Wednesday, October 17, 2012

Pacemaker hack can deliver deadly 830-volt jolt

Pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device companies.
The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other medical equipment such as insulin-delivery devices.
Security researcher Barnaby Jack of IOActive revealed new research on Wednesday that showed pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device manufacturers.
Image credit: Breakpoint
Jack, who spoke at the Breakpoint security conference in Melbourne on Wednesday, said the flaw lies with the programming of the wireless transmitters used to give instructions to pacemakers and implantable cardioverter-defibrillators (ICDs), which detect irregular heart contractions and deliver an electric shock to avert a heart attack.
A successful attack using the flaw "could definitely result in fatalities," said Jack, who has notified the manufacturers of the problem but did not publicly identify the companies.
In a video demonstration, Jack showed how he could remotely cause a pacemaker to suddenly deliver an 830-volt shock, which could be heard with a crisp audible pop.
As many as 4.6 million pacemakers and ICDs were sold between 2006 and 2011 in the U.S. alone, Jack said. In the past, pacemakers and ICDs were reprogrammed by medical staff using a wand that had to pass within a couple of meters of a patient who has one of the devices installed. The wand flips a software switch that would allow it to accept new instructions.
But the trend is now to go wireless. Several medical manufacturers are now selling bedside transmitters that replace the wand and have a wireless range of up to 30 to 50 feet. In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said.
With that wide transmitting range, remote attacks against the software become more feasible, Jack said. Upon studying the transmitters, Jack found the devices would give up their serial number and model number after he wirelessly contacted one with a special command.
With the serial and model numbers, Jack could then reprogram the firmware of a transmitter, which would allow reprogramming of a pacemaker or ICD in a person's body.

Friday, October 12, 2012

How to configure/use ProRat Trojan to hack someone's PC (Free download and instructions)

I have already written a post on hacking into someone's PC which was using Beast Trojan, you can check that by clicking here, and this time, i will show you how to configure ProRat Trojan to hack into your victim's computer. ProRat is also a Trojan making program which is similar to Beast Trojan but in compare to Beast, ProRat is much better.
  • It can connect to the server more faster.
  • It has more features/functions to play with your victim's PC.
  • Easy to configure.
Lets start the Tutorial:
  • Download ProRat and extract anywhere in your PC.
  • Now run ProRat.exe and then click on Create- Create ProRat Server (342 Kbayt)
  • From the Notifications tab, in the first option "Use ProConnective Notification" type your IP address. (If you don't know your IP address, simply click on the red arrow and it will automatically fill your IP address).
  • Now in the second option "Use Mail Notifications" type your Email address where you want to receive notification when the server is installed on your victim's PC.
  • In the General Settings Tab, leave as it is but don't forget to remember the password. You will be required to enter the password at the time of connection. 
  • Now come to the Bind with File tab. Mark the box "Bind server with a file" and then click on Select File. Now select any file you want to bind with the server.(Binding means combining two files into one)
  • You can also change the extension of the server if you want by going to the Server Extensions tab.
  • Now click on Server Icon tab and select an icon for the bind files. Choose the icon wisely. If your have bind the server with some program, then select the setup icon or if your have bind the server with an image file, than select an image icon.
  • Finally click on Create Server.

Now the server will be created in your current directory (the extracted folder). Send or give the server to your victim and once your victim runs the bind file in his PC, the server will be installed silently on your victim's PC. After the server is installed on your victim's PC, the server will send you an email on your given email ID to confirm you that it's been installed successfully on the victim's PC. After getting the email, run ProRat again, then click onProConnective and then click on Start to list the ProConnective connections. After then, a new window will open which will show you weather your victim is online on not.

 Happy HACKING :-)

Thursday, October 11, 2012

How to Hack WhatsApp Messenger

This hack can remotely wipe your Samsung Galaxy S III

galaxy-s3-hack.jpgIt's bad enough when you clumsily manage to wipe a few odd bits of data off your phone by accident. But what if your entire phone was wiped, AND your SIM-card killed, remotely by hackers without you being able to do a single thing to stop them?
That's the issue being faced currently by owners of the Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance and Galaxy Ace. Nearly all of Samsung's major Android releases have been shown to be susceptible to a malicious hack that will see the entire contents of a user's phone wiped clean.
The hack was outed by Ravi Borgaonkar at the Ekoparty security conference, detailing a simple USSD code (easily sent through a website, QR code or NFC pairing) that would perform an unstoppable, irreversible factory reset on affected handsets.
As well as the wipe, the hack can also be paired with another attack that breaks SIM-cards, meaning that even if you've got contact data backed up on the card, it too could be lost.
The problem seems to lie with an exploit in Samsung's TouchWiz UI, which sees the handset run the code automatically rather than screen it first. Stock Android only shows the code in the dialler screen, and as a result the Samsung Galaxy Nexus (running stock, vanilla Android) is not affected.
So, how best to defend against the potential attack? As ever, be wary of clicking links that you don't completely trust, but also switch off automatic site loading in whichever QR and NFC readers you're using.
Check out the video below to see the hack in action:

Hack A Kindle To Work With A Raspberry Pi

Your ereader isn’t the most exciting device you could use as a monitor, but it’s a minimal solution that could come in handy when you’re on the road. Damaru over at Ponnuki shows us how to turn a Kindle into a display using a Raspberry Pi.
Using the Kindle as a screen, Damaru use a Raspberry Pi, a couple of USB cables and a keyboard to create a very minimal little computer. You do have to jailbreak the Kindle for this to work, but the rest of the process is pretty simple.
From there, you only need to run a few things to get screen-sharing to work, create a system for automatic login, and you’re done. It’s about as minimal of a working environment as you can get. If you want to give it a shot yourself, head over to Ponnuki for the full guide.