it. Now it’s nice to see, someone actually build it.
Webcam With Servo And Web Interface: [Link][via]

April 8th, 2008

AVR Ethernet Webserver

AVR Ethernet Webserver very small board

On the previous article i said that i am going to build a project to interface a VGA camera from a phone with a MMC memory. Well this project is even more versatile because of its webserver feature trough ethernet. You’ll just need an old cellular addon camera, an Atmega32 microcontroller and an ENC28J60 Ethernet controller. If you keep things tight the final board should be really small. Heck you can even use this as a spy device, and broadcast over ethernet what the camera see’s.

AVR Ethernet Webserver: all links are dead. sorry

© 2007-2011 YourITronics | Any logo, trademark and project represented here are property of their respective owners | Wordpress | Privacy Policy    RSS