Do you trust your hard drive indication light?

Researchers in the past have exfiltrated information through air gaps by blinking all sorts of lights from LEDs in keyboards to the main display itself. However, all of these methods all have one problem in common: they are extremely noticeable. If you worked in a high-security lab and your computer screen started to blink at a rapid pace, you might be a little concerned. But fret not, a group of researchers has found a new light to blink (PDF warning). Conveniently, this light blinks “randomly” even without the help of a virus: it’s the hard drive activity indication light.

All jokes aside, this is a massive improvement over previous methods in more ways than one. Since the hard drive light can be activated without kernel access, this exploit can be enacted without root access. Moreover, the group’s experiments show that “sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bit/s (bits per second), depending on the type of receiver and its distance from the transmitter.” Notably, this speed is “10 times faster than the existing optical covert channels for air-gapped computers.”

We weren’t born last night, and this is not the first time we’ve seen information transmission over air gaps. From cooling fans to practical uses, we’ve seen air gaps overcome. However, there are also plenty of “air gaps” that contain more copper than air, and require correspondingly less effort.

Continue reading “Do you trust your hard drive indication light?”

The Elements Converge for ±.002 in Tolerance

What can be accomplished with just a torch and compressed air? We can think of many things, but bringing a 17-foot-long marine shaft into ±.002 in tolerance was not on our list.

Heat straightening (PDF) utilizes an oxy-acetylene flame that is used to quickly heat a small section of a workpiece. As the metal cools, it contracts more than it expanded when heated, resulting in a changed volume. With skill, any distortions on a shaft can theoretically be straightened out with enough time (and oxy-acetylene). Heat straightening is commonly applied to steel but works on nickel, copper, brass and aluminum additionally.

[Keith Fenner’s] standard process for trueing stock is sensitive enough that even sunlight can introduce irregularities, but at the same time is robust enough to carry out in your driveway. However, even though the only specialty tools you need are a torch, compressed air and work supports, watching [Keith] work makes it clear that heat straightening is as much an art as it is a science. Check out his artistry in the video below the break. Continue reading “The Elements Converge for ±.002 in Tolerance”

Project Zero Finds A Graphic Zero Day

After finding the infamous Heartbleed vulnerability along with a variety of other zero days, Google decided to form a full-time team dedicated to finding similar vulnerabilities. That team, dubbed Project Zero, just released a new vulnerability, and this one’s particularly graphic, consisting of a group of flaws in the Windows Nvidia Driver.

Most of the vulnerabilities found were due to poor programming techniques. From writing to user provided pointers blindly, to incorrect bounds checking, most vulnerabilities were due to simple mistakes that were quickly fixed by Nvidia. As the author put it, Nvidia’s “drivers contained a lot of code which probably shouldn’t be in the kernel, and most of the bugs discovered were very basic mistakes.”

When even our mice aren’t safe it may seem that a secure system is unattainable. However, there is light at the end of the tunnel. While the bugs found showed that Nvidia has a lot of work to do, their response to Google was “quick and positive.” Most bugs were fixed well under the deadline, and google reports that Nvidia has been finding some bugs on their own. It also appears that Nvidia is working on re-architecturing their kernel drivers for security. This isn’t the first time we’ve heard from Google’s Project Zero, and in all honesty, it probably won’t be last.

This 3D Printed Microscope Bends for 50nm Precision

Exploiting the flexibility of plastic, a group of researchers has created a 3D printable microscope with sub-micron accuracy. By bending the supports of the microscope stage, they can manipulate a sample with surprising precision. Coupled with commonly available M3 bolts and stepper motors with gear reduction, they have reported a precision of up to 50nm in translational movement. We’ve seen functionality derived from flexibility before but not at this scale. And while it’s not a scanning electron microscope, 50nm is the size of a small virus (no, not that kind of virus).

OpenFlexure has a viewing area of 8x8x4mm, which is impressive when the supports only flex 6°. But, if 256 mm3 isn’t enough for you, fret not: the designs are all Open Source and are modeled in OpenSCAD just begging for modification. With only one file for printing, no support material, a wonderful assembly guide and a focus on PLA and ABS, OpenFlexure is clearly designed for ease of manufacturing. Optics are equally interesting. Using a Raspberry Pi Camera Module with the lens reversed, they achieve a resolution where one pixel corresponds to 120nm.

The group hopes that their microscopes will reach low-resource parts of the world, and it seem that the design has already started to spread. If you’d like to make one for yourself, you can find all the necessary files up on GitHub.

Continue reading “This 3D Printed Microscope Bends for 50nm Precision”

Living High-Altitude Balloon

High-altitude balloons are used to perform experiments in “near space” at 60,000-120,000 ft. (18000-36000m). However, conditions at such altitude are not particularly friendly and balloons have to compete with ultraviolet radiation, bad weather and the troubles of long distance communication. The trick is to send up a live entity to make repairs as needed. A group of students from Stanford University and Brown University repurposed nature in their solution. Enter Bioballoon: a living high-altitude research balloon.

Instead of using inorganic materials, the Stanford-Brown International Genetically Engineered Machine (iGEM) team designed microbes that grow the components required to build various tools and structures with the hope of making sustained space research feasible. Being made of living material, Bioballoon can be grown and re-grown with the same bacteria, lowering the cost of manufacturing and improving repeatability.

Bioballoon is engineered to be modular, with different strains of bacteria satisfying different requirements. One strain of bacteria has been modified to produce hydrogen in order to inflate the balloon while the balloon itself is made of a natural Kevlar-latex mix created by other cells. Additionally, the team is using Melanin, the molecule responsible for skin color and our personal UV protection to introduce native UV resistance into the balloon’s structure. And, while the team won’t be deploying a glider, they’ve designed biological thermometers and small molecule sensors that can be grown on the balloon’s surface. They don’t have any logging functionality yet, but these cellular hacks could amalgamate as a novel scientific instrument: cheap, light and durable.

Living things too organic for your taste? Don’t worry, we’ve got some balloons that won’t grow on you.

Continue reading “Living High-Altitude Balloon”