TEMPEST: A Tin Foil Hat For Your Electronics And Their Secrets

October 19, 2015 by Elliot Williams 38 Comments

Electronics leak waves and if you know what you’re doing you can steal people’s data using this phenomenon. How thick is your tinfoil hat? And you sure it’s thick enough? Well, it turns out that there’s a (secret) government standard for all of this: TEMPEST. Yes, all-caps. No, it’s not an acronym. It’s a secret codename, and codenames are more fun WHEN SHOUTED OUT LOUD!

The TEMPEST idea in a nutshell is that electronic devices leak electromagnetic waves when they do things like switch bits from ones to zeros or move electron beams around to make images on CRT screens. If an adversary can remotely listen in to these unintentional broadcasts, they can potentially figure out what’s going on inside your computer. Read on and find out about the history of TEMPEST, modern research, and finally how you can try it out yourself at home!

Continue reading “TEMPEST: A Tin Foil Hat For Your Electronics And Their Secrets” →

Spherical Robot Rolls Then Walks Into Action

October 19, 2015 by Dan Maloney 10 Comments

download — Droideka [Source: Wookieepedia]

If ever any sci-fi robot form-factor made more sense than the Droideka of the Star Wars franchise, we’re not sure what it could be. Able to transform from a spheroid that rolls quickly onto the battlefield into a blaster-bristling tripodal walker, the Hollywood battle droid showed a lot of imagination and resulted in a remarkably feasible design. And now that basic design is demonstrated in a spherical quadrupedal robot that can transform from rolling to walking.

Intended as a proof of concept of a hybrid rolling-walking locomotion system, the QRoSS robot from Japan’s Chiba Institute of Technology is capable of some pretty amazing things already. Surrounded by a wire roll cage that’s independent of the robot’s legs, QRoSS is able to roll into position, unfurl its legs, and walk where it needs to go. Four independent legs make it sure-footed over rough terrain, with obvious applications in such fields as urban search and rescue; a hardened version could be tossed into a collapsed building or other dangerous environment and walk around to provide intelligence or render aid. The robot’s self-righting feature would be especially handy for that use case, and as you can see in the video below, it has a powered rolling mode that’s six times faster than its walking speed.

For a similar spherical transforming robot, be sure to check out the MorpHex robot with its hexapod design.

Continue reading “Spherical Robot Rolls Then Walks Into Action” →

How To Control Siri Through Headphone Wires

October 19, 2015 by Brian Benchoff 7 Comments

Last week saw the revelation that you can control Siri and Google Now from a distance, using high power transmitters and software defined radios. Is this a risk? No, it’s security theatre, the fine art of performing an impractical technical achievement while disclosing these technical vulnerabilities to the media to pad a CV. Like most security vulnerabilities it is very, very cool and enough details have surfaced that this build can be replicated.

The original research paper, published by researchers [Chaouki Kasmi] and [Jose Lopes Esteves] attacks the latest and greatest thing to come to smartphones, voice commands. iPhones and Androids and Windows Phones come with Siri and Google Now and Cortana, and all of these voice services can place phone calls, post something to social media, or launch an application. The trick to this hack is sending audio to the microphone without being heard.

The ubiquitous Apple earbuds have a single wire for a microphone input, and this is the attack vector used by the researchers. With a 50 Watt VHF power amplifier (available for under $100, if you know where to look), a software defined radio with Tx capability ($300), and a highly directional antenna (free clothes hangers with your dry cleaning), a specially crafted radio message can be transmitted to the headphone wire, picked up through the audio in of the phone, and understood by Siri, Cortana, or Google Now.

There is of course a difference between a security vulnerability and a practical and safe security vulnerability. Yes, for under $400 and the right know-how, anyone could perform this technological feat on any cell phone. This feat comes at the cost of discovery; because of the way the earbud cable is arranged, the most efficient frequency varies between 80 and 108 MHz. This means a successful attack would sweep through the band at various frequencies; not exactly precision work. The power required for this attack is also intense – about 25-30 V/m, about the limit for human safety. But in the world of security theatre, someone with a backpack, carrying around a long Yagi antenna, pointing it at people, and having FM radios cut out is expected.

Of course, the countermeasures to this attack are simple: don’t use Siri or Google Now. Leaving Siri enabled on a lock screen is a security risk, and most Androids disable Google Now on the lock screen by default. Of course, any decent set of headphones would have shielding in the cable, making inducing a current in the microphone wire even harder. The researchers are at the limits of what is acceptable for human safety with the stock Apple earbuds. Anything more would be seriously, seriously dumb.