Day: July 22, 2020

The WISE In NEOWISE: How A Hibernating Satellite Awoke To Discover The Comet

July 22, 2020 by 8 Comments

Over the last few weeks the media has been full of talk about NEOWISE, one of the brightest and most spectacular comets to ever pass through our solar system that you can still see if you hurry. While the excitement over this interstellar traveler is more than justified, it’s also an excellent opportunity to celebrate the Wide-field Infrared Survey Explorer (WISE) space telescope it was named after. The discovery of this particular comet is just the latest triumph in the orbiting observatory’s incredible mission of discovery that’s spanned over a decade, with no signs of slowing down anytime soon.

In fact, WISE has been operational for so long now that its mission has evolved beyond its original scope. When it was launched in December 2009 from California’s Vandenberg Air Force Base, its primary mission was scheduled to be completed in less than a year. But like many NASA spacecraft that came before it, WISE achieved its original design goals and found itself ready for a new challenge. Though not before it spent almost three years in hibernation mode as the agency decided what to do with it.

Continue reading “The WISE In NEOWISE: How A Hibernating Satellite Awoke To Discover The Comet”

Pine Made Phones, Laptops, And Now… Soldering Irons?

July 22, 2020 by 37 Comments

The TS100 smart soldering iron may have some new competition. Pine — the people best known for Linux-based phones and laptops — though the world needed another smart soldering iron so they announced the Pinecil — Sort of a knock off of the TS100. It looks like a TS100 and uses the same tips. But it does have some important differences.

It used to be a soldering iron was a pretty simple affair. Plug in one end; don’t touch the other end. But, eventually, things got more complicated and you wanted some way to make it hotter or cooler. Then you wanted the exact temperature with a PID controller. However, until recently, you didn’t care how much processing power your soldering iron had. The TS100 changed that. The smart and portable iron was a game-changer and people not only used it for soldering, but also wrote software to make it do other things. One difference is that the device has a RISC-V CPU. Reportedly, it also has better ergonomics and a USB C connector that allows for UART, I2C, SPI, and USB connections. It also has a very friendly price tag of $24.99.

Continue reading “Pine Made Phones, Laptops, And Now… Soldering Irons?”

BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire

July 22, 2020 by 21 Comments

A few days ago, Chinese researchers from technology giant Tencent released a paper outlining a firmware vulnerability in several types of fast charger power bricks (translated). The attack is known as BadPower, and it works by altering the default parameters in the firmware of fast chargers to deliver more power to devices than they can handle, which can cause them to overheat, melt, or catch fire.

The ancient and basic USB charging spec provides 0.5 A at 5 V, which is equal to 2.5 W. In theory, that’s all you’ll ever get from those types of chargers. But the newer generation of chargers are different. When you plug your phone into a fast charger, it negotiates a voltage and charging speed with your phone before passing it any power.

Fast chargers can push power at 20 V or more to speed up the charging process, depending on the charger and connected device. If the phone doesn’t do fast charging, it will default to the 5 V standard. Researchers claim the BadPower attack is capable of harming devices whether or not they include a fast charging feature. When a capable device is connected, the charger will still negotiate for 5V, but instead give 20V and wreak havoc.

In the demo after the break, one of the team uses a malicious device disguised as a phone to push the BadPower firmware change to a fast charger that’s hooked up to a voltmeter. Before the attack, the charger gives 5V. After the attack, it gives 5V for a few seconds before jumping up near 20V. Then they connect the now-dirty charger to two identical illuminated magnifying glasses. In one the chip lets the smoke monster out rather violently, and the chips of the other emit sparks.

The researchers tested 35 of the 200+ fast charging bricks currently on the market and found that 18 of them were vulnerable to BadPower, including 11 that can be exploited through the charging port itself. They believe the issue is fixable with a firmware update.

What is not available is enough information to verify this research, or a list of brands/models that are vulnerable. Researchers say the findings were submitted to the China National Vulnerability Database (CNVD) on March 27th, so the absence of this information may be a product of manufacturers needing more time to patch the vulnerability.

What do you think? We say halfway decent chargers shouldn’t be open to firmware attacks from the devices they are charging. And any halfway decent phone should have built-in electrical protection, right?

Continue reading “BadPower Vulnerability In Fast Chargers Might Make Phones Halt And Catch Fire”