Sofia Kelly

Sofia Kelly

1553065466

Viva la Vita Vida OR How To Hack PlayStation Vita

Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will be broken into two segments: software and hardware. First, we will give some background on the proprietary security co-processor we deem F00D, how it works, and what we had to do to reverse an architecture with minimal public information. Next, we will talk about hardware attacks on a real world secure hardware and detail the setup process and the attacks we were able to carry out. This talk assumes no prior knowledge in hardware and a basic background in system software. Focus will be on the methods and techniques we’ve developed along the way.

How do you hack a device running a full featured, security hardened, and completely proprietary operating system executed on a custom designed SoC? Although the PlayStation Vita did not reach the market success of its contemporaries, it was a surprisingly solid device security-wise. Sony learned from the mistakes of PS3 and PSP and there were (mostly) no “FAIL” moments. It carried exploit mitigations that are standard today but groundbreaking for a “popular” device in 2012: SMAP, kernel ASLR, &gt 2 security domains, and more. Molecule was the first group to run unsigned code on the device as well as the first to hack kernel mode and TrustZone. However, to target the security co-processor (F00D), we need to bring out the big guns. Using a highly customized version of the popular ChipWhisperer hardware, we carried out hardware attacks on the device including fault injection (glitching) and side channel analysis. In a board with twelve layers, dozens of unknown ICs, and hundreds of passives, how do you even begin to attack it without any information? We will start with the basics: a whirlwind tour of the theory behind the attacks. Then we will move to the practical application: mapping out the power domains of a SoC, soldering tips for microscopic points, finding a good trigger signal, finding a glitch target, and searching the right parameters. Finally, if time permits, we will also talk a bit about how to extend our existing setup to perform side channel analysis with a few modifications.

It is unfortunate that the Vita was such a niche device, but we hope this talk will inspire more people to pick it up. The Vita is dead, long live the Vita!

Social Network for Developers ☞ https://morioh.com

Developers Chat Channel ☞ https://discord.gg/KAe3AnN

Learn to code for free and get a developer job ☞ https://codequs.com/

#security #game-development

What is GEEK

Buddha Community

Viva la Vita Vida OR How To Hack PlayStation Vita
Tech Hub

Tech Hub

1628430590

How to find WiFi Passwords using Python 2021|Hack WiFi Passwords|Python Script to find WiFi Password

Hack Wifi Passwords easily..

https://youtu.be/7MwTqm_-9Us

 

#wifi #python #passwords #wifipasswords #linux #coding #programming #hacking #hack

#wifi #hack #using #python #python #hacking

Sofia Kelly

Sofia Kelly

1553065466

Viva la Vita Vida OR How To Hack PlayStation Vita

Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will be broken into two segments: software and hardware. First, we will give some background on the proprietary security co-processor we deem F00D, how it works, and what we had to do to reverse an architecture with minimal public information. Next, we will talk about hardware attacks on a real world secure hardware and detail the setup process and the attacks we were able to carry out. This talk assumes no prior knowledge in hardware and a basic background in system software. Focus will be on the methods and techniques we’ve developed along the way.

How do you hack a device running a full featured, security hardened, and completely proprietary operating system executed on a custom designed SoC? Although the PlayStation Vita did not reach the market success of its contemporaries, it was a surprisingly solid device security-wise. Sony learned from the mistakes of PS3 and PSP and there were (mostly) no “FAIL” moments. It carried exploit mitigations that are standard today but groundbreaking for a “popular” device in 2012: SMAP, kernel ASLR, &gt 2 security domains, and more. Molecule was the first group to run unsigned code on the device as well as the first to hack kernel mode and TrustZone. However, to target the security co-processor (F00D), we need to bring out the big guns. Using a highly customized version of the popular ChipWhisperer hardware, we carried out hardware attacks on the device including fault injection (glitching) and side channel analysis. In a board with twelve layers, dozens of unknown ICs, and hundreds of passives, how do you even begin to attack it without any information? We will start with the basics: a whirlwind tour of the theory behind the attacks. Then we will move to the practical application: mapping out the power domains of a SoC, soldering tips for microscopic points, finding a good trigger signal, finding a glitch target, and searching the right parameters. Finally, if time permits, we will also talk a bit about how to extend our existing setup to perform side channel analysis with a few modifications.

It is unfortunate that the Vita was such a niche device, but we hope this talk will inspire more people to pick it up. The Vita is dead, long live the Vita!

Social Network for Developers ☞ https://morioh.com

Developers Chat Channel ☞ https://discord.gg/KAe3AnN

Learn to code for free and get a developer job ☞ https://codequs.com/

#security #game-development

Einar  Hintz

Einar Hintz

1594638720

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose.

The vulnerabilities stem from the SETracker application, which is developed by Chinese developer 3G Electronics (based out of Shenzhen City). The app, which is available on iOS and Android and has been downloaded over 10 million times, is used to power various third-party smartwatch devices. These smartwatches are utilized by elderly patients with dementia who need reminders for taking their medication and to carry out everyday tasks. The apps are also used by parents to track their children – expanding the impact of the security issues.

“Is this yet another cheap Chinese kids GPS watch story? No, this is much more than just kids watches. The SETracker platform supports, automotive trackers, including both car and motorcycle, often embedded in audio head units and dementia trackers for your elderly relatives,” said Vangelis Stykas, with Pen Test Partners, in a Thursday post. “The vulnerabilities discovered could allow control over ALL of these devices.”

Researchers discovered an unrestricted server-to-server application programming interface (API) behind the app that allowed them to carry out a number of malicious activities. Specifically, the API had no authentication required to send commands, other than the requirement of a semi-random string that was already hardcoded to the code. That means a remote, unauthenticated attacker could send commands freely as if they were on a “trusted” server, said researchers.

“This was trivial to discover, all we had to do was just read through the compiled javascript code in the node file to understand what the API was doing,” said Stykas. “With no API restrictions and knowing the API structure we could take over all the devices.”

This issue allows an attacker – who knows the device ID of the smartwatch – to make a device call for any phone number or send SMS with any text from the watch, spy on any smartwatch, or fake a message from a “parent” to the smartwatch or access its camera. Worse, an attacker could send a “TAKEPILLS” command to the smartwatch that uses the app, to remind a relative to take medication (even if the target already took his pills).

#hacks #iot #3g electronics #credentials #exposed password #hack #hacking #internet of things #mobile app #setracker #smartwatch

jade margaret

1620803373

How to exchange the Vitae token (Vitae) in India?

VITAE is a utility token for vitae.co social media rewards platforms that were started in 2018 in Switzerland. You may Join the Vitae Social Media Platform using the Vitae token and get Income. Vitae uses a network of Masternodes/ Supernodes, Staking, for decentralized governance and promotes enhanced transaction privacy.

Vitae covers a unique revenue model, secure the privacy of its members, ad-free timelines, and freedom of speech within a self-regulating community.

**Vitae goal
**

The Vitae goal is to grow global prosperity. They allow people to take control of their own lives. They use a lot of vitae tokens to achieve financial freedom efficiently.

**Today Vitae Tokens Details
**

Vitae Toke Current value: $3,115,316 USD
Market cap: $31,108,745 USD
Circulating supply: 19,471,178 VITAE coins
Maximum supply: 100,000,000 VITAE coins.

**The benefit of Vitae token
**

A Vitae token is a proof of stake utility token that is to be used on the Social Media application, to permit access to the products and/or services given by a vitae. co.

The Vitae token is confirmed with a high-tech blockchain technology that will work as the only payment method on the vitae platform.

All transactions within the social media platform carry out on the Vitae token. It allows smooth and secure transactions.

**Where can we buy or sell VITAE tokens?
**

You can easily buy and sell the Vitae token on leading cryptocurrency exchange platforms that are available on the market. Koinbazar is one such best cryptocurrency exchange website in India. It is easy for you to get Vitae tokens with Indian Rupee. You can easily sell your VITAE in exchange for INR (Vitae/INR) on Koinbazar.

**Here are the reasons why you should use Koinbazar:
**

Buy and Sell Cryptocurrency in a Matter of Seconds
Safe Koinbazar Wallet
Extra Referral and Rewards Program
Instant KYC Approval
Simple and Secure Vitae Trading UI
Easy to trade for beginner and professional
Electric Auto-matching Engine

**Start your trading now !!!
**

#vitae #vitaetoinr #vitae/inr #vitae-inr

Ron  Cartwright

Ron Cartwright

1603526400

Researcher: I Hacked Trump’s Twitter by Guessing Password

Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”.

That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most basic two-factor authentication (2FA), exposing major flaws in the digital security surrounding the President.

While Threatpost has not been able to independently verify the veracity of Gevers’ claim of the Oct. 16 hack of Trump’s Twitter, several professionals have analyzed screenshots and vouch for their authenticity, according to Dutch magazine Vrij Nederland, which added that Gevers works for the Dutch government by day and runs the ethical hacking GDI Foundation in his spare time — and so is well regarded within the country’s security community.

Twitter Safety & 2FA

Twitter, however, said it is dubious about the report.

“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a Twitter spokesperson said in a statement responding to Threatpost’s inquiries. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”

An announcement on Sept. 17 from Twitter Safety said the company was sending in-app notifications “requiring” or “strongly recommending” enhanced security measures, including a requirement for a strong password, to members of government and journalists in the run-up to the election.

The policy goes on to “strongly encourage” these accounts enable 2FA but does not say it’s a requirement.

2FA requires users have a one-time generated code, sent by email or text, which needs to be entered to login. This keeps bad actors from accessing the account even if they have the username and password.

Duty to Report

Gevers said that after he successfully hacked the president’s Twitter account he went to great lengths to report the vulnerability, sending emails, screenshots and social-media messages to various U.S. government entities through Twitter, Parler and other platforms, de Volkskrant reported. Days later, he found the 2FA to be in place and two days after that, he received a friendly email from the Secret Service thanking him.

While that didn’t do much to explain how it came to be that Trump didn’t have basic protections on his Twitter account, Gevers speculated to de Volkskrant that it has something to do with his age, adding, “…elderly people often switch off two-step verification because they find it too complicated.”

This isn’t the first time Gevers was reportedly able to commandeer the infamous Twitter handle. In 2016, he was part of a group of self-described “grumpy old hackers” who accessed Trump’s Twitter account by guessing the password “yourefired,” Vrij Nederland reported. The group tried to alert team Trump that, “he had his digital fly open,” with no response at the time, Vrij Nederland added.

Gevers told de Volkskrant that it was recent headlines about presidential candidate Joe Biden’s son, Hunter Biden being hacked that inspired him to start spot-checking accounts for U.S. political figures.

“Doing spot checks, that’s my work: Look for any leaks in security,” he said. When he got to Trump’s account, he tried a few variations, expecting to get locked out after the fourth failed attempt, instead he hit the jackpot on try number five, according to de Volkskrant.

Gever’s reaction, according to Vrij Nederland? “Not again!”

Election & Data Security

This report comes at a time when U.S. law-enforcement officials warn Russia and Iran are actively engaging in election interference through hacked voter-registration information.

Cybercriminals are “going after the minds of the American people and their trust in the democratic institutions that we use to select our leaders, “Matt Olney, director of Talos’ Threat Intelligence and Interdiction at Cisco told Threatpost this week.

The good news is that the public is getting smarter about information security.

“Everybody has a role in election security,” Olney explained. “And that includes the election community who have gone at that problem aggressively over the last four years; [and] the public, which has largely adopted a more skeptical eye towards information as it comes out, for better or worse.”

#breach #hacks #web security #2fa #dutch researcher #hack #password #trump #trump hack #twitter #two factor authentication #victor gevers #weak password