The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: hardware hacking

Hacking Smartphones Running on MediaTek Processors

Hacking Smartphones Running on MediaTek Processors

February 01, 2016Wang Wei
A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely. MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets. The backdoor was discovered by security researcher Justin Case , who already informed MediaTek about the security issue via Twitter, as the chipset manufacturer had no proper vulnerability reporting mechanism in place. The vulnerability is apparently due to a debug tool that was opened up for carriers to test the device on their networks, but unfortunately, it was left open in the shipped devices, thus leaving the serious backdoor open to hackers. If exploited, the debug feature could allow hackers to compromise personal data of an Android device, including user's private contacts, messages, photos, videos and other private data. MediaTek acknowledged the issue, saying "We are aware of this issue, and it has bee
Somebody Offered Money to Raspberry Pi Foundation for Pre-Installing Malware

Somebody Offered Money to Raspberry Pi Foundation for Pre-Installing Malware

December 27, 2015Mohit Kumar
The Raspberry Pi is now gaining attention from malware distributors who want the popular mini-computers to deliver with pre-install malware. The Raspberry Pi Foundation has made a shocking revelation that the charitable foundation has been offered money to install malware onto the Raspberry Pi machines before they were shipped out to users. The Raspberry Pi is an extremely simple computer that looks and feels very basic, but could be built into many geeky projects. Due to the low-cost appeal of the Raspberry Pi, the Foundation has sold over 4 million units. Just Last month, Raspberry Pi unveiled its latest wonder: The Raspberry Pi Zero – a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Last Wednesday, the Foundation tweeted a screenshot of an email in which " business officer"  Linda effectively asked Foundation's director of communications Liz Uptonto to install a suspicious executable file onto Ras
Raspberry Pi Zero — The $5 Tiny Computer is Here

Raspberry Pi Zero — The $5 Tiny Computer is Here

November 26, 2015Swati Khandelwal
Get ready for a ThanksGiving celebration from the Raspberry Pi Foundation. Raspberry Pi, the charitable foundation behind the United Kingdom's best-selling computer, has just unveiled its latest wonder – the Raspberry Pi Zero . Raspberry Pi Zero is a programmable computer that costs just $5 (or £4), may rank as the world's cheapest computer. Raspberry Pi Zero: Just $5 Computer Yes, Pi Zero is the smallest Raspberry Pi yet for just $5, but might be the biggest when looking at its specifications: Broadcom BCM2835 application processor (same as Pi 1) 1GHz ARM11 core (40 percent faster than Raspberry Pi 1) 512MB of LPDDR2 SDRAM Micro-SD card slot MiniHDMI socket for 1080p60 video output Micro-USB for data Micro-USB for power Unpopulated 40-pin GPIO connector Identical pinout to Model A+/B+/2B Unpopulated composite video connector Smallest ever form factor (i.e. 65mm x 30mm x 5mm) Get Your Raspberry Pi Zero Now! The Raspberry Pi is respon
How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

How to Anonymously Access Wi-Fi from 2.5 Miles Away Using This Incredible Device

July 02, 2015Swati Khandelwal
Anonymity is something that seems next to impossible in this era of government surveillance. Even Tor and VPNs are no longer seem to be enough to protect user privacy. Once your IP address is discovered, your Game Over! However, a method have been devised that not only allow users to anonymously connect to public Wi-Fi network, but also let them connect from about 2.5 Miles away . Security researcher Benjamin Caudill has developed a device that adds an extra layer of anonymity to whistleblowers, journalists, dissidents and, of course, criminals. Dubbed ProxyHam , it's a " hardware proxy " that allows users to connect to a long-distance public Wi-Fi network over an unidentifiable low-frequency radio channels, making it more difficult for government agencies and spies to unearth the real identity and source of the Internet traffic. How Proxyham is made?  Proxyham is comprised of a WiFi-enabled Raspberry Pi computer , along with a three antennas setu
This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

This 3D Printed Robot Cracks Combination Locks in Less than 30 Seconds

May 16, 2015Mohit Kumar
Be careful while leaving your important and valuable stuff in your lockers. A 3D printed robot has arrived that can crack a combination lock in as little as 30 seconds. So, it's time to ditch your modern combination locks and started keeping your valuable things in a good old-fashioned locker with keys. A well-known California hacker Samy Kamkar who is expert in cracking locks has built a 3D-printed machine, calling his gadget the " Combo Breaker ," that can crack Master Lock combination padlocks – used on hundreds of thousands of school lockers – in less than 30 seconds. A couple of weeks ago, Kamkar introduced the world how a manufacturing flaw in Master Lock combination locks can easily reveal the full combination by carefully measuring the dial interaction with the shackle in eight or fewer attempts. However, it requires some software and things to do, and who has that much of time? So to make it simple for everyone – On Thursday, the hacker showe
USBKill — Code That Kills Computers Before They Examine USBs for Secrets

USBKill — Code That Kills Computers Before They Examine USBs for Secrets

May 05, 2015Mohit Kumar
USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port. Hey Wait, don't compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in. "USBKill" is a new weapon that could be a boon for whistleblowers, journalists, activists, and even cyber criminals who want to keep their information away from police and cyber thieves. It is like, if you are caught, kill yourself. In the same fashion as terrorists do. Here I am not talking about to kill yourself, but to kill the data from your laptop if the law enforcement has caught your laptop. USBkill does exactly this by turning a thumb drive into a kill switch that if unplugged, forces systems to shut down. Hephaestos ( @h3phaestos ), the author of USBkill, reports that the tool will help prevent users from becoming the next Ross Ulbricht , founder of the infamous underground drug marketplace
Lenovo Shipping PCs with Pre-Installed 'Superfish Malware' that Kills HTTPS

Lenovo Shipping PCs with Pre-Installed 'Superfish Malware' that Kills HTTPS

February 19, 2015Swati Khandelwal
One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks. The software, dubbed ' Superfish Malware ', analyzes users' Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet Explorer based on that activities without the user's permission. Security researchers recently discovered  Superfish Malware  presents onto new consumer-grade Lenovo computers sold before January of 2015. When taken out of the box for the first time, the adware gets activated and because it comes pre-installed, Lenovo customers might end up using it inadvertently. SUPERFISH CERTIFICATE PASSWORD CRACKED The  Superfish Malware  raised serious security concerns about the company's move for breaking fundamental web security protocols, carrying out " Man in the Middle " (MitM) at
Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

August 10, 2014Mohit Kumar
Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all. In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of "secretly" stealing users' information — including SMS messages and photos —from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider . Security Researchers from  F-Secure Antivirus firm  has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to " api.account.xiaomi.com "  server located in China, including following information
Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

January 02, 2014Anonymous
How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany. The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack . The Hardware Hackers  Andrew " bunnie " Huang and Sean "xobs"  described the exploitation method on their blog post ," it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. " It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells. " Flash memory is really
China is planting spying microchips in Electric Iron and kettles that can scan Wi-Fi devices to serve malware

China is planting spying microchips in Electric Iron and kettles that can scan Wi-Fi devices to serve malware

November 01, 2013Anonymous
We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co
Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

Backdoor found in Chinese Tenda Wireless Routers, allows Root access to Hackers

October 19, 2013Mohit Kumar
Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled ' From China, With Love ', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him, China based networking device and equipment manufacturer - Tenda Technology  (www.tenda.cn) also added potential backdoors into their Wireless Routers. He unpacked the software framework update and locate the httpd binary an found that the manufacturer is using GoAhead server, which has been substantially modified. These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router. Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens fo
Integrated circuits can be compromised using Undetectable hardware Trojans

Integrated circuits can be compromised using Undetectable hardware Trojans

September 21, 2013Anonymous
A team of researchers from the U.S. and Europe has developed a Hardware Trojan , which is an undetectable to many techniques, raising the question on need of proper hardware qualification.  They  released a paper on stealthy Dopant-Level Hardware Trojans, showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process. " In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. " states the paper abstract. The Scientists devised two such backdoors they said adversaries could feasibly build into processors to surreptitiously bypass cryptographic protections provided by the computer running the chips
Chinese computer maker Lenovo banned by Spy Agencies

Chinese computer maker Lenovo banned by Spy Agencies

July 29, 2013Wang Wei
According to a new report, the world's biggest personal computer maker, Chinese firm Lenovo Group Limited has reportedly been banned from supplying equipment for  networks of the intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand, due to hacking concerns. Sources from intelligence and defense entities in the UK and Australia have confirmed the ban introduced in the mid-2000s after intensive laboratory testing of its equipment. In 2006 it was disclosed that the US State Department had decided not to use 16,000 new Lenovo computers on classified networks because of security concerns. Serious backdoor vulnerabilities in hardware and firmware were apparently discovered during the tests which could allow attackers to remotely access devices without the knowledge of the owner. Lenovo, headquartered in Beijing, acquired IBM's personal computer business in 2005, after which IBM continued to sell servers and mainframes that we
Malicious Mobile Charger can Hack your iPhone within a minute

Malicious Mobile Charger can Hack your iPhone within a minute

June 03, 2013Mohit Kumar
You might want to be a little more careful the next time you pick up a cheap knock-off accessory for your device to save a few bucks because new hardware hacks could be the next big thing among cyber criminals . Researchers say they've built a custom iPhone wall charger that can Install malware in any iOS device using a custom made malicious chargers called Mactans , which are in turn controlled by a Raspberry-Pi like computer called a BeagleBoard. Mactans, which is named after the black widow spider's Latin taxonomy, will be demonstrated by Billy Lau, Yeongjin Jang, and Chengyu Song at the Black Hat 2013 conference in July and they said all users were vulnerable to attacks over the charger. They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. In order for the malicious software to remain installed and unseen, the trio will show how an attacker can hide their software in the
Illiterate Ethiopian kids hack Motorola Xoom

Illiterate Ethiopian kids hack Motorola Xoom

November 05, 2012Mohit Kumar
About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC's in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech conference last
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.