My first purchase from a KeyMe kiosk and I have notes!

KeyMe Kiosk

I have used MinuteKEY before. To easily bypass DO NOT COPY keys quite successfully. Todays errand was more about a quick solution then a security bypass. I was just copying normal keys today.  Here is what i learned.  With MinuteKEY, you could only make batch copies of the same key.  In fact, the MinuteKEY kiosk locked your key into the machine until all the copying is done.  There were zero protections against DO NOT COPY keys.  They do however print keys right there in a variety of styles and colors.

MinuteKey - DO NOT COPY close

MinuteKey - DO NOT COPYMinuteKey Workings
None of that is true with KeyMe.  First off, the interface is much easier to use (despite misleading or outdated instructions).  you can batch different keys at once witch is very handy. They offer to mail you cut keys of different styles, but the only ones cut in the machine are basic brass and brass with a bottle opener.  They offer a novel approach to DO NOT COPY with a Store Employee Check Required screen.  The 3 digit code is cute, but can easily be shoulder surfed.  Apart from that, with the batching of keys, there is no way for the Store Employee to even know which key you are copying at that moment.  Unlike the MinuteKey, nothing is locked in place.  The machine is already ready to scan another key.

KeyMe - Kiosk (close)KeyMe - employee check
Final observation on an interesting feature that i want to investigate further.  KeyMe kiosks allow you to store your key on their system protected by your fingerprint.  That’s just the start.  With the app, you can take a picture of a key and have it printed at a kiosk.  Send keys to friends/family/subordinates though the system.  I will just say that i am both intrigued and terrified by these novel ideas.  what are your thoughts?

Hosted Unifi controller with Let’s Encrypt SSL!

Unifi controller with SSL from Let's Encrypt

I have been consolidating some of my sites onto a single hosted Unifi controller.  Documentation was outdated so I am going to post some useful info here. My original plan was to setup a basic apache2 site, use certbot to generate my certificates and then install them into the Unifi controller. The first frustration is that you cannot simply install the certs you want into the unifi controller.  second frustration, java.  once you get over that, it’s super easy.

I had some issues with the initial migration.  i ended up having to start over.  handy command to remove unifi controller with all it’s configuration and data. apt-get remove unifi --purge Just remember, you will need to reinstall Unifi after. It will be bran new and back to the wizard.

Getting started with SSL, I learned mostly from here.  First create a CSR with unifi through command line…
cd /usr/lib/unifi
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>

this creates unifi_certificate.csr.der and unifi_certificate.csr.pem inside the data directory where you already are (/usr/lib/unifi/).  Now we need to feed the CSR into certbot.  Note that at this point,  i already have apache2 installed with a very simple virutalhost and site setup with the domain i am creating a cert for.  Here is the command to feed the CSR generated by Unifi into certbot to be certified:
certbot certonly --apache --csr /usr/lib/unifi/data/unifi_certificate.csr.der

Certbot will make sure that domain is yours (and your apache config is working) and then output a signed cert and a chain that is almost everything you need to install the certificate back into the Unifi controller.  Still in /usr/lib/unifi/data/ 0000_cert.pem is my signed cert and 0001_chain.pem is my signed cert plus the intermediate certificate. what’s missing is Let’s Encrypt’s Root certificate to validate the intermediate certificate and thus complete the chain of trust.

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL!”

Stepping back into Wireless Security

wifi-crack Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2).  At the time, I assumed the Nest app talked directly to the thermostat.  Not true.  It just needs internet to talk to it’s servers where it receives the commands and preferences from the app.  Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network.  First, I needed to asses which devices, like the Nest, would be unable to make the transition.  Luckily, most of these devices don’t need anything more then internet access.  One was moved to a hard line and the last attached to a Radius capable wireless bridge.  I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!

Continue reading “Stepping back into Wireless Security”

SSL problem, it wasn’t me!

broken keyI just assumed that the problem was related to my recent SSL renewal.  Turns out, Google security recently published Distrusting WoSign and StartCom Certificates and removed them from chrome.  How did I miss this?  It turns out that the SSL on my site has been broken on Chrome for some time.  It must be that I have been using Brave recently as my daily browser.  I moved this site to letsencrypt.org and it’s working fine for everyone now.  I don’t even know how much time I waisted on this one.  wow.

Ubiquiti’s USG router steps up with dual wan support!

I was very excited to discover this feature listed in my Unifi controller today.  You can now repurpose the VOIP port to act as a WAN2.  The ironic part is that i don’t believe the VOIP port serves any actual VOIP function as of yet.  I’ve been recommending these USG routers since I learned of their existence. Unfortunately a lot of my clients want dual WAN and until now, the Unifi Security Gateway fell short.  No longer, Ubiquiti has a really great product line with the Unifi.  I am continuously discovering great new innovation with the latest update to their software, firmware, or cloud platform.  I have been waiting for this!

Unifi WAN2 option

Played with PoisonTap network hijacking tool

Poison Tap in Action

@SamyKamkar made an impressive and terrifying tool.  This simple USB device steals your cookies, poisons your cache, and even persists a web backdoor.  On a locked machine no less!  It depends much on the trust that our computers take for granted.  Trusting a USB device is not up to no good.  Trusting the local network not trying to confuse. We must reexamine this trust going forward.  It didn’t take long to get it up and running, however once you do, you can spend hours tinkering.  (i was working to combine it with @mubix‘s work here)

I am also delighted to have my first Raspberry Pi as a USB device rather then host.  it is certainly exciting to create some new doodads using this dangerous toolkit.

UPDATE

I have since made a version without the cache attack.  I completely failed to steal the poisontap visuals, but TheCodePlayer offers a delightful matrix animation.  next step is to man in the middle ssl too.  I’m turning it into a device that logs everything while connected, but doesn’t persist.

Just participated in my first podcast for Hart Attack!

It was fun, we talked about technology, hacking, and corporate oppression.  Unfortunately, there wasn’t time for hope.  I’ll have to come back on to explain that it’s not all doom and gloom.   Episode 117 airs on Saturday evening.  Downloads available sometime after here.  Here is a link to more shows:

Hart Attack Home

Hart and I have worked together for some time.  He is a mogul of all things horrific.  Now he takes on the horror of the modern day with a political/news podcast.