Day: September 23, 2021

Roll-on/roll-off vessel docking

RORO Vessels: Driving Cars Across The Ocean

September 23, 2021 by 27 Comments

YouTube does a pretty good job of making itself a target for criticism, but one thing you can say about their algorithms: when they work, they really work. Case in point, the other day I found a suggestion in my feed for a very recent video about salvaging a shipwreck. I can’t begin to guess what combination of view history and metadata Google mined to come to the conclusion that I’d be interested in this video, but they hit the nail on the head.

But more importantly, their algorithmic assessment of my interests must have been a goldmine to them — or it could have been if I didn’t have a minefield of ad blockers protecting me — because I fell down a rabbit hole that led me to a bunch of interesting videos. As it turns out, the shipwreck in that first video was of a cargo ship that was carrying thousands of brand-new automobiles, which were all destroyed in the fire and subsequent capsizing of a “roll-on/roll-off” (RORO) vessel off the coast of Georgia (the state, not the country) in 2019.

Thus began my journey into RORO vessels, on which automobiles and other bulky cargo are transported around the world. And while my personal assessment of the interests of Hackaday readers probably is not as finely tuned as Google’s algos, I figured there’s a better than decent chance that people might enjoy tagging along too.

Continue reading “RORO Vessels: Driving Cars Across The Ocean”

Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

September 23, 2021 by 21 Comments

Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.

Full details are not yet available; the research team is waiting until October to publicly release proof-of-concept code in order to give time for companies to patch their devices. The basic idea however, is in the name. “Brak” is the Norweigan word for “crash,” with “tooth” referring to Bluetooth itself. The attack involves repeatedly attempting to crash devices to force them into undesired operation.

The Espressif ESP32 is perhaps one of the worst affected. Found in all manner of IoT devices, the ESP32 can be fooled into executing arbitrary code via this vulnerability, which can do everything from clearing the devices RAM to flipping GPIO pins. In smart home applications or other security-critical situations, this could have dire consequences.

Other chipsets are affected to varying degrees, including parts from manufacturers like Texas Instruments and Cypress Semiconductor. Some parts are vulnerable to denial of service, while audio devices may be frozen up or shut down by the attack. The group claims over 1400 products could be affected by the bug.

Firmware patches are being rolled out, and researcher [Matheus E. Garbelini] has released code to build a sniffer device for the vulnerability on GitHub. If you’re involved with the design or manufacture of Bluetooth hardware, it might pay to start doing some homework on this one! Concerned vendors can apply for proof-of-concept test code here.

Download From NFC Datalogger, No App Required

September 23, 2021 by 14 Comments

The plethora of wireless technologies has made internet-connected devices the norm, but it’s not always necessary if you don’t need real-time updates. Whether it’s due to battery life, or location and range constraints, downloading data directly from the device whenever possible might be a viable solution. [Malcolm Mackay] demonstrates an elegant solution on the open source cuplTag temperature/humidity logger, using any NFC-enabled smartphone, without requiring a custom app.

The cuplTag utilizes the feature on NFC-enabled smartphones to automatically open a URL provided by the cuplTag. It encodes the sensor data from the sensor unit as a circular buffer in a ~1 kB URL, which automatically uploads to a web frontend that plots the data. (You can use their server or run your own.)

This means that data can be collected by anyone with the appropriate phone with zero setup. The data is displayed on the web app and can be downloaded as a CSV. To deter spoofing, each tag ships with a secret key which is used to generate a unique HMAC every time the circular buffer changes.

Battery life is a priority on the cuplTag, and it’s theoretically capable of running seven years on a single CR1220 coin cell using the current-sipping Texas Instruments MSP430 microcontroller. The hardware, firmware, and server-side frontend and backend code are all open source and available on GitHub.

Earlier this year, we held a data logging contest, and featured submissions that monitored everything from your garden’s moisture levels to your caffeine intake.