Fooling Samsung Galaxy S8 Iris Recognition

We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.

Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!

Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode.  A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right.  No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.

Continue reading “Fooling Samsung Galaxy S8 Iris Recognition”

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Simple Samsung NX Remote Shutter Release From USB Cable

Samsung makes some nice cameras, but they have fallen into the trap of building proprietary controllers. Their NX models, for instance, have a micro USB port rather than the more usual 2.5mm socket for triggering the camera remotely. What’s a hacker to do?

[Niels] did some poking around, and found that it is pretty easy to trigger these cameras remotely, because Samsung simply moved the standard connections for half-press and full press of the shutter onto the USB socket: ground D+ (pin 3) and the camera focuses, then ground D- (pin 2) and the shutter is triggered. In his Instructable, he covers how to build a simple remote from a micro USB cable and a couple of switches.

Don’t feel left out if you have another type of digital camera: there are plenty of ways to build a simple shutter release switch with a few simple parts, or ways to put a microcontroller in control for more sophisticated shoots.

Samsung ARTIK Dev Boards Start To Ship

Another week’s news, another single board computer aimed at Internet of Things applications is launched. This time it’s Samsung’s Artik 5, a platform they’ve been talking about for a while now but which you can now buy as a dev board from Digi-Key for $99.99. For that you get Wi-Fi, Bluetooth and Zigbee connectivity, a dual-core ARM Cortex A7 running at 1GHz, 512MB of memory, and 4GB of eMMC storage. There are the usual plethora of interfaces: GPIO, I2C, SPI, UART, SDIO, USB 2.0, JTAG, and analogue.

The single board computer marketplace is starting to look rather crowded, and with so many competitors to choose from at more reasonable prices you might ask yourself why the ARTIK could be of interest to a maker. And given that Samsung are positioning it in their literature on its increased security for use in commercial  applications such as IoT hubs, IP cameras and industrial and commercial lighting systems, you’d probably be on to something. If you were to make a very rough analogy with the Raspberry Pi range this has more in common with the Compute Module when it comes to intended marketplace than it does with the Pi Zero.

One answer to that question though could be that it is one of the first devices to support the Thread networking protocol for IoT devices. Thread is a collaboration between Google and a range of other interested parties that has been designed to deliver reliable and secure mesh networking for IoT devices in connected homes. As with all new connectivity protocols only time will tell whether Thread is the Next Big Thing, but it is interesting to note in this board nevertheless.

The ARTIK hasn’t made many waves as yet, though we covered the story when it was announced last year. It is worth mentioning that the ARTIK 5 is only the first of three platforms, the ARTIK 1 will be a tiny board with Bluetooth LE aimed at portable and wearable applications while the ARTIK 10 will be an octo-core powerhouse aimed at mulitmedia processing and network storage applications.

BBC Micro:Bit Gets An App

It’s a small, cheap, British single board computer, and nobody can get hold of them. Another Raspberry Pi Zero story, you might think, but no, this is about the other small cheap and difficult to find British SBC, the BBC micro:bit. Samsung UK have produced an app for the micro:bit that allows owners to write code on their Android phones, and upload it to their micro:bit via Bluetooth.

The micro:bit story has played out with agonising slowness over the last year, but it seems that there may now be light at the end of the tunnel. The idea is a good one: give a small but very capable single board computer to every Year 7 (about 12 years old) child, and watch them learn something more useful about computers than how to use a Windows application. It has echoes of the BBC Micro 8-bit computer for schools sponsored by the UK government in the 1980s, and the hope is that it will help reproduce the same technical literacy enjoyed by 1980s kids.

The plan was for the youngsters to receive their boards last October but the project as been plagued by a series of delays and the latest estimate from January was that the boards would reach the kids after the school half-term. In other words within the next couple of weeks, depending on which part of the UK the school is located in.

We recently had a brief opportunity here at Hackaday to examine a micro:bit in the wild. It is a capable little board in its own right, being at heart an mbed, however the recommended web-based micro:bit IDE and compiler differs from the more usual mbed toolchain. One thing that caught our attention in the demo we were given was the micro:bit’s use of USB to deploy code; since schools lock down computer hardware to the n’th degree we were concerned that the micro:bits might not be visible on school USB ports. Easy Bluetooth deployment through the Samsung app promises to bypass that barrier, which can only be a good thing.

We’ve been watching the micro:bit story here at Hackaday from the start, most recently we noted the arrival of Python on the platform. If it has a formative influence on the generation of developers and engineers you’ll be hiring in the mid-2020s then we expect it to feature in many future stories.


The Coming Age of 3D Integrated Circuits

The pedagogical model of the integrated circuit goes something like this: take a silicone wafer, etch out a few wells, dope some of the silicon with phosphorous, mask some of the chip off, dope some more silicon with boron, and lay down some metal in between everything. That’s an extraordinarily basic model of how the modern semiconductor plant works, but it’s not terribly inaccurate. The conclusion anyone would make after learning this is that chips are inherently three-dimensional devices. But the layers are exceedingly small, and the overall thickness of the active layers of a chip are thinner than a human hair. A bit of study and thought and you’ll realize the structure of an integrated circuit really isn’t in three dimensions.

Recently, rumors and educated guesses coming from silicon insiders have pointed towards true three-dimensional chips as the future of the industry. These chips aren’t a few layers thick like the example above. Instead of just a few dozen layers, 100 or more layers of transistors will be crammed into a single piece of silicon. The reasons for this transition range from shortening the distance signals must travel, reducing resistance (and therefore heat), and optimizing performance and power in a single design.

The ideas that are influencing the current generation of three-dimensional chips aren’t new; these concepts have been around since the beginnings of the semiconductor industry. What is new is how these devices will eventually make it to market, the challenges currently being faced at Intel and other semiconductor companies, and what it will mean for a generation of chips several years down the road.

Continue reading “The Coming Age of 3D Integrated Circuits”

Tech Journos Link Samsung To Volkswagen, Somehow

On Thursday The Guardian published information linking Samsung to the current Volkswagen emissions fiasco. Samsung is accused of installing a ‘defeat device’ on some televisions that uses less energy during official testing conditions than would be found during real-world use.

“The apparent discrepancy between real-world and test performance of the TVs is reminiscent of the VW scandal that originated in the US last week,” wrote [Arthur Nelson] of The Guardian. This report was based on an unpublished lab test by the research group ComplianTV which found discrepancies between real-world and test performance when measuring power consumption. According to ComplianTV, this is due to the ‘motion lighting’ setting included in some Samsung TVs. Samsung vehemently denies this ‘motion lighting’ saying that it is not a method of cheating the consumption tests.

Typical results recognized during testing. Source
Typical results recognized during testing. Source

Not one to let a good controversy go to waste, the BBC reports a Samsung TV will reduce its power draw shortly after the start of the test. A graph of the power draw of a TV – not explicitly a Samsung television – demonstrating this functionality was found in a PDF of a ComplianTV workshop from last year labeled as, “Typical results recognized during testing” with a decrease in power consumption being a recognized behavior when the appropriate test video was found.

This is not the first time ComplianTV tested a Samsung TV equipped with a ‘motion lighting’ setting. Earlier this year, ComplianTV measured the power consumption of the Samsung UE55H8090 television, and found this TV was compliant with energy regulations. Incredibly, all Samsung TVs listed on the ComplianTV database were found to be compliant with the relevant energy directives.

Samsung’s rebuttal to the Guardian article states the ‘motion lighting’ technology is an ‘out of the box’ feature, active in both the lab and at home. Unlike Volkswagen’s ‘defeat device’ for their diesel engines which is only active during emissions testing, the ‘motion lighting’ technology is active whenever it is enabled in the TV’s settings menu.

Anyone in the US who has shopped for a television in the last four years will have noticed cost-per-year estimates for operating the appliance. This is only an issue if the televisions don’t actually meet that advertised benchmark. Until we see a published study we’re raising our eyebrows at The Guardian, easily one of the most trusted journalistic institutions on the planet, and reserving judgement for Samsung.