When film all came in rolls, it was fairly easy to play with the frame of the image. Companies like Hasselblad (and many others) made camera backs that would expose longer strips of 35 mm film to create stunning panoramic images in one single shot. [snappiness] wanted to bring that style of camera into the digital age, and ended up with a 2-in-1 Sony-based frankencamera.

Sensors just aren’t readily available in the wide aspect ratio [snappiness] was looking for, and even if they were, bare sensors are hugely expensive compared to consumer cameras. Lacking the budget for high-res scientific CMOS, [snappiness] did what any of us would do, and hacked two Sony A7ii full-frame mirrorless cameras together to get a combined 24x72mm sensor frame.

Conceptually, the hack is really very simple: a 3D print acts like a T-fitting, with the two cameras held parallel off the arms of the T and the lens making the shaft. Inside, the only optics are a pair of mirrors serving as a beam splitter. Each camera sees half the FOV of the lens in its corresponding mirror, which means the images can be stitched together later to make the double-wide pictures [snappiness] is after.

Of course both cameras must be triggered at the same time, but with what looks like a headphone splitter and an aftermarket remote shutter button, that part works perfectly. The optics, not so much– as always with conceptually simple projects, the devil is in the details, and here it’s the mirror alignment where you’ll find Old Nick. [snappiness] made no provision for adjustments, so everything needed to be designed and built with very stringent tolerances. Somewhere along the way, those tolerances were exceeded; as a result, the two cameras don’t share a focal plane.

That means half the composite image will always be out of focus, or that the main lens needs to be refocused and two snaps taken, rather defeating the point the frankencamera. If [snappiness] attempts a version two, perhaps an adjustment mechanism to focus each sensor would be in order. Still, even if it didn’t work perfectly, he’s proven that the idea is sound, and we can’t imagine many people will see this and argue it isn’t a hack.

The world of film did make all of this easier, perhaps– we’ve seen large-format film cameras out of lego, and a panorama made from four full rolls of 35 mm film. If you know of any other great photography hacks– film or digital– don’t hesitate to send us a tip.

youtube.com/embed/60tAma9SN-4?…

hackaday.com/2025/07/31/double…

Sometimes, there are too many choices in this world. My benchtop function generator can output a sine, square, or saw wave anywhere from 0.01 Hz up to 60 MHz? Way too many choices. At least, that’s what we suspect [Phil Weasel] was thinking when he built this Analog 1 Hz Sinewave Generator.

A KiCad rendering of [Phil]’s design[Phil]’s AWG (which in this case stands for Anything as long as it’s a 1 Hz sine Wave Generator) has another unique feature — it’s built (almost) entirely with op-amps. A lot of op-amps (37, by our count of the initial schematic he posted). His design is similar to a Phased Locked Loop (PLL) and boils down to a triangle wave oscillator. While a 1 Hz triangle wave would absolutely satisfy judges of the One Hertz Challenge, [Phil] had set out to make a sine wave. Using a feedback loop and some shaping/smoothing tricks (and more op-amps), he rounded off the sharp peaks into a nice smooth sine wave.

Sometimes we make things much more complicated than we need to, just to see if we can. This is one of those times. Are there much simpler ways to generate a sine wave? Yes — but not exclusively using op-amps! This entry brings stiff competition to the “Ridiculous” category of the 2025 One Hertz Challenge.

hackaday.com/2025/07/31/2025-o…

A universal feature of traveling Europe as a Hackaday scribe is that when you sit in a hackerspace in another country and proclaim how nice a place it all is, the denizens will respond pessimistically with how dreadful their country really is. My stock response is to say “Hold my beer” and recount the antics of British politicians, but the truth is, the grass is always greener on the other side.

There’s one thing here in dear old Blighty that has me especially concerned at the moment though, and perhaps it’s time to talk about it here. The Online Safety Act has just come into force and is the UK government’s attempt to deal with what they perceive as the nasties on the Internet, and while some of its aspirations may be honourable, its effects are turning out to be a little chilling.

As might be expected, the Act requires providers to ensure their services are free of illegal material, and it creates some new offences surrounding sharing images without consent, and online stalking. Where the concern lies for me is in the requirement for age verification to ensure kids don’t see anything the government things they shouldn’t, which is being enforced through online ID verification. There are many reasons why this is of concern, but I’ll name the three at the top of my list.

As always, Ali has you covered.
As anyone who has helped their non technical friends secure their networks will tell you, nothing boosts technical expertise more than presenting a 13-year-old with an online restriction. It’s already been shown how a tech-savvy kid can use an AI generated fake ID to watch online smut, and I am thus certain that the Act just won’t work. Kids will trade ways to get round it just like they traded floppies full of dodgy JPGs in the playground back in the ’90s.

The scope of the Act extends way beyond merely the porn sites you might expect, so your average Brit is going to find themselves uploading their drivers’ licence or passport an awful lot. The probability of a data breach involving all that valuable data will approach one, and all those identities will be compromised. Making more laws won’t stop this happening, after all the very definition of a criminal is a person with a disregard for the law.

And finally, that broad scope is catching all manner of inoffensive and blameless online communities who don’t have the resources to put the age verification and other measures in place. Your classic car forum, a support group for people with mental health problems, even possibly Wikipedia. Of course it’s important to protect children from inappropriate content, but killing the British internet for everyone else shouldn’t be a side effect.

This issue is likely to rumble on for a while in the UK, as at the time of writing a petition for its reform stands around 350k signatures. Thus a further parliamentary debate seems very likely, and no doubt we’ll see a few of our overlords wriggling a little to avoid the inevitable repercussions. You can sign it if you’re a Brit, and meanwhile if you’d like to restore access to the internet that the rest of the world sees, you can join the hordes of Brits running to acquire VPN access.

Palace of Westminster header image: Diliff, CC BY-SA 2.5.

hackaday.com/2025/07/31/when-o…

Sometimes, we’re faced with what should be simple household tasks that we choose to make more difficult. Sure, you could buy a clock, hang it on your wall, and move on with your day, or could spend a week or two building the perfect one. [Nejc Koncan] was in one such situation recently when he needed some new overhead lighting. He wanted hexagonal lights — and since none of the off-the-shelf solutions met his exacting requirements, he built his own.

Unlike most of the cycling RGB hexagonal lighting solutions available on the market, [Nejc] wanted elegant white outlines that he could control via HomeAssistant. After some careful design and quite a bit of trial-and-error, he ended up with a highly modular and very professional-looking installation. The hexagons are constructed from LED strips set into aluminum extrusions, with junction PCBs at each intersection. To complete the look, all of the strips and wiring are hidden by diffusers that slot into the extrusions — and of course, the whole thing is open source.

We see lots of lighting projects here at Hackaday, and even other hexagonal lights — but this might just be one of the most refined. Sometimes it’s worth the extra effort to build a totally over-engineered custom solution.

hackaday.com/2025/07/31/hexago…

It should come as no surprise that the hacker community has embraced the Meshtastic project. It’s got a little bit of everything we hold dear: high quality open source software, fantastic documentation, a roll-your-own hardware ethos, and just a dash of counterculture. An off-grid communications network cobbled together from cheap parts, some of which being strategically hidden within the urban sprawl by rogue operators, certainly sounds like the sort of thing you’d read about it in a William Gibson novel.

But while the DIY nature of Meshtastic is one of its most endearing features for folks like us, it can also be seen as one of its weak spots. Right now, the guidance for those looking to get started is to pick a compatible microcontroller development board, 3D print a case for it, screw on an antenna from AliExpress, flash your creation with the latest firmware, and then spend some quality time with the documentation and configuration tools to actually get it on the air. No great challenge for the average Hackaday reader, but a big ask for the weekend adventurer that’s just looking for a way to keep in touch with their friends while camping.

Quality hardware that offers a turn-key experience will be critical to elevating Meshtastic from a hobbyist’s pastime to something that could actually be fielded for applications such as search and rescue. Plus, let’s be honest, even those of us who like to put together our own gadgets can appreciate a more consumer-oriented piece of hardware from time to time. Especially if that hardware happens to be open source and designed to empower the user rather than hold them back.

Enter the Hacker Pager from exploitee.rs. As the name implies, it’s still very much a device intended for hackers — a piece of hardware designed for the halls of DEF CON rather than trekking through the wilderness. But it’s also an important step towards a new generation of Meshtastic hardware that meets the high standard of quality set by the software itself.

All in One, One For All

Before diving into the device itself, it would be helpful to take a moment to explain how users typically interact with Meshtastic, and what makes the Hacker Pager different.
Connecting an Android phone to Meshtastic via a Heltec V3
Generally speaking, there are two types of Meshtastic devices: stationary nodes placed on rooftops and other vantage points to provide the infrastructure, and mobile nodes that a person would carry with them that allows access the network. This isn’t strictly accurate as each mobile device can also relay messages and contribute to the overall mesh network, but for the purposes of this discussion that’s not really an important distinction.

The mobile nodes are essentially radio modems that connect to your smartphone. You might have one strapped to your backpack, or mounted to the roof of your car. An app on your phone allows you to use the radio to tap into the Meshtastic network, and provides (among other features) an SMS-like interface for sending and receiving messages. This can be a little ungainly if you’re physically plugged into the mobile node, but Bluetooth is also an option.

Now, what makes the Hacker Pager different is that it not only works as gateway device to provide access to the Meshtastic network to a tethered smartphone, but it can also be used as a stand-alone communicator. This approach is truly the best of both worlds, as you get all the functionality of the smartphone application, while also giving you the freedom to subtract the phone from the equation entirely.

hackaday.com/wp-content/upload…

The Hacker Pager isn’t the first Meshtastic device to provide this capability, but at the time of this writing, it’s still one of only a handful of options that offer it. It is however the first one to come in the classic pager form factor, which brings with it a certain nostalgic appeal. The unique layout and interface of the Hacker Pager does come at a cost though; at least for now, it can’t run the mainline Meshtastic firmware and has its own independent fork. But we’ll get back to that in a minute.

Built By Hackers, For Hackers

I mentioned earlier that the Hacker Pager isn’t designed for a rugged environment, but that doesn’t mean it’s a wimp, either. It’s built like a brick, which I mean in the most positive way possible. But more than that, it’s built how a hacker would build it. Laser-cut acrylic panels, 3D printed body and buttons, you can still see how each component could be produced by a well-equipped home gamer should they need or want to.

That’s something we often see get inadvertently overlooked by open source hardware projects, and I’m happy to see that it seems to have remained a guiding principle for the Hacker Pager. It’s no mean feat either — we always release the design files for our annual Supercon badge, but that’s not to say they’ve always been easy to recreate for the hacker who couldn’t make it out to Pasadena. It’s not that we ever intentionally design the badge to be hard to replicate, it can just get away from you sometimes.
Bodge wire not included on production units. Probably.
While going with a larger footprint for some of the components would have made DIY rework a little easier, there’s nothing about the Hacker Pager that would keep you from either building one yourself or using it as a basis for another design. That includes the license, as the hardware side of the project is available under the CERN Open Hardware Licence Version 2.

I could easily see the Hacker Pager becoming another Beepy — an OSHW project that resonates so strongly with the community that it inspires a whole line of clones.

A New Way to Mesh

The firmware for the Hacker Pager is forked from the upstream Meshtastic project, and as such, the device is fully compatible with all the infrastructure that’s already out there. Similarly, when used in conjunction with the official Meshtastic smartphone application, you’ll have all the features and functions you’re used to. But when you use the Hacker Pager on its own, it’s unlike any other Meshtastic device out there.

That’s largely due to the fact that the retro-inspired hardware of the Hacker Pager demands a different sort of user interface than any of the existing Meshtastic devices. The menu system makes excellent use of the vibrant 192×64 pixel monochrome LCD, and banging out messages using the on-screen keyboard and directional buttons is a breeze. Users from the younger generations may need some time to adapt, but for those of a certain age, it feels like home.

hackaday.com/wp-content/upload…

One of my favorite features doesn’t even kick in until you’ve put the Hacker Pager down for a bit. Once the device has hit the user-defined idle timeout, the screen backlight turns off and the screen shifts over to an ambient clock display that also shows critical status information such as battery level, number of nodes in the area, and a new message indicator.

It’s also got the features you’d expect from a modernized pager. You can be notified of incoming messages by the classic audible alert or vibration, naturally. But there’s also 36 addressable RGB LEDs and a dozen UV LEDs that are more than happy to put on a light show each time something hits your inbox.

More Than Idle Talk

Honestly, if everything I’ve just covered was all the Hacker Pager could do, I’d still have come away impressed. But the team at exploitee.rs took things a step further by adding in several tools that should prove useful for anyone who’s into hacking around on Meshtastic or other flavors of LoRa.

The Packet Capture mode (and matching Wireshark plugin) lets you explore the actual communication protocols at work, and the Spectrum Analyzer will visualize anything broadcasting between 850 to 950 MHz and optionally export the results. While there’s no official word on additional tools, it’s not hard to imagine how either exploitee.rs or the community could expand on these capabilities on the future with new functions such as a WiFi or Bluetooth scanner.

Joining the Pager Revolution

If you want your own Hacker Pager, it will set you back $200 for the standard Green/Black model shown here, or $250 for the Special Edition colors (Pink/Black, Orange/Black). Unfortunately, they’re currently out of stock.

We made every effort to time the release of this article to coincide with availability of the Hacker Pager, but folks have been chomping at the bit to pick one up since they were first unveiled last year, and demand was simply too great. Sorry about that.

But don’t worry, you haven’t missed your chance. We’re told that units will be available at DEF CON 33 next week if you’re making the trip out to Vegas, and if not, you can put your email down to be notified when the next batch of Hacker Pagers will be ready to go.

In the meantime, you can read up on the promise of the Meshtastic project and maybe even setup your first node.

hackaday.com/2025/07/31/hands-…

In the formative experiences of most Hackaday readers there will almost certainly be a number of common threads, for example the ownership of a particular game console, or being inspired into engineering curiosity by the same TV shows. A home computer of a TV show may mark you as coming from a particular generation, but there are some touchstones which cross the decades.

Of those, we are guessing that few readers will not at some point have either built, owned, or lusted after a Tamiya model kit at some point over the last many decades, so it’s with some sadness that we note the passing of Mr. Tamiya himself, Shunsaku Tamiya, who has died at the age of 90.

Shunsaku Tamiya
For most of us the word “Tamiya” conjures up an image of a brightly coloured and well illustrated box with the trademark red and blue Tamiya logo containing a model kit, remote controlled car, or other wondrous piece of miniature engineering. Kids’ are shaped by the experiences their toys give them, and while it might seem strange to cite plastic models as a key influence for a hardware hacker, here were toys that could be built in all their intricate detail.

The Tamiya story started in the lumber business, diversifying into wooden toys, and then just like LEGO on the other side of the world from their Shizuoka base, into plastic injection mouldings. Shunsaku Tamiya was famous for his attention to detail and this very much came through in his products.

I learned this first-hand through a professional modeler friend who had the job of making the models featured on British Tamiya packaging. Though she dealt with the British agents of the company and could have spent her entire tenure talking to their marketing department, she found herself dealing with Mr. Tamiya personally. His box models were made by one of the best in the business, but even the quality of the packaging in a distant export market mattered to the boss.

We are sure the Tamiya company will continue to produce the best in plastic modeling, and we envy the kids who are now discovering them for the first time and sharpening an interest in making things that will stay with them for life. Thank you, Shunkasu Tamiya.

hackaday.com/2025/07/31/farewe…

Un’e-mail crittografata può causare l’arresto anomalo immediato del sistema macOS/iOS? La risposta è SI!

Non si tratta di un complotto di fantascienza, ma di un attacco reale, come rivelano gli ultimi risultati delle ricerche di Alibaba Security. Per prevenire efficacemente questo tipo di attacco, Alibaba Security e l’Università dell’Indiana a Bloomington hanno esplorato e scoperto congiuntamente un vettore di attacco per rilevare potenziali problemi di sicurezza DoS (Denial-of-Service) nelle librerie di algoritmi crittografici: certificati X.509 malformati.

Hanno quindi condotto una serie di ricerche su problemi correlati nelle librerie di algoritmi crittografici basate su questo vettore. Questo risultato è stato reso pubblico alla conferenza USENIX Security’25 ed è stato candidato ai Pwnie Awards, gli “Oscar del mondo degli hacker”.

Utilizzando certificati X.509 malformati, i ricercatori hanno condotto esperimenti su sei librerie di algoritmi crittografici open source tradizionali: OpenSSL, Botan, Bouncy Castle, Crypto++, GnuTLS e phpseclib, nonché su una libreria crittografica Security progettata specificamente per l’ecosistema Apple.

Sono state scoperte 18 nuove vulnerabilità CVE e identificate 12 vulnerabilità CVE note .

I certificati digitali X.509 sono le “carte d’identità” del mondo online

Con l’ampia diffusione di Internet, le problematiche relative alla sicurezza delle reti stanno diventando sempre più importanti. Per garantire la sicurezza e l’affidabilità delle comunicazioni di rete, i certificati digitali sono diventati uno strumento fondamentale per garantire l’autenticazione dell’identità e la sicurezza dei dati.

Un certificato digitale è come una “carta d’identità” nel mondo online. Viene rilasciato da un’organizzazione terza affidabile (chiamata autorità di certificazione, CA) e viene utilizzato per verificare l’identità di entrambe le parti in comunicazione e garantire che le informazioni non vengano manomesse durante la trasmissione.

Attualmente, X.509 è uno degli standard di certificazione digitale più ampiamente adottati a livello internazionale. Definisce la struttura e il contenuto di base di un certificato, inclusi campi quali informazioni sul soggetto, chiave pubblica, algoritmo di firma e periodo di validità, e supporta meccanismi di verifica della catena di certificati, creando così un’infrastruttura a chiave pubblica (PKI) affidabile.

Inoltre, i certificati X.509 sono diventati una componente fondamentale della moderna sicurezza di rete, utilizzati in vari protocolli (come TLS e S/MIME) per garantire la sicurezza delle comunicazioni. Anche i sistemi operativi moderni (come macOS e iOS) utilizzano i certificati X.509 per la verifica delle firme, garantendo l’autenticità e l’integrità delle applicazioni.

Risoluzione dei problemi di tipo DoS con certificati X.509 non validi

Le API relative alla crittografia sono spesso complesse nella progettazione, e molti sviluppatori non hanno conoscenze specifiche in materia. La contraddizione tra i due aspetti porta a un frequente uso improprio delle API di crittografia nella pratica, il che ha spinto la ricerca esistente a concentrarsi su come contrastare al meglio l’uso improprio delle API di crittografia.

Tuttavia, anche se gli utenti rispettano rigorosamente le specifiche di utilizzo e chiamano correttamente l’API in una libreria crittografica, potrebbero comunque verificarsi rischi per la sicurezza dovuti a problemi di sicurezza nell’implementazione dell’API stessa.

La ricerca attuale sui problemi di sicurezza nelle implementazioni crittografiche si concentra principalmente sulla riservatezza (come gli attacchi side-channel) e sull’integrità (come le collisioni hash) nella tripletta CIA (riservatezza, integrità e disponibilità), mentre viene prestata meno attenzione ai problemi di disponibilità. Tuttavia, il team di ricerca ha notato che le librerie crittografiche sono spesso più vulnerabili agli attacchi DoS rispetto ad altri tipi di progetti a causa delle due caratteristiche seguenti:

• L’implementazione di librerie crittografiche spesso comporta operazioni su “grandi numeri” (ad esempio, operazioni su un campo finito che coinvolgono un numero primo a 1024 bit). Tali operazioni e i loro ordini di grandezza sono relativamente rari nei progetti non crittografici.
• L’implementazione di librerie crittografiche spesso comporta l’elaborazione di vari tipi di dati (come ASN.1) e regole di codifica (come la codifica DER). La progettazione di questi schemi è spesso complessa ed è facile commettere errori durante il processo di implementazione.

Per convalidare ulteriormente questa osservazione, il team di ricerca ha condotto un’analisi sistematica delle implementazioni di codice in diverse librerie crittografiche vulnerabili agli attacchi DoS. Nel processo, hanno dimostrato la fattibilità dell’utilizzo di certificati X.509 malformati come vettore di attacco per sfruttare e rilevare problematiche di tipo DoS nelle librerie crittografiche.

I principali contributi di questo lavoro includono i seguenti tre punti:

• Analisi sistematica e nuove scoperte : hanno condotto la prima analisi sistematica delle librerie di algoritmi crittografici vulnerabili agli attacchi DoS. Così facendo, hanno scoperto tre nuovi rischi per la sicurezza di tipo DoS e hanno rivelato un vettore di attacco comune, ovvero certificati X.509 malformati, per sfruttare le vulnerabilità DoS associate a dieci rischi tipici identificati in questo studio.
• Sviluppo di strumenti automatizzati + Individuazione e sfruttamento delle vulnerabilità : hanno sviluppato uno strumento automatizzato chiamato X.509DoSTool, che può essere utilizzato per generare rapidamente certificati malformati specifici e rilevare vulnerabilità DoS nelle corrispondenti implementazioni delle librerie crittografiche. Utilizzando questo strumento, hanno scoperto con successo 18 nuove vulnerabilità e identificato 12 vulnerabilità note. Hanno inoltre verificato queste vulnerabilità in scenari reali e scoperto nuovi metodi di sfruttamento remoto sulle piattaforme macOS e iOS.
• Modellazione delle minacce e strategie di mitigazione : attraverso la modellazione delle minacce e i risultati sperimentali, hanno dimostrato che l’attacco DoS X.509 è una minaccia diffusa, ma finora poco studiata, nel mondo reale. Sulla base di ciò, hanno ulteriormente analizzato le cause profonde degli attacchi DoS X.509 e proposto strategie di mitigazione praticabili per aiutare gli sviluppatori a migliorare la sicurezza dei loro sistemi.

Questa sezione è dettagliata nella Sezione 1 dell’articolo. Inoltre, per comprendere meglio il contenuto dei capitoli successivi, si consiglia ai lettori di fare riferimento all’introduzione alle conoscenze di base nella Sezione 2 dell’articolo per una maggiore comprensione degli aspetti matematici delle curve ellittiche, di ASN.1 e di X.509.

La ricerca di Alibaba Security

In questo lavoro, i ricercatori concentrandosi su questo attacco, hanno ulteriormente analizzato i meccanismi e i metodi di sfruttamento di una serie di vulnerabilità legate ai rischi DoS nelle librerie crittografiche. Utilizzando strumenti automatizzati, hanno scoperto 18 nuove vulnerabilità in sette importanti librerie crittografiche. Hanno poi dimostrato queste vulnerabilità in due scenari reali: l’handshake TLS reciproco sui siti web HTTPS e la verifica della firma sui sistemi macOS/iOS di Apple.

I risultati sperimentali dimostrano la fattibilità dei certificati X.509 malformati da loro creati nel rilevare e sfruttare le vulnerabilità DoS nelle librerie crittografiche. Rivelano inoltre che gli attacchi DoS X.509 rappresentano una minaccia alla sicurezza diffusa ma poco studiata, meritevole di maggiore attenzione. Discutono inoltre le cause profonde di questi attacchi e propongono una serie di possibili strategie di mitigazione.

In futuro, il team di ricerca spera che questo lavoro possa accrescere ulteriormente la consapevolezza della comunità della sicurezza in merito alle vulnerabilità crittografiche e ai metodi di attacco e ispirare più ricercatori a esplorare meccanismi efficaci di rilevamento e difesa, promuovendo congiuntamente la costruzione di sistemi crittografici e proteggendo la sicurezza degli utenti.

L'articolo Bug da Oscar per macOS/iOS! Un’email crittografata causa l’arresto anomalo del device proviene da il blog della sicurezza informatica.

E’ stato segnalato da Group-IB che un Raspberry Pi con supporto 4G e’ stato sfruttato dal gruppo di pirati informatici UNC2891, conosciuto anche con il nome di LightBasin, al fine di superare le misure di sicurezza e accedere alla rete della banca. Attraverso la connessione allo stesso switch di rete del bancomat, il computer a scheda singola ha creato un varco nella rete interna della banca, permettendo ai malfattori di operare in modo laterale ed installare delle backdoor.

I ricercatori, che hanno individuato la violazione durante l’esame di operazioni sospette sul sistema informatico della banca, hanno rilevato che l’attacco era finalizzato ad alterare l’autorizzazione dei terminali di prelievo automatico e ad effettuare operazioni di ritiro di denaro.

Sebbene l’attacco LightBasin sia fallito, i ricercatori sottolineano che l’incidente è un raro esempio di attacco ibrido avanzato (che combina accesso fisico e remoto) che ha utilizzato anche più metodi anti-forensi. Il gruppo LightBasin, attivo dal 2016, non è il primo ad attaccare i sistemi bancari. Ad esempio, già nel 2022, gli esperti di Mandiant avevano segnalato l’allora nuovorootkit Unix Caketap, creato per funzionare sui sistemi Oracle Solaris utilizzati nel settore finanziario.

I ricercatori hanno quindi concluso che l’obiettivo finale di Caketap era quello di intercettare i dati di verifica delle carte di credito e i PIN dai server degli sportelli bancomat hackerati e poi utilizzare tali informazioni per effettuare transazioni non autorizzate. I messaggi intercettati da Caketap erano destinati a un Payment Hardware Security Module (HSM), un dispositivo hardware antimanomissione utilizzato nel settore bancario per creare, gestire e convalidare chiavi crittografiche per PIN, bande magnetiche e chip EMV.

Nell’attacco scoperto da Group-IB, i partecipanti a LightBasin hanno ottenuto l’accesso fisico a una filiale bancaria anonima, autonomamente o corrompendo un dipendente, che ha aiutato gli hacker a installare un Raspberry Pi con un modem 4G sullo stesso switch di rete del bancomat. Ciò ha permesso agli aggressori di mantenere un accesso remoto costante alla rete interna della banca, bypassando i firewall.

Sul Raspberry Pi era installata una backdoor TinyShell, che l’aggressore ha utilizzato per creare un canale di comunicazione con il server di comando e controllo tramite una rete mobile. Nelle fasi successive dell’attacco, gli aggressori si sono spostati sul Network Monitoring Server, che aveva ampie possibilità di connettersi al data center della banca.

Da lì, gli aggressori si sono spostati su un server di posta che aveva accesso diretto a Internet e che è rimasto presente sulla rete dell’organizzazione anche dopo che il Raspberry Pi è stato scoperto e rimosso. Le backdoor LightDM utilizzate dagli aggressori, imitavano gli accessi legittimi sui sistemi Linux. Un altro elemento che ha contribuito all’elevato grado “stealth” è stato il montaggio di file system alternativi (tmpfs ed ext4) sui percorsi /proc/[pid] dei processi dannosi. Ciò ha permesso di nascondere i metadati associati agli strumenti forensi.

Secondo i ricercatori, l’obiettivo finale degli aggressori era quello di distribuire il rootkit Caketap, ma il piano è stato sventato quando l’attacco è stato scoperto.

L'articolo Mr Robot Insegna: un Raspberry Pi con supporto 4G usato dagli hacker per accedere alla rete di una banca proviene da il blog della sicurezza informatica.