Hackberry PIs and Other Hacker Things – PSW #887

Paul Asadoorian

1. DisruptorX V2 – An ESP32-based BLE penetration testing device with Sour Apple exploit mode – CNX Software
2. This new Arch Linux tool takes the hassle out of keeping packages up to date – here’s how
3. BadCam: Now Weaponizing Linux Webcams

   Remind me to tell you all about BadCAM!

4. Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025
5. How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes
6. Linux Secure Boot Safe Despite Upcoming Microsoft UEFI Key Expiry
7. Packet Power EMX and EG Authentication Bypass (CVE-2025-8284): Brief Summary and Patch Guidance – ZeroPath Blog

   No authentication is a problem: "CVE-2025-8284 is a direct result of missing authentication enforcement in the Packet Power Monitoring and Control Web Interface for EMX and EG devices running firmware versions prior to 4.1.0. The web interface, accessible over HTTP (typically port 80), allows users to view and manipulate all device monitoring and control functions. In affected versions, there is no requirement to present credentials or authenticate in any way before gaining full access. This is classified as CWE-306 (Missing Authentication for Critical Function)."

8. I Built an AI Hacker. It Failed Spectacularly

   I believe we are approaching a point where we will be able to build our own AI/LLM models to enhance and assist with many security tasks, such as scanning, penetration testing, and attack surface monitoring. We're not there yet, but I see examples every week where someone is trying to build something that cybersecurity vendors are charging big bucks. There are benefits and drawbacks to both approaches, but I bet with some time and technology advancements we will get there...

9. Flipper Zero DarkWeb Firmware Bypasses Rolling Code Security

   I did see demos where just using a Flipper Zero with no add-ons they were able to receive a transmission from a keyfob and unlock the vehicle. While this is bad, it does render the keyfob useless and an attacker still has to figure out how to start the vehicle. However, our original assessment was correct: we have a vehicle security problem on our hands. Its only a matter of time before this gets leaked and we can all do it.

10. I replaced Windows 11 with Linux on this mini PC, and it’s already paying off for my workflow

    Linux for the win! I will say, running an operating system is not without its drawbacks. It is truly personal preference, but I still prefer Linux.

11. GitHub – rubenformation/CVE-2025-50154: POC for CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch

    This is something I would like to test, very interesting exploit that allows attackers to grab credentials for pivoting in the network.

12. LILYGO T-LoRa Pager is an ESP32-S3 handheld with support for text messaging, AI motion detection, and NFC – CNX Software

    This looks like neat device.

13. Starbucks asks customers in South Korea to stop bringing printers and desktop computers into stores as workers transform cafes into remote offices

    Too funny! Also, work from home is not the same as work from Starbucks, could you be hacked more easily? This is right out of a playbook from 20 years ago...

14. Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images

    Yes, older Docker images contain vulnerabilities, including XZ utils backdoors. Also, MOST of the Docker images on Dockerhub contain vulnerabilities and some even with backdoors. This is not new, its a problem that has existed since the first container was made public. If you are still using public Docker images without any sort of scrutiny, you will be susceptible to these attacks. The best things to do are 1) Build your own Docker containers and maintain them yourself or 2) use Docker images from trusted sources that take the time and effort to weed out any vulnerabilities and/or backdoors.

15. End Of The Eternal September, As AOL Discontinues Dial-Up

    Who was still using AOL dial-up?

16. GitHub – geo-tp/ESP32-Bus-Pirate: A Hardware Hacking Tool with Web-Based CLI That Speaks Every Protocol

    I am excited to test this, Bus Pirate but running on a few different ESP32 devices (which I happen to own).

Jeff Man

1. Perplexity offers to buy Google’s Chrome browser for $34.5 billion

   Who knows if this will go through, but it's certainly an interesting (potential) development.

2. Google Confirms Data Breach – Notifying Users Affected By the Cyberattack

   Nothing to see here - just basic (mostly public) information (reportedly 2.55 million records' worth). Google reported that the threat actor group "ShinyHunters" leveraged social engineering techniques (primarily vishing) to gain access.

3. Series of Major Data Breaches Targeting the Insurance Industry

   More social engineering. Unconfirmed, but Crowdstrike and Mandiant are pointing to Scatter Spider as the culprit, or at least that they are targeting large insurance companies. Reportedly breached - Allianz Life, Aflac, Erie.

4. Airline Data Breach Warning — Air France And KLM Confirm Cyber Attack

   Mostly personal information stolen that could be used in later attacks, but reportedly no sensitive data such as passwords, travel details, Flying Blue miles, passport or credit card information was stolen. The source of the breach is reportedly an external platform used for customer service.

5. A Special Diamond Is the Key to a Fully Open Source Quantum Sensor

   Was chatting with Mark Carney last week at DEF CON. He shared this article with me - looks pretty intriguing for those that like to buy cool gadgets Paul, Larry.... the goal is to put quantum computing into the hands of the consumer sooner rather than later. Pretty compelling, so what could go wrong ?

6. Red teams are safe from robots for now, as AI makes better shield than spear

   A summary of some of the keynotes at Black Hat last week. I only had a brief encounter w/Mikko so didn't get to hear much of what he's doing. If I wrote a summary of the week I would say that Black Hat (and all the vendors) talked about all the amazing new possibilities using agentic AI in their products and then DEF CON proceeded to share how all the AI could be amazingly broken. Bookends.

Sam Bowne

1. Poisoned telemetry can turn AIOps into AI Oops, researchers show

   AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed AIops in a conversational interface for admins. Attackers send malicious requests, which create error messages in the logs containing attacker-controlled text. That text tells the AI what to do, and it may follow those instructions when later questions are processed.

   This works like the second-order SQL injection made famous by the XKCD comic "Exploits of a Mom."

2. Why it’s a mistake to ask chatbots about their mistakes

   The tendency to ask AI bots to explain themselves reveals widespread misconceptions about how they work.

3. Chatbots Can Go Into a Delusional Spiral. Here’s How It Happens.

   For three weeks in May, the fate of the world rested on the shoulders of a corporate recruiter on the outskirts of Toronto. Allan Brooks, 47, had discovered a novel mathematical formula, one that could take down the internet and power inventions like a force-field vest and a levitation beam. Or so he believed.

4. White House could stymie the UK’s anti-encryption plans?

   Donald Trump, the GREATEST PRESIDENT EVER, is saving the Internet! Are you sniveling libtards GRATEFUL yet? MAKE THE UK GREAT AGAIN!

5. Hyundai: Want cyber-secure car locks? That’ll be £49, please

   Hyundai is charging UK customers £49 ($66) for a security upgrade to prevent thieves from bypassing its car locks with wireless attacks.

   The government announced an intent earlier this year to ban keyless repeaters and signal jammers, which are thought to be linked to around 40 percent of all vehicle thefts in England and Wales.

   Among the devices available to motoring miscreants is a piece of kit that first surfaced in 2020. These come pre-loaded with the signals needed to hijack Hyundai, Kia, Mitsubishi, Nissan, and Genesis cars.

6. Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

   Since Spectre emerged in 2018, until now there have been no reports of realistic attacks on real-world clouds, leading to an assumption that such attacks are not practical. This "L1TF Reloaded" attack now leaks data from other guests in a commercial cloud computing platform. The attack is realistic even in one of today’s biggest and most important commercial clouds.

7. Amazon EC2 defenses against L1TF Reloaded

   Amazon says they aren't the major cloud service vulnerable to "L1TF Relaoded." Gee, who could it be?

8. How to: Detect Bluetooth Trackers

   Useful guide to using built-in and add-on apps to see if someone is tracking your location.

9. OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test

   "This step is necessary to prove I'm not a bot," wrote the bot as it passed an anti-AI screening step.

10. Ohio law to require local governments to formally approve ransomware payments: Capitol Letter

    A state law will soon require all counties, cities, townships, school districts, libraries, and other local governments to have a cybersecurity policy that adheres to certain standards, as well as only allow locals to approve ransomware demands during a public meeting.