Radio Controlled Pacemakers Are Easily Hacked

Doctors use RF signals to adjust pacemakers so that instead of slicing a patient open, they can change the pacemakers parameters which in turn avoids unnecessary surgery. A study on security weaknesses of pacemakers (highlights) or full Report (PDF) has found that pacemakers from the main manufacturers contain security vulnerabilities that make it possible for the devices to be adjusted by anyone with a programmer and proximity. Of course, it shouldn’t be possible for anyone other than medical professionals to acquire a pacemaker programmer. The authors bought their examples on eBay.

They discovered over 8,000 known vulnerabilities in third-party libraries across four different pacemaker programmers from four manufacturers.  This highlights an industry-wide problem when it comes to security. None of the pacemaker programmers required passwords, and none of the pacemakers authenticated with the programmers. Some home pacemaker monitoring systems even included USB connections in which opens up the possibilities of introducing malware through an infected pendrive.

The programmers’ firmware update procedures were also flawed, with hard-coded credentials being very common. This allows an attacker to setup their own authentication server and upload their own firmware to the home monitoring kit. Due to the nature of the hack, the researchers are not disclosing to the public which manufacturers or devices are at fault and have redacted some information until these medical device companies can get their house in order and fix these problems.

This article only scratches the surface for an in-depth look read the full report. Let’s just hope that these medical companies take action as soon as possible and resolve these issue’s as soon as possible. This is not the first time pacemakers have been shown to be flawed.

Hacked by Subtitles

CheckPoint researchers published in the company blog a warning about a vulnerability affecting several video players. They found that VLC, Kodi (XBMC), Popcorn-Time and are all vulnerable to attack via malicious subtitle files. By carefully crafting a subtitles file they claim to have managed to take complete control over any type of device using the affected players when they try to load a video and the respective subtitles.

According to the researchers, things look pretty grim:

We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years. (…) Each of the media players found to be vulnerable to date has millions of users, and we believe other media players could be vulnerable to similar attacks as well.

One of the reasons you might want to make sure your software is up to date is that some media players download subtitles automatically from several shared online repositories. An attacker, as the researchers proved, could manipulate the website’s ranking algorithm and not only would entice more unsuspecting users to manually download his subtitles,  but would also guarantee that his crafted malicious subtitles would be those automatically downloaded by the media players.

No additional details were disclosed yet about how each video player is affected, although the researchers did share the details to each of the software developers so they can tackle the issue. They reported that some of the problems are already fixed in their current versions, while others are still being investigated. It might be a good idea to watch carefully and update your system before the details come out.

Meanwhile, we can look at the trailer:

Continue reading “Hacked by Subtitles”

Linux SambaCry

Great news everyone, Windows is not the only operating system with remote code execution via SMB. Linux has also its own, seven-year-old version of the bug. /s

This Linux remote execution vulnerability (CVE-2017-7494) affects Samba, the Linux re-implementation of the SMB networking protocol, from versions 3.5.0 onwards (since 2010). The SambaCry moniker was almost unavoidable.

The bug, however, has nothing to do on how Eternalblue works, one of the exploits that the current version of WannaCry ransomware packs with. While Eternalblue is essentially a buffer overflow exploit, CVE-2017-7494 takes advantage of an arbitrary shared library load.  To exploit it, a malicious client needs to be able to upload a shared library file to a writeable share, afterwards it’s possible for the attacker to cause the server to load and execute it. A Metasploit exploit module is already public, able to target Linux ARM, X86 and X86_64 architectures.

A patch addressing this defect has been posted to the official website and Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are also available. If you can’t apply the patch at the moment, the workaround is to add the parameter “nt pipe support = no” to the [global] section of your smb.conf and restart smbd. Note that this can disable some expected functionality for Windows clients.

Meanwhile, NAS vendors start to realise they have work on their hands. Different brands and models that use Samba for file sharing (a lot, if not all, of them provide this functionality) will have to issue firmware updates if they want to patch this flaw. If the firmware updates for these appliances take the same time they usually do, we will have this bug around for quite some time.

[Bre Pettis] Buys Other Machine Co.

Other Machine Co., manufacturer of the very capable and very cool OtherMill Pro CNC machine, has been acquired by [Bre Pettis], former CEO of MakerBot. Under the terms of the acquisition, current CEO of Other Machine Co, Dr. Danielle Applestone, will remain in charge of the company.

We have a love affair with the OtherMill here at Hackaday. We have a few of them kicking around the Design Lab, and they’re great. Six mil traces are possible, and the OtherMill is a very reliable machine. We’ve taken a look at the OtherMill manufacturing process and liked what we saw, and we’ve invited [Danielle Applestone] to talk about the quest for the highest precision per dollar.

Of course, the newsworthy item for this, ‘rich guy buys a company’ story is who acquired the company. [Pettis] is most famous for being one-third of the original MakerBot team, a position that netted him about $130 Million after Stratasys acquired MakerBot. Stratasys’ acquisition of MakerBot has made a lot of people angry and has been widely regarded as a bad move. The history of MakerBot is not written yet, but the general consensus is that [Pettis] only played a very limited role in the downfall of MakerBot and desktop 3D printing as a whole.

Since leaving MakerBot for greener pastures, [Pettis] has put his money to work; he’s also an investor in the laser cutter startup Glowforge. While Glowforge has seen its share of troubles including a ridiculous policy on field-replaceable laser tubes, and perpetual delays for production units, Glowforge will be shipping soon. It’s unclear how the Glowforge will ultimately be received. But [Pettis’] continues to put his money where his mouth is (and into hardware startups) with this acquisition of Other Machine Co..

The GNU GPL Is An Enforceable Contract At Last

It would be difficult to imagine the technological enhancements to the world we live in today without open-source software. You will find it somewhere in most of your consumer electronics, in the unseen data centres of the cloud, in machines, gadgets, and tools, in fact almost anywhere a microcomputer is used in a product. The willingness of software developers to share their work freely under licences that guarantee its continued free propagation has been as large a contributor to the success of our tech economy as any hardware innovation.

Though open-source licences have been with us for decades now, there have been relatively few moments in which they have been truly tested in a court. There have been frequent licence violations in which closed-source products have been found to contain open-source software, but they have more often resulted in out-of-court settlement than lengthy public legal fights. Sometimes the open-source community has gained previously closed-source projects, as their licence violations have involved software whose licence terms included a requirement for a whole project in which it is included to have the same licence. These terms are sometimes referred to as viral clauses by open-source detractors, and the most famous such licence is the GNU GPL, or General Public Licence. If you have ever installed OpenWRT on a router you will have been a beneficiary of this: the project has its roots in the closed-source firmware for a Linksys router that was found to contain GPL code.

Now we have news of an interesting milestone for the legal enforceability of open-source licences, a judge in California has ruled that the GPL is an enforceable contract. Previous case-law had only gone as far as treating GPL violations as a copyright matter, while this case extends its protection to another level.

The case in question involves a Korean developer of productivity software, Hancom Office, who were found to have incorporated the open-source Postscript and PDF encoder Ghostscript into their products without paying its developer a licence fee. Thus their use of Ghostscript falls under the GPL licencing of its open-source public version, and it was  on this basis that Artifex, the developer of Ghostscript, brought the action.

It’s important to understand that this is not a win for Artifex, it is merely a decision on how the game can be played. They must now go forth and fight the case, but that they can do so on the basis of a contract breach rather than a copyright violation should help them as well as all future GPL-licenced developers who find themselves in the same position.

We’re not lawyers here at Hackaday, but if we were to venture an opinion based on gut feeling it would be that we’d expect this case to end in the same way as so many others, with a quiet out-of-court settlement and a lucrative commercial licencing deal for Artifex. But whichever way it ends the important precedent will have been set, the GNU GPL is now an enforceable contract in the eyes of the law. And that can only be a good thing.

Via Hacker News.

GNU logo, CC-BY-SA 2.0.

Humans May Have Accidentally Created a Radiation Shield Around Earth


NASA spends a lot of time researching the Earth and its surrounding space environment. One particular feature of interest are the Van Allen belts, so much so that NASA built special probes to study them! They’ve now discovered a protective bubble they believe has been generated by human transmissions in the VLF range.

VLF transmissions cover the 3-30 kHz range, and thus bandwidth is highly limited. VLF hardware is primarily used to communicate with submarines, often to remind them that, yes, everything is still fine and there’s no need to launch the nukes yet.  It’s also used for navigation and broadcasting time signals.

It seems that this human transmission has created a barrier of sorts in the atmosphere that protects it against radiation from space. Interestingly, the outward edge of this “VLF Bubble” seems to correspond very closely with the innermost edge of the Van Allen belts caused by Earth’s magnetic field. What’s more, the inner limit of the Van Allan belts now appears to be much farther away from the Earth’s surface than it was in the 1960s, which suggests that man-made VLF transmissions could be responsible for pushing the boundary outwards.

Continue reading “Humans May Have Accidentally Created a Radiation Shield Around Earth”

Arduino Cinque – The RISC-V, ESP32, WiFi, Bluetooth Arduino

This weekend at the Bay Area Maker Faire, Arduino in conjunction with SiFive, a fabless provider of the Open Source RISC-V micros, introduced the Arduino Cinque. This is a board running one of the fastest microcontrollers available, and as an added bonus, this board includes Espressif’s ESP32, another wonderchip that features WiFi and Bluetooth alongside a very, very powerful SoC.

Details on the Arduino Cinque are slim at the moment, but from what we’ve seen so far, the Cinque is an impressively powerful board featuring the RISC-V FE310 SoC from SiFive, an ESP32, and an STM32F103. The STM32 appears to be dedicated to providing the board with USB to UART translation, something the first RISC-V compatible Arduino solved with an FTDI chip. Using an FTDI chip is, of course, a questionable design decision when building a capital ‘O’ Open microcontroller platform, and we’re glad SiFive and Arduino found a better solution. It’s unknown if this STM32 can be used alongside the FE310 and ESP32 at this point.

We’ve taken a look at SiFive’s FE310 SoC, and it is an extremely capable chip. It was released first at the HiFive1, and our hands-on testing revealed this is a chip that outperforms the current performance champ of the Arduino world, the Teensy 3.6. Of course, with any new architecture, there will be a few problems porting the vast number of libraries over to the FE310, but SiFive has included an Arduino compatible SDK. It’s promising, and we can’t wait to see SiFive’s work in more boards.