Day: May 30, 2019

The Fascinating World Of Solder Alloys And Metallurgy

May 30, 2019 by 57 Comments

Solder is the conductive metal glue that one uses to stick components together. If you get the component and the PCB hot enough, and melt a little solder in the joint, it will stay put and conduct reliably. But it’s far from simple.

There are many different solder alloys, and even the tip of the soldering iron itself is a multi-material masterpiece. In this article, we’ll take a look at the metallurgy behind soldering, and you’ll see why soldering tip maintenance, and regular replacement, is a good idea. Naturally, we’ll also touch upon the role that lead plays in solder alloys, and what the effect is of replacing it with other metals when going lead-free. What are you soldering with? Continue reading “The Fascinating World Of Solder Alloys And Metallurgy”

Fail Of The Week: How Not To Do IoT Security

May 30, 2019 by 68 Comments

There are a lot of bad days at work. Often it’s the last day, especially when it’s unexpected. For the particularly unlucky, the first day on a new job could be a bad day. But the day you find an unknown wireless device attached to the underside of your desk has to rank up there as a bad day, or at least one that raises a lot of serious questions.

As alarming as finding such a device would be, and for as poor as the chain of decisions leading these devices being attached to the workstations of the employees at a mercifully unnamed company, that’s not the story that [Erich Styger] seeks to tell. Rather, this is a lesson in teardown skills – for few among us would not channel the anger of finding something like this is into a constructively destructive teardown – and an investigation into the complete lack of security consideration most IoT devices seem to be fielded with these days.

Most of us would recognize the device as some kind of connected occupancy sensor; the PIR lens being the dead giveaway there. Its location under a single person’s desk makes it pretty clear who’s being monitored.

The teardown revealed that the guts of the sensor included a LoRa module, microcontroller, a humidity/temperature sensor, and oddly for a device apparently designed to stick in one place with magnets, an accelerometer. Gaining access to the inner workings was easy through the UART on the microcontroller, and through the debug connectors and JTAG header on the PCB. Everything was laid out for all to see – no firmware protection, API keys in plain text, and trivially easy to reflash. The potential for low-effort malfeasance by a compromised device designed to live under a desk boggles the mind.

The whole article is worth a read, if only as a lesson in how not to do security on IoT devices. We know that IoT security is hard, but that doesn’t make it optional if you’re deploying out in the big wide world. And there’s probably a lot to learn about properly handling an enterprise rollout too. Spoiler alert: not like this.

SerialPlot Does Exactly What You Think It Does

May 30, 2019 by 12 Comments

The serial port remains a hacker staple, being one of the easiest ways to move a little bit of data from one machine to another. All manner of projects use the interface, and often, sensors are connected and their data read over such connections. In these cases, it can be useful to plot said data, and SerialPlot is a tool that can do just that.

SerialPlot is capable of reading data over several serial ports at once, and plotting it for your viewing pleasure. It’s capable of interpreting data in a variety of integer and float formats, and plotting multiple channels in a synchronised manner. It’s also capable of sending basic commands out over the serial port, which can be used to trigger or control attached equipment.

Overall, it’s a useful utility for anyone with an array of sensor’s connected over the most classic of interfaces. Of course, if you’re having trouble keeping track of all your serial ports, there’s a utility to help with that, too.