FierceCIOFierceCIOTechWatchFierceMobileITFierceContentManagementFierceGovernmentIT   FierceVoIPFierceHealthITFierceFinanceIT

The coolest hacks of the year

December 19, 2008 — 3:25am ET | By Paul Mah
Tools
Tags
wi-fi
Robert Graham
RFID
iphone
Hacking
Hackers
Errata Security

As we head into the holidays, everyone is rounding out the year with a series of lists. What caught my attention over at DarkReading--a site that focuses on security issues, was their round up of the coolest hacks of 2008.

We're not talking about web site defacement, zero-day security vulnerability or even the presence of new malware. Rather, we're talking about really innovative hacks that might just affect how we conduct our daily lives. I highlight a couple of the most interesting ones here.

  • Electronic Toll System hack

    A researcher ripped apart one of the popular RFID-based FasTrak toll tags used for highway tolls in the San Francisco Bay Area. To his horror, Nate Lawson discovered the absence of encryption on the RFID tags, which opens the system to cloning and sniffing. Data pertaining to the remaining cash value of a FasTrack is stored at back-end servers, though there is nothing to prevent even a novice with the right equipment from reprogramming the unique identifier for nefarious gains. 

    If you still don't get it, imagine a shoplifter swapping barcodes at the supermarket. However, shenanigans involving barcodes are clearly visible to an alert staff, while swapping an RFID code is far more difficult to uncover. In addition, the open nature of this system makes it possible to track other drivers using this system. As I wrote earlier, I think RFID is due for an overhaul; as the successful hacking of the Mifare Classic RFID technology shows.

  • Remove hacking using the iPhone

    In a scene reminiscent of the latest Batman movie, The Dark Knight, Errata Security had an iPhone equipped with Wi-Fi auditing tools shipped to a remote site to run a penetration test of a client's wireless network. They put TCPdump and Nmap Wi-Fi auditing tools into the iPhone, then overnighted it to the required site. Citing efficiency, CEO Robert Graham noted that, "This was a simple solution that didn't [require] us going on-site."

Next time you receive an unidentified parcel, be careful--especially if it's an iPhone.

For more on this story:
- check out this article from DarkReading

Related Articles:
RFID due for an overhaul
Mifare Classic RFID successfully hacked
Hackers news from FierceCIO

Click here to get the FierceCIO:TechWatch email newsletter for FREE!


Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

To combat spam, please enter the code in the image.