Author: Pedro Umbelino

77 Articles

3D Printing A Real Heart

April 23, 2019 by 12 Comments

As 3D printing becomes more and more used in a wide range of fields, medical science is not left behind. From the more standard uses such as printing medical equipment and prosthetics to more advanced uses like printing cartilages and bones, the success of 3D printing technologies in the medical field is rapidly growing.

One of the last breakthrough is the world’s first 3D vascularised engineered heart using the patient’s own cells and biological materials. Until now, scientists have only been successful in printing only simple tissues without blood vessels. Researchers from Tel Aviv University used the fatty tissue from patients to separate the cellular and acellular materials and reprogrammed the cells become pluripotent stem cells. The extracellular matrix (ECM) was processed into a personalized hydrogel that served as the basis from the print.

This heart is made from human cells and patient-specific biological materials. In our process these materials serve as the bioinks, substances made of sugars and proteins that can be used for 3D printing of complex tissue models… At this stage, our 3D heart is small, the size of a rabbit’s heart, but larger human hearts require the same technology.

After being mixed with the hydrogel, the cells were efficiently differentiated to cardiac or endothelial cells to create patient-specific, immune-compatible cardiac patches with blood vessels and, subsequently, an entire heart that completely matches the immunological, cellular, biochemical and anatomical properties of the patient. The difficulty of printing full-blown organs were being tackled for a long time and we already talked about it in the past.

The development of this technology may completely solve both the problem of organ compatibility and organ rejection.

 

1 Trillion USD Refund! (PDF Enclosed)

March 6, 2019 by 5 Comments

Security researchers have found that it is possible to alter a digitally signed PDF without invalidating its signatures. To demonstrate it, they produced a fake document “refund order” of $1,000,000,000,000 dollars, with a valid signature from Amazon. This sparked my attention, since I was quite sure that they didn’t use some sort of quantum device to break the cryptography involved in the signing process. So what exactly is going on?

The researchers claim to found at least three different ways to, in their words:

… use an existing signed document (e.g., amazon.de invoice) and change the content of the document arbitrarily without invalidating the signatures. Thus, we can forge a document signed by invoicing@amazon.de to refund us one trillion dollars.

That’s not good news if you take into account that the main purpose of digitally signing a document is, well, prevent unauthorized changes in that document. The good news is that you can update your software to fix this flaws because of this research; the main PDF readers companies were given time to fix the issues. The bad news is that if you rely on the signature verification for any sensitive process, you likely want to go back and see if you were using vulnerable software previously and check that documents were correctly validated. I’m thinking about government institutions, banks, insurance companies and so on.

The implications are yet to be seen and probably won’t even be fully known.

There are three classes of attacks that work on different software. I’ll try to go into each one from what I could tell from reading the research.

Continue reading “1 Trillion USD Refund! (PDF Enclosed)”

Bitcoin’s Double Spending Flaw Was Hush-Hush During Rollout

October 2, 2018 by 15 Comments

For a little while it was possible to spend Bitcoin twice. Think of it like a coin on a string, you put it into the vending machine to get a delicious snack, but if you pull the string quickly enough you could spend it again on some soda too. Except this coin is worth something like eighty-grand.

On September 20, the full details of the latest fix for the Bitcoin Core were published. This information came two days after the fix was actually released. Two vulnerabilities were involved; a Denial of Service vulnerability and a critical inflation vulnerability, both covered in CVE-2018-17144. These were originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited.

Let’s take a look at how this worked, and how the network was patched (while being kept quiet) to close up this vulnerability.

Continue reading “Bitcoin’s Double Spending Flaw Was Hush-Hush During Rollout”

Explaining Efail And Why It Isn’t The End Of Email Privacy

May 21, 2018 by 25 Comments

Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.

A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.

But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation up with firm reasoning. In fact, Efail isn’t an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.

Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.

Continue reading “Explaining Efail And Why It Isn’t The End Of Email Privacy”

3D Printed WiFi Reflectors Custom Designed For The Building

November 18, 2017 by 35 Comments

Are you a wizard at antenna design? Chances are you’ve never even given it a try, but this tool could change that. Most home-made WiFi signal boosting antenna plans around the Internet share one feature: they are directional antennas or reflectors. But WiPrint is a tool for designing custom WiFi reflectors that map to the specific application.

If we want to increase the signal strength in two or three different locations the traditional solution is an omnidirectional antenna. The problem is, although a good omnidirectional antenna increases the signal power in those locations we want, it also increases the signal power where we don’t want.

A team of researchers led by Dartmouth College created WiPrint to allow users to input a floor plan, the location of the WiFi access point and a desired signal map into the system. The software uses an optimization algorithm to produce a custom reflector shape for that floor plan. The reflector can then be fabricated and placed next to the access point antenna to reflect and concentrate the signal in the specified area, while decreasing signal strength outside of it. The best thing is: you can actually 3D print the reflector and just glue tin foil on it!

The results show that optimized reflectors can weaken or enhance signals in target areas by up to 10 or 6 dB, respectively, and resulting in throughput changes by up to -63.3% or 55.1%. That is not the only advantage, as the researchers point out:

Our approach provides four benefits. First, it provides strong physical security by limiting the physical reach of wireless signals, hence creating a virtual wall for wireless signals. Second, it relies on a low-cost ($35), reproducible 3D reflector, which can be easily replaced upon substantial changes in the environment or coverage requirement. Third, it offers an easily accessible and easy-to-configure solution to non-expert users. Users only need to specify coverage requirements and a coarse environment model, with which our system computes a reflector shape tailored to the built environment. Finally, it is applicable to commodity low-end Wi-Fi APs without directional or multiple antennas.

The sad part is that, for now, no software is available. The study and results have just been presented at ACM’s BuildSys 2017. It would be great to see something like this open-sourced. Meanwhile, this is further proof that [Brian Benchoff] knew what he was doing when he told you to use duct tape for superior WiFi range.

Is Intel’s Management Engine Broken Yet?

November 17, 2017 by 50 Comments

Our own [Brian Benchoff] asked this same question just six months ago in a similar headline. At that time, the answer was no. Or kind of no. Some exploits existed but with some preconditions that limited the impact of the bugs found in Intel Management Engine (IME). But 2017 is an unforgiving year for the blue teams, as lot of serious bugs have been found throughout the year in virtually every fields of computing. Researchers from Positive Technologies report that they found a flaw that allows them to execute unsigned code on computers running the IME. The cherry on top of the cake is that they are able to do it via a USB port acting as a JTAG port. Does this mean the zombie apocalypse is coming?

Before the Skylake CPU line, released in 2015, the JTAG interface was only accessible by connecting a special device to the ITP-XDP port found on the motherboard, inside a computer’s chassis. Starting with the Skylake CPU, Intel replaced the ITP-XDP interface and allowed developers and engineers to access the debugging utility via common USB 3.0 ports, accessible from the device’s exterior, through a new a new technology called Direct Connect Interface (DCI). Basically the DCI provides access to CPU/PCH JTAG via USB 3.0. So the researchers manage to debug the IME processor itself via USB DCI, which is pretty awesome, but USB DCI is turned off by default, like one of the researchers states, which is pretty good news for the ordinary user. So don’t worry too much just yet.

Continue reading “Is Intel’s Management Engine Broken Yet?”

Super Low Tech Mario

November 16, 2017 by 20 Comments

Browsing around the depths of the Internet we came across a super low tech version of Super Mario from [Sata Productions]. The video presents a complete tutorial on how to make a playable, cardboard version of the famous Super Mario game. If you are a fan, you probably going to like this.

You basically need cardboard, a hot glue gun, a ball bearing, a couple of DC motors, some iron BBs, some magnets, batteries, some wires… it sounds just like shopping list for a MacGuyver episode. But it works and it’s playable. It has a wired remote control, you control Mario to move and make him jump up and down in a kind of turning dashboard game. It even has a game over screen when Mario dies. Yes, Mario can die in this cardboard version. If you want to make a custom version you can always print a bigger level and resize the cardboard box.

Super Mario has had its shares of hacks, like this interface hack using a Kinect to control Mario or this super tricky jailbreak hack that allows players to run their own game mods, but this one is just on another level: a low tech approach. It seems like it could be a fun weekend project, especially if you have kids. If you’re not into Super Mario, it’s possible to just print a different game, the supporting platform is pretty generic and could support several simplified platform games.

Check out the video:

Continue reading “Super Low Tech Mario”