Key features cut out of Android API


Google has decided that its initial release of the Android SDK will not include formal Bluetooth support or Google Talk. Bluetooth headsets will still work, but developers will not have access to the Bluetooth portion of the API. Google’s security researchers have announced that Google Talk was left out because of multiple security concerns. Bluetooth, on the other hand, was left out because the development team ran out of time.

Out of these two features, we think users are going to be most disappointed by the omission of Google Talk. Chatting has become one of the most useful features of new smart phones. The ability to just chat instead of sending a text message is one of the main attractions to phones like the iPhone, which has support for AIM.

[photo: dreamside]

IBM sees influx in zero-day exploits


IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Watching DVDs on your Wii


Nintendo Wii Fanboy explains how to watch DVDs on your Wii using the new MPlayer application. Although the reviews are mixed, some claim it works and others claim it doesn’t, most are excited about this new feature which has been missing since the Wii’s launch. To get this working, you need to run the Twilight Hack and get the Homebrew Channel. Then you download the MPlayer software onto your SD card and install that using the Homebrew Channel. From there, you can launch the application and play your DVDs with ease using the minimalistic DVD player interface.

Although this seems like a lot of work just to watch a DVD, especially considering this might not work for you, it is interesting to see people trying to push for media center software on the Wii. Now they only need to find ways to get past the Nintendo’s attempts to stop this Homebrew movement.

Homemade Tube Screamer clone


[jonboytang] documented his construction of a clone of the famous Tube Screamer overdrive pedal from a set of plans found at tonepad. The tonepad site says you can use the plans to build either a TS-9 or a TS-808, both of which have been classic staples in every guitar player’s setup since the 70s. Although the old parts are no longer available, these new variants still have a really nice sound.

This project is really just a look into [jonboytang]‘s etching and enclosure building process, but it may be useful for someone. The build and the circuit look really simple so this would be a great project for guitar players looking to learn how to etch their own PCBs. If you need more information on etching, we would suggest starting out by reading our How-To on etching single sided PCBs. If you are lazy and would rather spend a little money, check out tonepad’s online store. They have a board for this project and many others.

Defcon 16: Covert Warballooning flight


Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.

[photo: JoergHL]

[via /.]

Defcon 16: Pacemaker-B-Gone

A collaboration of various medical researchers in the academic field has led to proof that pacemakers can be remotely hacked with simple and accessible equipment. [Kevin Fu], an associate professor at the University of Massachusetts at Amherst, led the team. [Kevin] first tried to get documentation from the manufacturers, believing they would support the effort, but they were not interested in helping. They were forced to get access to an old pacemaker and reverse engineer it. They found that the communication protocol used to remotely program the device was unencrypted. They then used a GNU radio system to find access to some of the machine’s reprogrammable functions, including accessing patient data and even turning it off.

Although this was only done with one particular pacemaker, it proves the concept and should be taken seriously by the medical companies who produce these devices. If you are interested in the technical aspects, check out the paper the team released in May disclosing the methods.

New E-Passports Cloned


Within an hour, Jeron Van Beek was able to create a successful clone of Britain’s new E-Passport. All he needed was a £40 card reader, two £10 RFID chips, and a small, improvised script. Although the exact details were not specified, it looks like he read the ID on the real passport using the RFID reader, then he wrote it to the two blank chips and put them in the fake passports. There is also a flaw which may allow outright forging of the passports. Nearly all of the 45 countries using the system have not yet registered with the Public Key Directory, which was put in place to make forging impossible.

The government is claiming that this hack is a hoax, but recent reports have shown that these RFID systems were never secure. No matter what the actual truth is about these hacks, it can certainly be said that the ability to clone or forge these passports would be a devastating security issue for every country involved.

[Photo: Digital World Tokyo]

[via The Guardian]