Last weekend saw the announcement of ProxyHam, a device that anonymizes Internet activity by jumping on WiFi from public libraries and cafes over a 900MHz radio link. The project mysteriously disappeared and was stricken from the DEFCON schedule. No one knows why, but we spent some time speculating on that and on what hardware was actually used in the undisclosed build.

[Samy Kamkar] has just improved on the ProxyHam concept with ProxyGambit, a device that decouples your location from your IP address. But [Samy]’s build isn’t limited to ProxyHam’s claimed two-mile range. ProxyGambit can work anywhere on the planet over a 2G connection, or up to 10km (6 miles) away through a line-of-sight point to point wireless link.

The more GSM version of ProxyGambit uses two Adafruit FONA GSM breakout boards, two Arduinos, and two Raspberry Pis. The FONA board produces an outbound TCP connection over 2G. The Arduino serves as a serial connection over a reverse TCP tunnel and connects directly to the UART of a Raspberry Pi. The Pi is simply a network bridge at either end of the connection. By reverse tunneling a TCP connection through the ‘throwaway’ part of the build, [Samy] can get an Internet connection anywhere that has 2G service.

Although it’s just a proof of concept and should not be used by anyone who actually needs anonymity, the ProxyGambit does have a few advantages over the ProxyHam. It’s usable just about everywhere on the planet, and not just within two miles of the public WiFi access point. The source for ProxyGambit is also available, something that will never be said of the ProxyHam.

Most of us have had a sibling that would sneak into our room to swipe a transistor, play your guitar or just mess with your stuff in general. Now there’s a way to be immediately alerted when said sibling crosses the line, literally. [Ronnie] built a laser trip wire complete with an LCD screen and keypad for arming and disarming the system.

The brains of the project is an Arduino. There’s a keypad for inputting pass codes and an LCD screen for communicating if the entered code is correct or not. [Ronnie] wrote his own program using the keypad.h, liquidcrystal.h and password.h libraries. A small laser pointer is shined at a Light Dependent Resistor which in turn outputs an analog signal to the Arduino. When the laser beam is interrupted, the output voltage drops, the Arduino sees that voltage drop and then turns on the alarm buzzer. The value that triggers the alarm is set mid-way between the values created by normal daylight and when the laser beam is hitting the LDR. [Ronnie] made his code and wiring diagram available for anyone who’s interested in making their own laser trip wire.

Hopefully, [Ronnie’s] pesky little brother didn’t watch his YouTube video (view it after the break) to find out the secret pass code. For a laser trip wire sans keypad, check out this portable one.

[Nikhil] has been experimenting with human interface devices (HID) in relation to security. We’ve seen in the past how HID can be exploited using inexpensive equipment. [Nikhil] has built his own simple device to drop malicious files onto target computers using HID technology.

The system runs on a Teensy 3.0. The Teensy is like a very small version of Arduino that has built-in functionality for emulating human interface devices, such as keyboards. This means that you can trick a computer into believing the Teensy is a keyboard. The computer will treat it as such, and the Teensy can enter keystrokes into the computer as though it were a human typing them. You can see how this might be a security problem.

[Nikhil’s] device uses a very simple trick to install files on a target machine. It simply opens up Powershell and runs a one-liner command. Generally, this commend will create a file based on input received from a web site controlled by the attacker. The script might download a trojan virus, or it might create a shortcut on the user’s desktop which will run a malicious script. The device can also create hot keys that will run a specific script every time the user presses that key.

Protecting from this type off attack can be difficult. Your primary option would be to strictly control USB devices, but this can be difficult to manage, especially in large organizations. Web filtering would also help in this specific case, since the attack relies on downloading files from the web. Your best bet might be to train users to not plug in any old USB device they find lying around. Regardless of the methodology, it’s important to know that this stuff is out there in the wild.

[Don] wanted to bring his alarm system into the modern age. He figured that making it more connected would do the trick. Specifically, he wanted his alarm system to send him an SMS message whenever the alarm was tripped.

[Don] first had to figure out a way to trigger an event when the alarm sounds. He found a screw terminal that lead to the siren. When the alarm is tripped, this screw terminal outputs 12V to enable the siren. This would be a good place to monitor for an alarm trip.

[Don] is using an Arduino nano to monitor the alarm signal. This meant that the 12V signal needed to be stepped down. He ran it through a resistor and a Zener diode to lower the voltage to something the Arduino can handle. Once the Arduino detects a signal, it uses an ESP8266 WiFi module to send an email. The address [Don] used is the email-to-SMS address which results in a text message hitting his phone over the cell network.

The Arduino also needed power. [Don] found a screw terminal on the alarm system circuit board that provided a regulated 12V output. He ran this to another power regulator board to lower the voltage to a steady 5V. This provides just the amount of juice the Arduino needs to run, and it doesn’t rely on batteries. [Don] provides a good explanation of the system in the video below.

For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. The latest is a device from [Samy] that is able to log the keystrokes from Microsoft keyboards by sniffing and decrypting the RF signals used in the keyboard’s wireless protocol. Oh, and the entire device is camouflaged as a USB wall wart-style power adapter.

The device is made possible by an Arduino or Teensy hooked up to an NRF24L01+ 2.4GHz RF chip that does the sniffing. Once the firmware for the Arduino is loaded, the two chips plus a USB charging circuit (for charging USB devices and maintaining the camouflage) are stuffed with a lithium battery into a plastic shell from a larger USB charger. The options for retrieving the sniffed data are either an SPI Serial Flash chip or a GSM module for sending the data automatically via SMS.

The scary thing here isn’t so much that this device exists, but that encryption for Microsoft keyboards was less than stellar and provides little more than a false sense of security. This also serves as a wake-up call that the things we don’t even give a passing glance at might be exactly where a less-honorable person might look to exploit whatever information they can get their hands on. Continue past the break for a video of this device in action, and be sure to check out the project in more detail, including source code and schematics, on [Samy]’s webpage.

Thanks to [Juddy] for the tip!

Put aside all of the projects that use an Arduino to blink a few LEDs or drive one servo motor. [IngGaro]‘s latest project uses the full range of features available in this versatile microcontroller and has turned an Arduino Mega into a fully-functional home alarm system.

The alarm can read RFID cards for activation and control of the device. It communicates with the front panel via an I2C bus, and it can control the opening and closing of windows or blinds. There is also an integrated GSM antenna for communicating any emergencies over the cell network. The device also keeps track of temperature and humidity.

The entire system can be controlled via a web interface. The Arduino serves a web page that allows the user full control over the alarm. With all of that, it’s hard to think of any more functionality to get out of this tiny microcontroller, unless you wanted to add a frickin’ laser to REALLY trip up the burglars!

Remembering passwords is a pain, and there’s a number of devices out there to make it easier. If you’re looking to roll your own, this guide to building a Final Key will walk you through the process.

We talked about the Final Key before. It’s a one button password manager that encrypts and stores your password. It acts as a virtual serial port for configuration. When you hit the button, it becomes a keyboard and types in the correct password.

The creator has no intentions of making this a commercial project for a number of reasons. Instead, easy build instructions are provided based on the Arduino Pro Micro. The 24LC512 EEPROM can be soldered directly to the Arduino by bending out the DIP legs. A few resistors, a button, and an LED finish off the project. The last step is to fill it with hot glue to prevent tampering.

The Final Key firmware is available on Github, and the case can be ordered from Shapeways. If you’re interested in hardware password management, you can also check out the Mooltipass which is being developed on Hackaday.

[Thanks to Lars for the tip!]

[Teatree] tells a sad, sad story about the lost password for his fire safe. The electronic keypad comes with a manufacturer’s code as well as a user selected combination. Somehow he managed to lose both of them, despite storing the user manual safely and sending the passwords to himself via email. He didn’t want to destroy the safe to get it open, and turning to the manufacturer for help seemed like a cop-out. But he did manage to recover the password by brute forcing the electronic keypad.

There is built-in brute force protection, but it has one major flaw. The system works by enforcing a two-minute lockout if a password is entered incorrectly three times in a row. But you can get around this by cutting the power. [Teatree] soldered a relay to each set of keypad contacts, and another to the power line and got to work writing some code so that his Arduino could start trying every possible combination. He even coded a system to send him email updates. Just six days of constant attacking netted him the proper password.

[Stefan] was nervous about putting the secret key for his Amazon Web Services account in his config file. In the security world, storing passwords in plain text is considered a very bad thing. but luckily there are ways around it. [Stefan]‘s solution was to make a hardware security module out of the newest ARM-powered Arduino Due.

The build puts the secret key for [Stefan]‘s AWS account right in the firmware of the Arduino Due (with the security bit on the Arduino flipped, of course). A Python web service then receives sign requests and talks to the Due over a serial port. The Due then signs the request and sends it off to another bit of Python code that handles the AWS API.

Hardware security modules are frequently used by three-letter government agencies to manage cryptography keys and ensure their data are encrypted properly. Instead of a hardware module costing tens of thousands of dollars, [Stefan]‘s only cost the price of an Arduino Due; not too shabby for a hardware security module that can sign more than 2000 requests per second.

Can anyone argue against this being the least-secure hotel room lock on the market? Regular readers will recognize it as an Onity key card lock. A few months back a glaring flaw in the security was exposed that allows these locks to be opened electronically in less than a second. So we are not surprised to hear that a series of hotel room robberies in Houston are suspected to have been performed using this technique.

The image above is from a demonstration video we saw back in October. That hack used an Arduino-compatible chip inside of a dry erase marker as an end-run around the lock’s electronics. It reinforced the warning sound by [Cody Brocious] when he presented the exploit at this year’s Blackhat conference. The barrel jack on the outside of the door lock doubles as a 1-wire communications port and that is how an attacker can gain access. Investigators can find no other means of entry for these thefts.

We applaud one of the victims in this story. At the end of the article she is asked if the information about the Onity flaw should have been kept secret. She said that if there’s a vulnerability that’s not being fixed people have a right to know about it. Bravo [Janet Wolf]!

[Thanks Andrew]