This Week In Security: IPhone Unpowered, Python Unsandboxed, And Wizard Spider Unmasked

As conspiracy theories go, one of the more plausible is that a cell phone could be running malicious firmware on its baseband processor, and be listening and transmitting data even when powered off. Nowadays, this sort of behavior is called a feature, at least if your phone is made by Apple, with their Find My functionality. Even with the phone off, the Bluetooth chip runs happily in a low-power state, making these features work. The problem is that this chip doesn’t do signed firmware. All it takes is root-level access to the phone’s primary OS to load a potentially malicious firmware image to the Bluetooth chip.

Researchers at TU Darmstadt in Germany demonstrated the approach, writing up a great paper on their work (PDF). There are a few really interesting possibilities this research suggests. The simplest is hijacking Apple’s Find My system to track someone with a powered down phone. The greater danger is that this could be used to keep surveillance malware on a device even through power cycles. Devices tend to be secured reasonably well against attacks from the outside network, and hardly at all from attacks originating on the chips themselves. Unfortunately, since unsigned firmware is a hardware limitation, a security update can’t do much to mitigate this, other than the normal efforts to prevent attackers compromising the OS.
Continue reading “This Week In Security: IPhone Unpowered, Python Unsandboxed, And Wizard Spider Unmasked”

Portable 3D Printer Gets Even Smaller, Faster, Better

How do you improve on a fast, capable 3D printer that sports an innovative design and is portable enough to fit in a printer spool box? Judging by what went into the Positron V3 portable printer, (video, embedded below) it takes a lot of hard work and an unwillingness to settle for compromise designs. Plus a few lucky breaks and some design wizardry.

When we first reported on [Kralyn]’s innovative “Positron” printer, its chief selling points were its portability and unique layout. With a fold-down Z-axis and a CoreXY-style drive in the base, plus an interesting 90° hot end and transparent heated build plate, the Positron managed to hit most of its design goals. But there’s always room for improvement, and Positron V3, shown in the video below, has made some pretty substantial leaps over that original concept.

The V3 design keeps the basic layout of the original, but greatly improves the usability and portability, while increasing performance and build volume. The heated borosilicate build plate is now held to the Z-axis drive with a much sturdier strut, and gets its juice through a high-temperature MagSafe connector. The X- and Y-axes are now driven by pancake steppers, which along with adding idler pulleys that are coaxial to the drive pulleys, make the CoreXY drive, and hence the printer’s base, much more compact. The printer is still much, much faster than most traditional gantry design, and print quality is on par with anything available commercially. And yes, it still fits into a standard 1-kg filament spool box when folded up.

We love this design, and the story of how the V3 came about and the intermediate V2 that didn’t make the cut is a fascinating case study in design. And as a bonus, [Kralyn] will open-source the V3 design, so you can build your own as soon as he releases the files.

Continue reading “Portable 3D Printer Gets Even Smaller, Faster, Better”

RIP John Birkett, Parts Vendor Extraordinaire

It is with sadness that we note the passing of John Birkett, proprietor of the legendary eponymous surplus radio and electronics store on an unassuming street in the British city of Lincoln, at the age of 93. He has been a fantastic source of esoteric parts and electronic assemblies for many decades, and though many of you from beyond where this is being written may never have heard of him the chances are that if you follow electronics enthusiasts from the UK you will have unwittingly seen parts which passed through his hands.

A typical Birkett advert from 1986
Gateway to a world of wonders: a typical Birkett advert from 1986.

There was a time when surplus stores were a relatively common sight, given their window of opportunity by the huge quantity of post-war and Cold War military gear at knock-down prices. My town had one when I was a kid, but though it sold its share of electronic goodies it was more of a place for sturdy olive green outdoor wear or all the 1930s British military uniform items you might ever need. J. Birkett was different, as a purely electronics store the shop rapidly became the go-to place for both the most necessary and the most unexpected of parts.

His motto was “Not a piece of junk in sight”, and though as with much surplus equipment there is plenty of junk to be found it was his eye in managing to stock the junk which was most interesting and useful that made his selection special. Such was its reach that most of his customers including me never made it to Lincoln and the store itself, instead we came to him through his mail-order business and attendance at radio rallies. I fondly remember the anticipation of receiving a Birkett parcel, and I still have plenty of parts that came from him. An FM tuner converted for use as a 2 meter receiver is still in a box somewhere, and I’m pretty certain my storage unit still holds a pair of Pye Cambridge VHF transceivers he supplied.

According to Google the shop remains open, and we hope that state of affairs will continue. Surplus may not be what it once was, but we thank John Birkett for what he gave to generations of British hardware hackers. May he rest in peace.

Header image: Oliver Mills, (CC BY-SA 2.0).