Shut the Backdoor! More IoT Cybersecurity Problems

We all know that what we mean by hacker around here and what the world at large thinks of as a hacker are often two different things. But as our systems get more and more connected to each other and the public Internet, you can’t afford to ignore the other hackers — the black-hats and the criminals. Even if you think your data isn’t valuable, sometimes your computing resources are, as evidenced by the recent attack launched from unprotected cameras connected to the Internet.

As [Elliot Williams] reported earlier, Trustwave (a cybersecurity company) recently announced they had found a backdoor in some Chinese voice over IP gateways. Apparently, they left themselves an undocumented root password on the device and — to make things worse — they use a proprietary challenge/response system for passwords that is insufficiently secure. Our point isn’t really about this particular device, but if you are interested in the details of the algorithm, there is a tool on GitHub, created by [JacobMisirian] using the Trustwave data. Our interest is in the practice of leaving intentional backdoors in products. A backdoor like this — once discovered — could be used by anyone else, not just the company that put it there.

Continue reading “Shut the Backdoor! More IoT Cybersecurity Problems”

Fix-a-Brick: Fighting the Nexus 5X Bootloop

Oh Nexus 5X, how could you? I found my beloved device was holding my files hostage having succumbed to the dreaded bootloop. But hey, we’re hackers, right? I’ve got this.

It was a long, quiet Friday afternoon when I noticed my Nexus 5X was asking to install yet another update. Usually I leave these things for a few days before eventually giving in, but at some point I must have accidentally clicked to accept the update. Later that day I found my phone mid-way through the update and figured I’d just wait it out. No dice — an hour later, my phone was off. Powering up led to it repeatedly falling back to the “Google” screen; the dreaded bootloop.

Stages of Grief

I kept my phone on me for the rest of the night’s jubilant activities, playing with it from time to time, but alas, nothing would make it budge. The problem was, my Nexus still had a full day’s video shoot locked away on its internal flash that I needed rather badly. I had to fix the phone, at least long enough to recover my files. This is the story of my attempt to debrick my Nexus 5X.

Continue reading “Fix-a-Brick: Fighting the Nexus 5X Bootloop”

Autonomous Delivery and the Last 100 Feet

You’ve no doubt by now seen Boston Dynamics latest “we’re living in the future” robotic creation, dubbed Handle. [Mike Szczys] recently covered the more-or-less-official company unveiling of Handle, the hybrid bipedal-wheeled robot that can handle smooth or rugged terrain and can even jump when it has to, all while remaining balanced and apparently handling up to 100 pounds of cargo with its arms. It’s absolutely sci-fi.

[Mike] closed his post with a quip about seeing “Handle wheeling down the street placing smile-adorned boxes on each stoop.” I’ve recently written about autonomous delivery, covering both autonomous freight as the ‘killer app’ for self-driving vehicles and the security issues posed by autonomous delivery. Now I want to look at where anthropoid robots might fit in the supply chain, and how likely it’ll be to see something like Handle taking over the last hundred feet from delivery truck to your door.

Continue reading “Autonomous Delivery and the Last 100 Feet”

That Time I Spent $20 For 25 .STL Files

Last weekend I ran out of filament for my 3D printer midway through a print. Yes, it’s evidence of poor planning, but I’ve done this a few times and I can always run over to Lowe’s or Home Depot or Staples and grab an overpriced spool of crappy filament to tide me over until the good, cheap filament arrives via UPS.

The Staples in my neck of the woods was one of the few stores in the country to host a, ‘premium, in-store experience’ featuring MakerBot printers. Until a few months ago, this was a great place to pick up a spool of filament that could get you through the next few hours of printing. The filament cost about three times what I would usually pay, but it was still good quality filament and they usually had the color I needed.

This partnership between MakerBot and Staples fell through a few months ago, the inventory was apparently shipped back to Brooklyn, and now Robo3D has taken MakerBot’s space at the endcap in Staples. Last weekend, I picked up a 1kg spool of red PLA for $40. What I found next to this filament left me shocked, confused, and insatiably curious. I walked out of that store with a spool of filament and a USB thumb drive loaded up with twenty-five STL files. This, apparently, is the future of 3D printing.

Continue reading “That Time I Spent $20 For 25 .STL Files”

Audi Engineer Exposes Cheat Order

In an interesting turn of events last week in a German court, evidence has materialized that engineers were ordered to cheat emissions testing when developing automotive parts.

Last Tuesday, Ulrich Weiß brought forward a document that alleges Audi Board of Director members were involved in ordering a cheat for diesel emissions. Weiß was the head of engine development for Audi, suspended in November of 2015 but continued to draw more than half a million dollars in salary before being fired after prior to last week’s court testimony.

Volkswagen Group is the parent company of Audi and this all seems to have happened while the VW diesel emissions testing scandal we’ve covered since 2015 was beginning to come to light. Weiß testified that he was asked to design a method of getting around strict emissions standards in Hong Kong even though Audi knew their diesel engines weren’t capable of doing so legitimately.

According to Weiß, he asked for a signed order. When he received that order he instructed his team to resist following it. We have not seen a copy of the letter, but the German tabloid newspaper Bild reports that the letter claims approval by four Audi board members and was signed by the head of powertrain development at the company.

Hackaday was unable to locate any other sources reporting on the letter other than the Bild article we have linked to (also the source used in the Forbes article above). Sources such as Die Welt reference only “internal papers”. If you know of other reporting on the topic please leave a comment about it below.

 

Review: The Asus Tinker Board (Updated)

In the years since the launch of the original Raspberry Pi we have seen the little British ARM-based board become one of the more popular single board computers in the hobbyist, maker, and hacker communities. It has retained that position despite the best efforts of other manufacturers, and we have seen a succession of competitor boards directly copying it by imitating its form factor. None of them have made a significant dent in the sales figures enjoyed by the Pi, yet they continue to appear on a regular basis.

We recently brought you news of the latest challenger in this arena, in the form of the Asus Tinker Board. This is a board that has made us sit up and take notice because unlike previous players this time we have a product from a giant of the industry. Most of us are likely to own at least one Asus product, indeed there is a good chance that you might be reading this on an Asus computer or monitor. Asus have made some very high quality hardware in their time, so perhaps this product will inherit some of that heritage. Thus it was with a sense of expectation that we ordered one of the first batch of Tinker Boards, and waited eagerly for the postman.

Update:

A member of the Asus Marketing team read this review and contacted Hackaday with some updated information. According to our discussion, the Tinker Board has not officially launched. This explains a lot about the current state of the Tinker Board. As Jenny mentions in her review below, the software support for the board is not yet in place, and as comments on this review have mentioned, you can’t source it in the US and most other markets. An internal slide deck was leaked on SlideShare shortly after CES (which explains our earlier coverage), followed by one retailer in the UK market selling the boards ahead of Asus’ launch date (which is how we got our hands on this unit).

Asus tells us that they are aiming for an end of February launch date, perhaps as soon as the 26th for the United States, UK, and Taiwan. Other markets might have some variation, all of this contingent on agreements with and getting stock to regional distributors. With the launch will come the final OS Distribution (TinkerOS based on Debian), schematics, mechanical block diagrams, etc. Asus tells Hackaday it is a top priority to deliver hardware video acceleration for the Rockchip on the Tinker Board. The Board Support Package which hooks the feature into Linux is not yet finished but will come either on launch day or soon after. This is the end of the update, please enjoy Jenny List’s full review below.

Continue reading “Review: The Asus Tinker Board (Updated)”

Get Ready for the Great Eclipse of 2017

On August 21, 2017, the moon will cast its shadow across most of North America, with a narrow path of totality tracing from Oregon to South Carolina. Tens of millions of people will have a chance to see something that the continental US hasn’t seen in ages — a total eclipse of the sun. Will you be ready?

The last time a total solar eclipse visited a significantly populated section of the US was in March of 1970. I remember it well as a four-year-old standing on the sidewalk in front of my house, all worked up about space already in those heady days of the Apollo program, gazing through smoked glass as the moon blotted out the sun for a few minutes. Just watching it was exhilarating, and being able to see it again and capitalize on a lifetime of geekiness to heighten the experience, and to be able to share it with my wife and kids, is exciting beyond words. But I’ve only got eight months to lay my plans! Continue reading “Get Ready for the Great Eclipse of 2017”