Month: October 2019

This Week In Security: Signal, WhatsApp, Oauth Fishing, And More State-Sponsored Attacks

October 11, 2019 by 10 Comments

A bug was recently fix in Signal that allowed a caller to force a call connection without any user interaction on the receiving side. We’ve seen this sort of problem in other chat applications, most recently the Zoom debacle.

The Signal client uses the same function to connect an outgoing call as an incoming call. This bit of code re-use allows a malicious client to initiate a call, and then send the “Accept Call” message. Because of the code re-use, this message triggers the same code as the accept call button on the receiving side. It’s as if the attacker uses reverse psychology to trick the other client into connecting.

It seems this bug only affected the Android client, and didn’t trigger a video call. It’s unclear whether the bug was discovered and exploited before it was fixed, but now that it has been announced, be sure to get Signal up to date. Continue reading “This Week In Security: Signal, WhatsApp, Oauth Fishing, And More State-Sponsored Attacks”

Sending An ESP32 Into Space

October 11, 2019 by 20 Comments

Just two weeks ago, the crew from the International Space Station released a photo of their nine crew members – an odd number considering that the facility only has space to house six astronauts at a time. In fact, the crew had just gathered for a celebratory dinner before three of the astronauts were to return home. The new astronauts joining including Hazza Al Mansouri, the first astronaut from the United Arab Emirates (who has since returned from his mission), as well as astronaut Jessica Meir and cosmonaut Oleg Skripochka.

Amidst the excitement over the upcoming 10 (!) spacewalks in the next three months, there’s also been some cool developments in the open source space, with one of the first ESP32s launched into space.

[Nico Maas] from the Microgravity User Support Center (MUSC) at DLR (German Aerospace Center) worked on an experiment launched by MORABA (Mobile Rocket Base) at DLR. The launch site was at the Esrange Space Center in Kiruna, Sweden, with the mission launching on June 13, 2019 at 4:21 am local time.

The experiment – APEX (Advanced Processors, Encryption, and Security Experiment) was onboard the ATEK / MAPHEUS-8, mission, rising to an altitude of 240km into space and returning back to earth after six minutes of microgravity.

[via AIP]
The goal of the research was to develop an off-the-shelf computer with a more powerful system for high-speed sensors and image acquisition than the Microchip ATmega328P, the current standard. The flight test measured the speed of the system as well as stress testing its ability to handle compute-intensive tests.

The main board included two ESP32s and a Raspberry Pi Zero W, running resinOS / balenaOS, an operating system designed to run parallel Docker containers and optimized for IoT fleet management.

Prior to the experiment, the standard for on-board computers for use in CubeSats was the ATmega/Arduino-based ARDUSAT. Since it was first made available for use in CubeSats in 2013, the performance has become limited, with improvements needed to perform higher throughput data sampling or operations requiring more computational power.

It’s also cool to note that the system, built using a 3D-printed holder, survived the re-entry (reaching up to 20.6g) with hardly a scratch.

Continue reading “Sending An ESP32 Into Space”

CPU Showdown For Pancakes

October 11, 2019 by 27 Comments

If you ask people how they rate as a driver, most of them will say they are better than average. At first, that seems improbable until you realize one thing: people judge themselves by different criteria. So Sally thinks she’s a good driver because she goes fast. Tom’s never had a wreck. Alice never gets lost. You can see the same effect with CPUs. Some are faster or have more memory bandwidth or more instruction issues per cycle. But [Andrew] and [Scharon] at Tom’s Hardware wanted to do the real test of a CPU. How well can it cook pancakes? If you want to know, see the video below.

While your CPU might be great for playing video games, it has a surprisingly small cooking surface, so the guys needed a very small pan. The pan had grooves in it, so they slathered it with thermal grease. We doubt that’s food-grade grease, either. Continue reading “CPU Showdown For Pancakes”

Building IoT Devices The Easy Way

October 10, 2019 by 7 Comments

Do you have a Raspberry Pi? What is it being used for right now? If you’re like the majority of people who replied to [Michael Hall’s] poll on Twitter, it’s likely yours is sitting on a shelf doing nothing too. So why not just turn it into an IoT device for your home?

[Michael] wrote an easy-to-follow guide focusing on getting the EdgeX Foundry IoT platform running on the Raspberry Pi. It is designed to be a unified multi-platform base for IoT devices hosted by the Linux Foundation, making it easy to control and integrate them into other systems. The framework for this consists of two parts, a Device Service running on your Pi, and the rest of the services running on a desktop or laptop where you’ll be monitoring it.

His guide goes into detail on how to get both parts working on your computer and your Pi using Docker for ease of installation. As for the IoT device, he uses the built-in PIR sensor example to show how to configure it without having to write any programming. You can then monitor the device’s sensors, which you can just connect straight to the Pi’s GPIO pins, from your desktop. Since the EdgeX software is designed to run on any flavor of Linux, this should make it easy to repurpose any forgotten single-board computer into the beginnings of a home automation system.

However, if you are confident in your programming skills, you’re probably looking for something slimmer such as the ESP8266 family of microcontrollers to do your bidding. Why not try an energy monitor or a smoke detector project with them?

Fail Of The Week: How Not To Re-Reflow

October 10, 2019 by 30 Comments

There’s no question that surface-mount technology has been a game-changer for PCB design. It means easier automated component placement and soldering, and it’s a big reason why electronics have gotten so cheap. It’s not without problems, though, particularly when you have no choice but to include through-hole components on your SMT boards.

[James Clough] ran into this problem recently, and he tried to solve it by reflowing through-hole connectors onto assembled SMT boards. The boards are part of his electronic lead screw project, an accessory for lathes that makes threading operations easier and more flexible. We covered the proof-of-concept for the project; he’s come a long way since then and is almost ready to start offering the ELS for sale. The PCBs were partially assembled by the board vendor, leaving off a couple of through-hole connectors and the power jack. [James]’ thought was to run the boards back through his reflow oven to add the connectors, so he tried a few experiments first on the non-reflow rated connectors. The Phoenix-style connectors discolored and changed dimensionally after a trip through the oven, and the plastic on the pin headers loosened its grip on the pins. The female header socket and the power jack fared better, so he tried reflowing them, but it didn’t work out too well, at least for the headers. He blames poor heat conduction due to the lack of contact between the board and the reflow oven plate, and we agree; perhaps an aluminum block milled to fit snugly between the header sockets would help.

Hats off to [James] for trying to save his future customers a few steps on assembly, but it’s pretty clear there are no good shortcuts here. And we highly recommend the electronic leadscrew playlist to anyone interested in the convergence of machine tools and electronics.

Continue reading “Fail Of The Week: How Not To Re-Reflow”

The Cutest Oscilloscope Ever Made

October 10, 2019 by 11 Comments

If you thought your handheld digital oscilloscope was the most transportable of your signal analyzing tools, then you’re in for a surprise. This oscilloscope made by [Mark Omo] measures only one square inch, with the majority of the space taken up by the OLED screen.

It folds out into an easier instrument to hold, and admittedly does require external inputs, so it’s not exactly a standalone tool. The oscilloscope runs on a PIC32MZ EF processor, achieving 20Msps and 1MHz of bandwidth. The former interleaves the processor’s internal ADCs in order to achieve its speed.

For the analog front-end the signals first enter a 1M ohm terminator that divide the signals by 10x in order to measure them outside the rails. They then get passed through a pair of diodes connected to the rails, clamping the voltage to prevent damage. The divider centers the incoming AC signal around 1.65V, halfway between AGND and +3.3V. As a further safety feature, a larger 909k Ohm resistor sits between the signals and the diodes in order to prevent a large current from passing through the diode in the event of a large voltage entering the system.

The next component is a variable gain stage, providing either 10x, 5x, or 1x gain corresponding to 1x, 0.5x, and 0.1x system gains. For the subsystem, a TLV3541 op-amp and ADG633 tripe SPDT analog switch are used to provide a power bandwidth around the system response due to driving concerns. Notably, the resistance of the switch is non-negligible, potentially varying with voltage. Luckily, the screen used in the oscilloscope needs 12V, so supplying 12V to the mux results in a lower voltage and thus a flatter response.

The ADC module, PIC32MZ1024EFH064, is a 12-bit successive approximation ADC. One advantage of his particular ADC is that extra bits of resolution only take constant time, so speed and accuracy can be traded off. The conversion starts with a sample and hold sequence, using stored voltage on the capacitor to calculate the voltage.

Several ADCs are used in parallel to sample at the same time, resulting in the interleaving improving the sample rate. Since there are 120 Megabits per second of data coming from the ADC module, the Direct Memory Access (DMA) peripheral on the PIC32MZ allows for the writing of the data directly onto the memory of the microcontroller without involving the processor.

The firmware is currently available on GitHub and the schematics are published on the project page.

Continue reading “The Cutest Oscilloscope Ever Made”

Minature Table Saw Gets The Teeny Jobs Done

October 10, 2019 by 36 Comments

Table saws are highly useful tools, but tend to take up a lot of space. They’re usually designed to handle the bigger jobs in a workshop. It doesn’t have to be that way, however, as [KJDOT] demonstrates with a miniature table saw.

It’s a saw that relies on a simple build. The frame is made of plywood, and can be built with just a drill and a hand saw. A brushed motor is used to run the saw, using an off-the-shelf PWM controller and a 24V power supply. A handful of bearings and standard brackets are then used to put it all together, and there’s even a handy adjustable fence to boot. With a 60mm blade fitted, the saw is ready to go.

It’s a build that would be great for anyone regularly working with wood or plastics on the smaller scale. If you like building dollhouses, this could be the tool for you. You might also find the table nibbler to be an enticing proposition. Video after the break.

Continue reading “Minature Table Saw Gets The Teeny Jobs Done”