This Week In Security: Android And Linux, VirusTotal, More Psychic Signatures

To start our week of vulnerabilities in everything, there’s a potentially big vulnerability in Android handsets, but it’s Apple’s fault. OK, maybe that’s a little harsh — Apple released the code to their Apple Lossless Audio Codec (ALAC) back in 2011 under the Apache License. This code was picked up and shipped as part of the driver stack for multiple devices by various vendors, including Qualcomm and MediaTek. The problem is that the Apple code was terrible, one researcher calling it a “walking colander” of security problems.

Apple has fixed their code internally over the years, but never pushed those updates to the public code-base. It’s a fire-and-forget source release, and that can cause problems like this. The fact that ALAC was released under a permissive license may contribute to the problem. Someone (in addition to Apple) likely found and fixed the security problems, but the permissive license doesn’t require sharing those fixes with a broader community. It’s worth pondering whether a Copyleft license like the GPL would have gotten a fix distributed years ago.

Regardless, CVE-2021-0674 and CVE-2021-0675 were fixed in both Qualcomm and MediaTek’s December 2021 security updates. These vulnerabilities are triggered by malicious audio files, and can result in RCE. An app could use this trick to escape the sandbox and escalate privileges. This sort of flaw has been used by actors like the NSO group to compromise devices via messaging apps. Continue reading “This Week In Security: Android And Linux, VirusTotal, More Psychic Signatures”

Shoelace Locks Keep Your Fancy Footwear Firmly Attached

Remember the 1980s, when velcro sneakers were the hip new thing? (Incidentally, VELCRO® is a registered trademark for VELCRO® brank hook-and-loop fasteners but we use it here as a general term for the fastening technology). Only the coolest kids in school had a fresh pair of Zips. Velcro left a bit to be desired though. The hooks and loops would wear out, and the sneakers always seemed to pop apart at the worst possible moments — like when running or jumping. These days, velcro seems to be relegated to the elderly, which gives it the stigma of “old people shoes”.

So what is an aspiring hacker to do, just tie their shoelaces like a simple plebe? [Pentland_Designs] has the answer with his shoelace locks. The design is his take on the classic plastic clip found on backpacks and jackets. [Pentland_Designs] has added a twist though — a “button” which flexes a plastic ring, releasing the main body of the clip. This means the user doesn’t have to bend down when taking off their shoes. This isn’t just good for folks with disabilities. Anyone with back problems will tell you that avoiding a couple of deep bends at the end of the day helps a lot.

Check out the video of [Pentland_Designs] Shoelace locks after the break. For more shoe-tech, check out these LEGO self-lacing shoes, or this teardown of Nike’s self-lacing offering.

Continue reading “Shoelace Locks Keep Your Fancy Footwear Firmly Attached”

Power Laces Take Us 5 Years Into The Future

[youtube=http://www.youtube.com/watch?v=ROEZs0HpFQc]

Back to the Future Part 2 provided a glimpse of a future that included hover boards and holographic advertisements. But you don’t have to wait until 2015 to get your hands on at least some of the technology. [Blake Bevin] has produced a pair of shoes with power laces as seen in the film. Of course present day technology doesn’t allow him to make the mechanical parts disappear so you’ll have to deal with two servo motors and an Arduino hanging off of your heels.  But hey, at least you won’t have to tie your own shoes like some 20th century peasant. No word on using these for a little theme music as you walk around but maybe that’s something from the more distant future.