2015: As the Hardware World Turns

A few hours from now, the ball will drop in Times Square. 2015 is over, and the good news is you can easily turn a handwritten ‘5’ into a ‘6’. Keep that in mind for the next few weeks. It’s time for a retrospective of everything that happened in 2015. That’s rather boring, though, and it’s usually better to put the most outrageous items in the lede. Therefore, it’s time for predictions of what will happen over the next 366 days. They are, in order:

  • 2016 will be the year of the Linux desktop
  • Self-driving cars will be demonstrated
  • Graphene! Something to do with graphene!
  • Your company will receive a resume with ‘Bitcoin’ listed as a skill
  • Fusion power is only nine years away

With that said, a lot happened this year. Tiny Linux single board computers became incredibly cheap, Radio Shack died, and Arduino went crazy.

Continue reading “2015: As the Hardware World Turns”

32C3: Dieselgate — Inside the VW’s ECU

[Daniel Lange] and [Felix Domke] gave a great talk about the Volkswagen emissions scandal at this year’s Chaos Communication Congress (32C3). [Lange] previously worked as Chief architect of process chain electronics for BMW, so he certainly knows the car industry, and [Domke] did a superb job reverse-engineering his own VW car. Combining these two in one talk definitely helps clear some of the smog around the VW affair.

[Lange]’s portion of the talk basically concerns the competitive and regulatory environments that could have influenced the decisions behind the folks at VW who made the wrong choices. [Lange] demonstrates how “cheating” Europe’s lax testing regime is fairly widespread, mostly because the tests don’t mimic real driving conditions. But we’re not sure who’s to blame here. If the tests better reflected reality, gaming the tests would be the same as improving emissions in the real world.

As interesting as the politics is, we’re here for the technical details, and the reverse-engineering portion of the talk begins around 40 minutes in but you’ll definitely want to hear [Lange]’s summary of the engine control unit (ECU) starting around the 38 minute mark.

[Domke] starts off with a recurring theme in our lives, and the 32C3 talks: when you want to reverse-engineer some hardware, you don’t just pull the ECU out of your own car — you go buy another one for cheap online! [Domke] then plugged the ECU up to a 12V power supply on his bench, hooked it up, presumably to JTAG, and found a bug in the firmware that enabled him to dump the entire 2MB of flash ROM into a disassembler. Respect! His discussion of how the ECU works is a must. (Did you know that the ECU reports a constant 780 RPM on the tacho when the engine’s idling, regardless of the actual engine speed? [Domke] has proof in the reverse-engineered code!)

The ECU basically takes in data from all of the car’s sensors, and based on a number of fixed data parameters that physically model the engine, decides on outputs for all of the car’s controls. Different car manufacturers don’t have to re-write the ECU code, but simply change the engine model. So [Domke] took off digging through the engine model’s data.

Long story short, the driving parameters that trigger an emissions reduction exactly match those that result from the EU’s standardized driving schedule that they use during testing — they’re gaming the emissions tests something fierce. You’ve really got to watch the presentation, though. It’s great, and we just scratched the surface.

And if you’re interested in our other coverage of the Congress, we have quite a collection going already.

32C3: Shopshifting — Breaking Credit Card Payment Systems

Credit card payment systems touch all of our lives, and because of this there’s a lot riding on the security of that technology. The best security research looks into a widely deployed system and finds the problems before the bad guys do. The most entertaining security presentations end up finding face-palmingly bad practices and having a good laugh along the way. The only way to top that off is with live demos. [Karsten Nohl], [Fabian Bräunlein], and [dexter] gave a talk on the security of credit-card payment systems at the 32nd annual Chaos Communications Congress (32C3) that covers all the bases.

While credit card systems themselves have been quite well-scrutinized, the many vendor payment networks that connect the individual terminals haven’t. The end result of this research is that it is possible to steal credit card PINs and remotely refund credits to different cards — even for purchases that have never been made. Of course, the researchers demonstrate stealing money from themselves, but the proof of concept is solid. How they broke two separate payment systems is part hardware hacking, part looking-stuff-up-on-the-Internet, and part just being plain inquisitive.

Continue reading “32C3: Shopshifting — Breaking Credit Card Payment Systems”

FAA Bans Drones For More Than Six Million People

In recent weeks, the FAA has solicited input from hobbyists and companies in the ‘drone’ industry, produced rules and regulations, and set up a registration system for all the quadcopters and flying toys being gifted over the holiday season. Whether or not the FAA is allowed to do this is a question being left to the courts, but for now, the FAA has assuredly killed a hobby for more than six million people. The FAA has introduced an updated Temporary Flight Restriction (TFR) for a 30-mile radius around Washington, DC.

staticmap
The 30-mile TFR area

Previously, there had been a blanket ban on drones, UAS, and model aircraft within a 15-mile radius of a point inside Reagan National Airport. This point covered the District of Columbia proper, and the suburbs of Bethesda, College Park, and Alexandria – basically, everything inside the beltway, and a mile or two beyond. The new flight restriction for drones covers a vastly larger area – all of the DC metro area, Annapolis, half of Baltimore, and all of northern Virginia. This area encompasses a population of more than six million people.

The DC metro area has, since 9/11, become some of the most complex airspace in the entire country. There are several military bases, Aberdeen proving grounds, the US Naval academy, and of course the White House, Capitol building, and the Pentagon. Even commercial airliners are subject to some very interesting regulations. For the same reason general aviation shuts down in southern California every time the president visits LA, you simply can’t fly model aircraft within the beltway; it’s a security measure, and until now, flying clubs in the DC area have dealt with these restrictions.

The new TFR has effectively shuttered more than a dozen flying clubs associated with the Academy of Model Aeronautics. DCRC, a club with a field in the middle of some farmland in Maryland, has closed down until further notice. The Capital Area Soaring Association has also closed because of the TFR.

Although called a Temporary Flight Restriction, this is a rule that will be around for a while. The FAA says this restriction is here for good.

32C3: Beyond Your Cable Modem

[Alexander Graf] gave an absolutely hilarious talk at 32C3 about the security flaws he found in cable modems from two large German ISPs. The vulnerability was very serious, resulting in remote root terminals on essentially any affected cable modem, and the causes were trivial: unencrypted passwords in files that are sent over TFTP or Telnet to the modems, for instance.

While [Alexander] was very careful to point out that he’d disclosed all of these vulnerabilities to the two German cable ISPs that were affected, he notably praised one of them for its speedy response in patching up the holes. As for the other? “They’d better hurry up.” He also mentions that, although he’s not sure, he suspects that similar vulnerabilities are present in other countries. Oh dear.

A very interesting point in the talk is the way that [Alexander] chose to go about informing the cable ISPs. Instead of going to them directly and potentially landing himself in jail, he instead went to the press, and let his contacts at the press talk to the ISPs. This both shielded him from the potential initial heat and puts a bit of additional pressure on the ISPs to fix the vulnerability — when the story hits the front page, they would really like to be ahead of the problem.

cable_modem-shot0012

There’s even a bone for you die-hard hardware hackers out there who think that all of this software security stuff is silly. To get the modem’s firmware in the first place, at minute 42 of the talk, [Alexander] shows briefly how he pulled the flash chip off the device and read it into his computer using a BeagleBone Black. No JTAG, no nothing. Just pulling the chip off and reading it the old-fashioned way.

If you’ve got an hour, go watch [Alexander]’s talk. It’s a fun romp through some serious vulnerabilities.

Parts bin Emergency Lights Deal with Tornado’s Aftermath

Sometimes having a deep inventory of parts in your shop is a pain – the clutter, the dust, the things you can’t rationally justify keeping but still can’t bear to part with. But sometimes the parts bin delivers and lets you cobble together some emergency lighting when a tornado knocks out your power.

It has been hard to avoid discussions of the weird weather in the US this winter. The eastern half of the country has had record warm temperatures, the west has been lashed by storms, and now December tornadoes have ripped through Texas and other parts of the south, with terrible loss of life and wide-ranging property damage. [TheTimmy] was close enough to one massive EF4 tornado to lose power on Saturday night, and after the charm of a candlelight Christmas evening wore off, he headed to the shop. He had a bunch of sealed lead acid batteries from old UPSs and a tangle of 12V LED modules, and with the help of some elastic bands and jumper clips he wired up a bunch of lights for around the house. Safer than candles by a long shot, and more omnidirectional than flashlights to boot.

The power came back before the batteries ran out of juice, so we don’t get to see any hacks for recharging batteries in a grid-down scenario. Still, it’s good to see how a deep parts bin and good mindset can make a positive impact on an uncomfortable situation. We’ve seen similar hacks before, like this hacked cordless tool battery pack or powering a TV with 18650 batteries. Be sure to share your story of epic power-outage hacks in the comments below.

Weightless IoT Hardware Virtually Unavailable

It has been over 2 years since we last mentioned the Weightless SIG and their claims of an IoT open standard chip with a 10 year battery life and 10km wireless range, all at a jaw dropping price of $2 per chip. There was a planned production run of the 3rd gen chips which I would suspect went to beta testers or didn’t make it into production since we didn’t hear anything else, for years.

Recently, a company called nwave began producing dev-kits using the Weightless Technology which you can see in the banner image up top. Although the hardware exists it is a very small run and only available to members of the development team. If you happen to have been on the Weightless mailing list when the Weightless-N SDK was announced there was an offer to get a “free” development board to the first 100 development members. I use bunny ears on free because in order to become a member of the developer team you have to pay a yearly fee of £900. Don’t abrasively “pffffft” just yet, if you happened to be one first 100 there was an offer for developers that came up with a product and submitted it back for certification to get their £900 refunded to them. It’s not the best deal going, but the incentive to follow through with a product is an interesting take.

Continue reading “Weightless IoT Hardware Virtually Unavailable”