What if you could effectively prevent someone from recording your voice? This is the focus of a study by Guo et al. (2022) at Michigan State University, in which they use a dynamically calculated audio signal that effectively cancels out one’s voice in a recording device. This relies on an interesting aspect of certain micro-electro-mechanical system (MEMS) microphones, which are commonly used in smartphones and other recording devices.
A specially crafted ultrasound signal sent to the same microphone which is recording one’s voice can result in the voice audio signal being gone on the final recording. The approach taken by the authors involves using a neural network that is trained on voice samples of the person (“Bob”) whose voice has to be cancelled. After recording Bob’s voice during a conversation, the creatively named Neurally Enhanced Cancellation (NEC) system determines the ultrasound signal to be sent to the target recording device. Meanwhile the person holding the recording device (“Alice”) will still perceive Bob’s voice normally.
As ultrasound is highly directional, the system can only jam a specific microphone and wouldn’t affect hidden microphones in a room. As noted by the authors, it is possible to do general microphone jamming using other systems, but this is legally problematic, which should not be an issue with their NEC system.
So you may have gotten a Slack password reset prompt. Something like half a percent of Slack’s userbase had their password hash potentially exposed due to an odd bug. When sending shared invitation links, the password hash was sent to other members of the workspace. It’s a bit hard to work out how this exact problem happened, as password hashes shouldn’t ever be sent to users like this. My guess is that other users got a state update packet when the link was created, and a logic error in the code resulted in too much state information being sent.
The evidence suggests that the first person to catch the bug was a researcher who disclosed the problem mid-July. Slack seems to use a sane password policy, only storing hashed, salted passwords. That may sound like a breakfast recipe, but just means that when you type your password in to log in to slack, the password goes through a one-way cryptographic hash, and the results of the hash are stored. Salting is the addition of extra data, to make a precomputation attack impractical. Slack stated that even if this bug was used to capture these hashes, they cannot be used to directly authenticate as an affected user. The normal advice about turning on 2-factor authentication still applies, as an extra guard against misuse of leaked information. Continue reading “This Week In Security: Breaches, ÆPIC, SQUIP, And Symbols”→
[Robert Sansone] is a 17-year-old from Florida and, like most of us, he likes to tinker. He’s apparently got the time for it because he’s completed at least 60 projects ranging from animatronic hands to a high-speed go-kart. However, his interest in electric vehicles coupled with his understanding of the issues around them led him to investigate synchronous reluctance motors — motors that don’t depend on expensive rare earth magnets. His experiments have led to a novel form of motor that has greater torque than existing designs.
Rare earths are powerful but expensive, costing much more than common metals like copper or steel. Traditionally, synchronous reluctance motors use steel rotors and air gaps and exploit the difference in reluctance — a term for magnetic resistance– to generate rotation. [Robert’s] idea was to replace the air gap with a different material to increase the ratio of reluctance between the rotor and the gap. Reconfiguring the motor to a more traditional configuration shows startling results: the new design generated almost 40% more torque and did so more efficiently, as well.
His work has earned him first prize, and $75,000, in this year’s Regeneron International Science and Engineering Fair. It took 15 tries to get the motor to its current state, something made easier with 3D printing. There are plans for a 16th version that [Robert] hopes will perform even better. We can’t wait to see what he’ll do next.
Electric vehicles have made people look into many motor design topologies. The reluctance motor has been around for a long time, but controlling them has become significantly easier. That’s true of many kinds of motors.
First of all, you’ll probably appreciate [Rob] circumventing the supply shortage by getting all his components from recycled material. That’s probably the only way to get anything these days. He salvaged a small CRT from an old-school video intercom system and snagged the buttons, speakers, and switches from other unused devices laying around. Not all is lost, however, as [Rob] was able to purchase an Arduino Nano and a few resistors online. So maybe things are turning around in that category, who knows?
You’ll probably also appreciate how remarkably simple this hack is. No need for a Raspberry Pi as your standard 8-bit microcontroller will do the trick. And, fortunately, [Rob] found a nice library to help him generate the composite video signal, doing most of the work for him. All that was left to do was to build the arcade cabinet. Recreating the classic design was a pretty easy step, but you might opt for something a little nicer than cardboard though. But, hey, if it does the trick, then why not?