Counterfeit Hardware May Lead To Malware And Failure

Counterfeit parts are becoming increasingly hard to tell the difference from the real deal, the technology used by the counterfeiters has come on leaps and bounds, so even the experts struggle to tell the real product from a good fake. Mere fake branding isn’t the biggest problem with a counterfeit though, as ieee.com reports, counterfeit parts could contain malware or be downright dangerous.

Way back in 2014 the FBI charged [Marc Heera] with selling clones of the Hondata S300, a plugin engine module for Honda cars that reads sensors, and depending on their values can change idle speed, air-fuel mixture and a plethora of other car/engine related settings. What, might you ask, is the problem, except they are obviously not genuine parts? According to Honda they had a number of issues such as random limits on engine rpm and occasionally failure to start. While the fake Hondata S300 parts where just poor clones that looked the part, anything connected to an engine control unit brings up huge safety concerns and researchers have shown that through ECU access, they could hijack a car’s steering and brakes.

It’s not just car parts being cloned, remember the fake USB-to-serial chips of FTDI-Gate? Entire routers are also being cloned, which doesn’t sound too bad until you realise that the cloners could configure your internet traffic to be redirected through their network for snooping. In 2010 Saudi citizen [Ehab Ashoor] was convicted of buying cloned Cisco Systems gigabit interface converters with the intention of selling them to the U.S Dept of Defense. While nothing sinister was afoot in [Ashoor]’s case other than greed, these routers were to be deployed in Iraq for use by the Marine Corps networks. They were then to be used for security, transmitting troop movements and relaying intelligence from field operations back to HQ.

So who are the cloners and why are they doing it? It is speculated that some of them may be state funded, as there are a lot of countries who do not trust American silicon. Circuits are reverse engineered and find their way to the international market. Then just like the FTDI-Gate case, cloners want to make profits from others intellectual property. This also brings up another question, if there is a mistrust of American silicon, nearly everything is made in China these days so why should we trust anything from there? Even analog circuits can be made to spy on you, as you can see from the piece we recently featured on compromising a processor using an analog charge pump. If you want to defend yourself from such attacks, perhaps look at previous Hackaday Prize finalist, ChipWhisperer.

Oddly Satisfying – Twist Containers

One of the great strengths of 3D printing is that it makes creating objects with certain geometries much easier than it would be with traditional subtractive machining methods. Things like thin-walled perfect spheres or objects with wild undercuts become trivial to make. A great case in point is these amazing 3D-printed twist vases.

The key concept behind the vases is that the shape of the container itself is the thread that binds the two halves together. [Devin] has built plenty over the years, continually experimenting with the design, making everything from a useful compact trash container to heavily-twisted, more artistic pieces. [Devin] says they’re incredibly satisfying to play with, and we’re inclined to agree – it’s particularly great to watch the higher-tolerance printed vases twist themselves closed under gravity.

Such designs aren’t actually all that new – there’s similar models on Thingiverse stretching all the way back to 2009. The great thing about the Internet as an ecosystem is that not only do many people often reinvent the same idea, they each give it their own unique twist (pun unintended). Continue reading “Oddly Satisfying – Twist Containers”

Inside A Microswitch

We’ve taken a few microswitches apart, mostly to fix those pesky Logitech mice that develop double-click syndrome, but we’ve never made a video. Luckily, [Julian] did, and it is worth watching if you want to understand the internal mechanism of these components.

[Julian] talks about the way the contacts make and break. He also discusses the mechanical hysteresis inherent in the system because of the metal moving contact having spring-like qualities

Continue reading “Inside A Microswitch”

PS Vita Hacked To Accept Micro SD Instead Of Costly Memory Cards

Sony loves to have control of their own media formats: Beta, DAT, Minidisc, MemoryStick, Universal Media Disc, MemoryStick Micro, and more. When they released the PS Vita they used a format that was similar in shape to SD but not compatible. The higher capacity ones can be quite costly, However [thesixthaxis] Report there is a PS Vista Micro SD hack on the way.

PS Vita hacker [Yifan Lu]’s adapter replaces the 3G modem, allowing end users to plug a MicroSD card in its place.  And this means using standard MicroSD memory cards instead of Sony’s overpriced proprietary memory. This is the coolest PS Vita hack since  PS Vita’s Final Fantasy X.

Sounds like good news all round? Well, there are a few small caveats. In order to use the hack you need a 3G-capable Vita running HENkaku which means running firmware 3.60 or under. The adapter is still in prototype stage, but it’s available from the fully-funded Indiegogo campaign if you’re interested.

LTE IMSI Catcher

GSM IMSI catchers preyed on a cryptographic misstep in the GSM protocol. But we have LTE now, why worry? No one has an LTE IMSI catcher, right? Wrong. [Domi] is here with a software-defined base transceiver station that will catch your IMSI faster than you can say “stingray” (YouTube video, embedded below).

First of all, what is an IMSI? IMSI stands for International Mobile Subscriber Identity. If an IMEI (International Mobile Equipment Identity) is your license plate, your IMSI would be your driver’s license. The IMEI is specific to the phone. Your IMSI is used to identify you, allowing phone companies to verify your origin country and mobile network subscription.

Now, with terminology in tow, how does [Domi] steal your IMSI? Four words: Tracking Area Update Request. When a phone on an LTE network received a tracking area request, the LTE protocol mandates that the phone deletes all of its authentication information before it can reconnect to a base station. With authentication out of the way [Domi] spoofs a tower, waits for phones to connect, requests the phone’s IMSI and then rejects the phones authentication request, all under the nose of the phone’s user.

Now, before you don your tinfoil hat, allow us to suggest something more effective. Need more cell phone related hacks? We’ve got your back.

Continue reading “LTE IMSI Catcher”

Hackaday Prize Entry: A Modular Open-Source AV Receiver

Hi-Fi hasn’t changed much in decades. OK, we’ll concede that’s something of a controversial statement to make in that of course your home hi-fi has changed immensely over the years. Where once you might have had a turntable and a cassette deck you probably now have a streaming media player, and a surround sound processor, for example.

But it’s still safe to say that hi-fi reproduction hasn’t changed much in decades. You can still hook up the latest audio source to an amplifier and speakers made decades ago, and you’ll still enjoy great sound.

Not so though, if instead of a traditional amplifier you bought an AV receiver with built-in amplifier and processing. This is a fast-moving corner of the consumer electronics world, and the lifetime of a device before its interfaces and functionality becomes obsolete can often be measured in only a few years.

To [Andrew Bolin], this makes little sense. His solution has some merit, he’s produced a modular open-source AV processor in which the emphasis is on upgradeability to keep up with future developments rather than on presenting a black box to the user which will one day be rendered useless by the passage of time.

His design revolves around a backplane which accepts daughter cards for individual functions, and a Raspberry Pi to do the computational heavy lifting. So far he has made a proof-of-concept which takes in HDMI audio and outputs S/PDIF audio to his DAC, but plans are in hand for further modules. We can see that this could become the hub of a very useful open-source home entertainment system.

If you make one, please remember to enhance it with our own sound-improving accessory.

How To Build Your Own Google AIY Without The Kit

Google’s voice assistant has been around for a while now and when Amazon released its Alexa API and ported the PaaS Cloud code to the Raspberry Pi 2 it was just a matter of time before everyone else jumped on the fast train to maker kingdom. Google just did it in style.

Few know that the Google Assistant API for the Raspberry Pi 3 has been out there for some time now but when they decided to give away a free kit with the May 2017 issues of MagPi magazine, they made an impression on everyone. Unfortunately the world has more makers and hackers and the number of copies of the magazine are limited.

In this writeup, I layout the DIY version of the AIY kit for everyone else who wants to talk to a cardboard box. I take a closer look at the free kit, take it apart, put it together and replace it with DIY magic. To make things more convenient, I also designed an enclosure that you can 3D print to complete the kit. Lets get started.

Continue reading “How To Build Your Own Google AIY Without The Kit”