Security Engineering: Inside The Scooter Startups

A year ago, ridesharing scooter startups were gearing up for launch. Workers at Bird, Lime, Skip, and Spin were busy improving their app, retrofitting scooters, and most importantly, figuring out the logistics of distributing thousands of electronic scooters along the sidewalks of the Bay Area. These companies were gearing up for a launch in early summer, but one company — nobody can remember exactly who — decided to launch early. First mover advantage, and all. Overnight, these scooter companies burst into overdrive, chucking scooters out of panel vans onto the sidewalk simply to keep up with the competition.

The thing about San Francisco, and California in general, is that it’s a very direct democracy masquerading as a representative government. Yes, there are city council members and a state legislature, but the will of the people will rule. No one liked tripping over the scooters littering the sidewalks, so the scooters ended up at the bottom of a lake. Or in trees. Or in the trash. In time, city permits were issued, just like a hot dog cart or any other business operating on a public sidewalk, and the piles of electric scooters disappeared. Not before hundreds of scooters were vandalized, that is.

It’s still early in the electric scooter rental startup space, but if there’s one company leading the pack, It’s Bird. they’re getting the most press, the CEO was formerly at Lyft and Uber (which explains the press), and they’ve raised nearly a half Billion dollars in funding (which explains the press). Bird is valued at two Billion dollars, and it’s one of four major ridesharing scooter startups. had nothing on this.

Despite how overvalued you think a scooter startup might be, they’re still a business, and they’re ruled by the bottom line. Bird has grown a lot in the past year, and with that comes engineering challenges. The Bird scooters must be more resistant to vandalism. The Bird scooters must be harder to steal. Above all else, they must remain in service longer. This is the teardown of how Bird managed to improve their bottom line and engineer a better scooter.

Continue reading “Security Engineering: Inside The Scooter Startups”

A Malicious WiFi Backdoor In A Keyboard’s Clothing

The USB Rubber Ducky burst onto the scene a few years ago, and invented a new attack vector – keystroke injection. The malicious USB device presents itself as a keyboard to the target system, blurting out keystrokes at up to 1000 words per minute. The device is typically used to open a phishing site or otherwise enter commands to exfiltrate data from the victim. Now things have stepped up a notch, with ESPloitV2 – a WiFi-enabled take on the same concept.

Running on the Cactus WHID platform, the device is so named for the ESP12 WiFi microcontroller it employs, along with an Atmega 32u4 for USB HID device emulation. By virtue of its wireless connection, no longer does the aspiring hacker have to rely on pre-cooked routines. Various exploits can be stored in the ESP12’s spacious 4 megabytes of flash, and there’s even the potential to live type your attack if you’re feeling bold.

It goes to show that the trust we implicitly place in foreign USB devices is potentially our future downfall. BadUSB is another great example, and the USB Wrapper is a great way to get a charge if you’re stuck using an untrusted port.


Tiny Amplifier With ATtiny

Small microcontrollers can pack quite a punch. With the right code optimizations and proper use of the available limited memory, even small microcontrollers can do things they were never intended to. Even within the realm of intended use, however, there are still lots of impressive uses for these tiny cheap processors like [Lukasz]’s audio amplifier which uses one of the smallest ATtiny packages around in the video embedded below.

Since the ATtiny is small, the amplifier is only capable of 8-bit resolution but thanks to internal clock settings and the fast PWM mode he can get a sampling rate of 37.5 kHz. Most commercial amplifiers shoot for 42 kHz or higher, so this is actually quite close for the limited hardware. The fact that it is a class D amplifier also helps, since it relies on switching and filtering to achieve amplification. This allows the amplifier to have a greater efficiency than an analog amplifier, with less need for heat sinks or oversized components.

All of the code that [Lukasz] used is available on the project site if you’ve ever been curious about switching amplifiers. He built this more as a curiosity in order to see what kind of quality he could get out of such a small microcontroller. It sounds pretty good to us too! If you’re more into analog amplifiers, though, we have you covered there as well.

Continue reading “Tiny Amplifier With ATtiny”