[Matikas] apparently forgets to lock the screen on his computer when he gets up to grab a coffee. And he apparently works with a bunch of sharks: “If you don’t [lock it], one of your colleagues will send email to the whole company that you invite them to get some beer (on your bill, of course).” Not saying we haven’t done similar, mind you. Anyway, forgetting to lock your screen in an office environment is serious business.
So [Matikas] built a great system that remotely types the keystrokes to lock his screen, or unlock it with his password. An off-the-shelf 433 MHz keyfob is connected to an Arduino micro that simulates a keyboard attached to his computer. It’s a simple system, but it’s a great effect. (See the video demo, below.)
But as a security device, it’s horrendous. Some el-cheapo keyfobs available on eBay don’t use rolling codes — anyone with a similar keyfob receiver will be able to listen in to the transmission, set some DIP switches, and replay it trivially. Even if it does use a rolling code, if anyone in your office plays around with RTL-SDRs, you may still be essentially broadcasting your password to everyone.
The second failure point is that [Matikas]’s password is stored in EEPROM on the Arduino. That’s a bit better than writing it on a sticky-note under the keyboard, but not against adversaries with an AVR programmer. By the time he’s taking his first sip of coffee, we’d be logged in and he’d be buying the beer.
Security aside, this is good fun, and it’s pretty cool to lock and unlock your computer with a car remote. And we’re sure that’s the right spirit in which to take it. Sometimes fun is more fun than paranoia. But maybe not if you work in an office like [Matikas]’s.
Filed under: security hacks
No comments:
Post a Comment