Hasta La Gadget!

Almost every phone in existence uses a SIM card, especially GSM-based devices. It turns out, that while SIM cards are encrypted, they can easily be breached with just a couple of text messages, and it apparently takes only a couple of minutes. The hack allows someone to listen in on calls and steal mobile data from a phone.

The hack consists of cloaking a text message so that it looks like it was sent from the carrier, and about a quarter of the time, an error message is sent back containing information about the SIM card that can be used to break into it. After that, another text can be sent that officially finishes the job, allowing hackers into your phone.

Security researcher Karsten Nohl of Security Research Labs discovered the exploit and says that up to 750 million handsets could be vulnerable to the hack. However, he notes that only SIM cards using older data encryption methods are at risk, while SIM cards using the newer Triple DES encryption are safe.

Out of all the mobile phones littering the world, about half of them use SIM cards that still use the older DES encryption. However, the exploit probably won’t last for long, since Nohl reported the vulnerability to the GSM Association, and they plan to speak with all carriers about fixing the exploit.

Nohl also plans to reveal his findings during the upcoming Black Hat conference. Don’t worry too much, though, as Nohl believes cyber criminals haven’t figured out the hack, and it would most likely take around six months for someone to figure it out. By then, carriers are hoping to have already patched the vulnerability.

VIA: New York Times

SIM card hack possible with a couple of text messages is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

The scariest Google Glass hack just got fixed before anyone evil could actually use it, but the details are a little unsettling. Using nothing more than Glass’s camera and a malicious QR code, hackers would have been able to steal total control of the device if you so much as looked at the wrong thing.

Read more…

The Oculus Rift virtual reality headset was originally developed with only gaming in mind, but since the company has been sending out units to game developers, the headset has been used for all sorts of neat things. Most recently, the Oculus Rift has given users a first-person view of RC drones thanks to a little hack.

Co-founder of Intuitive Aerial Erik Torkel Danielsson took his company’s Black Armor Drone and paired it with the Oculus Rift. Since the VR headset essentially uses two displays, two cameras were mounted on top of the drone to stream video simultaneously. The drone also has a laptop on board that encodes the video as it’s being received.

From there, the video is then sent to the computer on the ground, from which it is then transmitted to the Oculus Rift. You’re probably thinking this creates a lot of lag, and you’re almost correct, as Danielsson noticed a latency of about 120 milliseconds, which isn’t bad, but it’s ultimately not ideal.

Danielsson and company are working to make the system better, though, including using newer hardware and cutting down the weight of the electrics on board the drone, as well as upgrade the cameras and increase the range of the transmitters.

If you’re wondering what the company will do with this technology, they haven’t mentioned whether or not they plan to sell these kits to the public at some point in the future, but Oculus Rift and drone owners would undoubtedly love to get their hands on this type of technology, and frankly, it’s possible for anyone to do this with a little know-how.

VIA: Hackaday

Oculus Rift hack puts user inside Black Armor Drone with first-person view is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Many online services are implementing two-factor authentication to bulk up security and prevent unauthorized access to sensitive information. Dropbox is just one of those online services that offers the feature, but it’s been recently discovered that the company’s two-factor authentication method is still vulnerable to breaching.

It turns out that as long as someone has the username and password of your Dropbox account, they can bypass the two-factor authentication and log right into your account with a couple of clever tricks. Since Dropbox doesn’t verify email addresses when users sign up for a new account, a hacker can use a new email address that’s similar to an existing one by placing a period in somewhere, similar to how Gmail addresses work.

For this fake account, two-factor authentication is enabled and an emergency code is generated in case users ever lose their phone. The hacker will then login to the victim’s account, but will be prompted to enter the code for that account. However, the hacker will simply select that the victim lost their phone and they’ll be promoted for that emergency code.

Since the email address that the hacker signed up with is similar to the victim’s email address. the emergency code will work on the victim’s account. From there, the hacker can disable two-factor authentication and gain access into the victim’s Dropbox account. This is because that “baseballboy@yahoo.com” is registered as being the same “baseball.boy@yahoo.com,” just like how Gmail handles email addresses.

Of course, you have to know the user’s password before you can do this, but once you get a hold of it, it seems relatively easy to bypass Dropbox’s two-factor authentication. However, the security team that found the vulnerability is already said to be working with Dropbox to fix the bug.

VIA: The Hacker News

Dropbox hack allows bypass of two-factor authentication is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

If you don’t find yourself particularly enthralled with the small assortment of pre-assembled quadcopters already on the market, Jasper van Loenen’s DIY—or Drone It Yourself—kit lets you turn almost anything into an unmanned aerial vehicle. Or at least anything light enough for its four rotors to lift.

Read more…