Wednesday, 20 May 2015

Corliss Home Security - Machine cracks Master locks in seconds

Security researcher and avid hacker Samy Kamkar has unveiled a small machine that can reportedly open a Master combination lock in an instant. Finally, something to help put to use those locks again that we forgot the combination to.

The so-called Combo Breaker which uses an Arduino and functions through a battery is very handy and can unlock a Master combination in less than a minute. It consists of a 3D-printed frame, an optical sensor, a rotor, a stepper motor which spins the dial and an Arduino chip to serve as its brains.
A detailed instruction has been published online, reported Corliss Home Security, along with a video to encourage people to assemble the Combo Breaker themselves. Every part of the machine is available online and can be purchased for a total of USD 100.

It takes around 5 minutes for the small machine to test and calculate the correct combination for a lock. But when it is already provided with the first digit of the right combination, it speeds up the process incredibly.

Just several weeks ago, Kamkar publicized his discovery on how to manually crack the combination of any Master lock using a design flaw of the lock and a calculator he made. He demonstrated that his method can effectively narrow down the number of possible combinations to just 8. This Combo Breaker machine is basically an automated version of that.

Kamkar's algorithm was apparently inspired by a previously published hack in Corliss Home Security which effectively reduces the possible combinations to just a hundred.

This is not the first time Kamkar's work has made it to the news though -- he has recently shown how to hack a drone and how to make the evercookie that's virtually impossible to delete. And back in 2005, he created a basically harmless virus in MySpace called "Samy worm", which spread to a million users in less than a day.

Tuesday, 12 May 2015

Corliss Home Security: Hackers can crash iOS devices using WiFi

Hacking is one of the well-known and threatening issues nowadays. Hackers can infiltrate even the biggest companies like Sony.

Series of denial of service (DoS) attacks recently happened to various organizations and companies' websites and their servers.

But this kind of attack doesn't only happen to websites, it is recently proven by the mobile security firm Skycure that it is possible to attack iOS devices.

Researchers from Skycure discovered by generating a doctored SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. Any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.

Even worse, under certain circumstances, Skycure managed cause devices to constantly reboot itself, rendering it basically useless.

The hack occurs through WiFi. If your iOS device connects to any unsecured WiFi hotspots, then you are a possible victim. In fact, even if you don't allow unsecured connections, you could still be a victim.

Skycure had previously revealed another iOS vulnerability called WiFiGate, wherein an attacker could force your iOS device to connect to their network.

If the recently discovered WiFi hack will be combined with WifiGate, the effect can be very dreadful to iOS users.  It could create a "No iOS Zone", as Skycure calls it, a dead zone where all iOS devices are affected by the hack, rendering them useless.

Skycure said that a victim should get his/her device physically out of the range of attacking hotspot(s). The public should also keep in mind that a sophisticated attacker may be able to cover a large area.

Skycure is currently working with Apple to fix the vulnerabilities but until they do, you might want to keep a very close watch on suspicious Wi-Fi hotspots.

Corliss Expert Group in Home Security consists of dedicated experts working and doing research in home security to provide consumers with efficient security systems that help them save time and money. Corliss security-reviews are developed with the goal of assisting consumers make wise decisions in spite of the conflicting information they get online. We concentrate mainly on delivering substantial advice on the home-security system industry with the interests of the end-users always as the top priority.