Year: 2022

This Week In Security: UClibc And DNS Poisoning, Encryption Is Hard, And The Goat

May 6, 2022 by 8 Comments

DNS spoofing/poisoning is the attack discovered by [Dan Kaminski] back in 2008 that simply refuses to go away. This week a vulnerability was announced in the uClibc and uClibc-ng standard libraries, making a DNS poisoning attack practical once again.

So for a quick refresher, DNS lookups generally happen over unencrypted UDP connections, and UDP is a stateless connection, making it easier to spoof. DNS originally just used a 16-bit transaction ID (TXID) to validate DNS responses, but [Kaminski] realized that wasn’t sufficient when combined with a technique that generated massive amounts of DNS traffic. That attack could poison the DNS records cached by public DNS servers, greatly amplifying the effect. The solution was to randomize the UDP source port used when sending UDP requests, making it much harder to “win the lottery” with a spoofed packet, because both the TXID and source port would have to match for the spoof to work.

uClibc and uClibc-ng are miniature implementations of the C standard library, intended for embedded systems. One of the things this standard library provides is a DNS lookup function, and this function has some odd behavior. When generating DNS requests, the TXID is incremental — it’s predictable and not randomized. Additionally, the TXID will periodically reset back to it’s initial value, so not even the entire 16-bit key space is exercised. Not great. Continue reading “This Week In Security: UClibc And DNS Poisoning, Encryption Is Hard, And The Goat”

Audio Eavesdropping Exploit Might Make That Clicky Keyboard Less Cool

May 6, 2022 by 45 Comments

Despite their claims of innocence, we all know that the big tech firms are listening to us. How else to explain the sudden appearance of ads related to something we’ve only ever spoken about, seemingly in private but always in range of a phone or smart speaker? And don’t give us any of that fancy “confirmation bias” talk — we all know what’s really going on.

And now, to make matters worse, it turns out that just listening to your keyboard clicks could be enough to decode what’s being typed. To be clear, [Georgi Gerganov]’s “KeyTap3” exploit does not use any of the usual RF-based methods we’ve seen for exfiltrating data from keyboards on air-gapped machines. Rather, it uses just a standard microphone to capture audio while typing, building a cluster map of the clicks with similar sounds. By analyzing the clusters against the statistical likelihood of certain sequences of characters appearing together — the algorithm currently assumes standard English, and works best on clicky mechanical keyboards — a reasonable approximation of the original keypresses can be reconstructed.

If you’d like to see it in action, check out the video below, which shows the algorithm doing a pretty good job decoding text typed on an unplugged keyboard. Or, try it yourself — the link above implements KeyTap3 in-browser. We gave it a shot, but as a member of the non-mechanical keyboard underclass, it couldn’t make sense of the mushy sounds it heard. Then again, our keyboard inferiority affords us some level of protection from the exploit, so there’s that.

Editors Note: Just tried it on a mechanical keyboard with Cherry MX Blue switches and it couldn’t make heads or tails of what was typed, so your mileage may vary. Let us know if it worked for you in the comments.

What strikes us about this is that it would be super simple to deploy an exploit like this. Most side-channel attacks require such a contrived scenario for installing the exploit that just breaking in and stealing the computer would be easier. All KeyTap needs is a covert audio recording, and the deed is done.

Continue reading “Audio Eavesdropping Exploit Might Make That Clicky Keyboard Less Cool”

A small plastic case with an OLED screen showing a side-scrolling game

Game & Light Brings Video Games To Your Keychain

May 6, 2022 by No comments

If you’re old enough to remember the 1990s, you might recall the sheer variety of portable gaming platforms that were around in those days. There was of course the ubiquitous hand-held Game Boy, and if you preferred something larger you could buy a Sega Game Gear or an Atari Lynx. But you could also go smaller with tiny LCD games like Nintendo’s Game and Watch series, with some versions literally the size of a wristwatch.

With all of these having gone the way of the dodo, we’re happy to see that [grossofabian] kept the tiny game world alive by designing the Game & Light: a tiny hand-held games platform with an OLED screen. It’s small enough to attach to your keychain and comes with an LED to act as a mini flashlight. But of course the main feature is the included video game: currently it comes with LEDboy Adventures, a side-scrolling platformer similar to Google’s T-Rex Game. A USB port can be used to recharge the device as well as to upload new games.

The Game & Light is housed in a 3D printed case and powered by a lithium-ion capacitor that can store enough charge for around 40 minutes of play time. The CPU is an ATtiny402 eight-pin microcontroller with 4 kB of flash, which is just enough to store the entire LEDboy game. Although currently only one game is available, the system is fully programmable and open sourced, so anyone who feels up to the task can help develop new games for the platform.

If you like keychain-sized games, you’re in luck: we recently featured the solar-powered but otherwise similar RunTinyRun. A bit longer ago, creative hackers even managed to squeeze entire Game Boys into tiny packages.

Continue reading Game & Light Brings Video Games To Your Keychain”

Powering A Backyard Railway With Compressed Air

May 5, 2022 by 12 Comments

When you’ve gone to the trouble of building your own backyard railway, chances are pretty good that at some point, you’re going to want to add a locomotive of some sort. After all, nobody wants to be stuck using muscle power to move carts around. But what exactly are you going to power your locomotive with? And will it be up to the tasks you envision it handling?

Answering such questions calls for rigorous calculations using established engineering principles — or, if you’re [Tim] from the Way Out West channel on YouTube, just throwing a pneumatic engine on wheels and seeing what happens. The railway that [Tim] built is for his farm in County Cork, where he plans to use it to haul wood that he’ll make charcoal from. We’ve seen a little about his rails and rolling stock before, which has been a low-budget and delightfully homebrewed undertaking. So too with his pneumatic engine, seen in the video below, which uses cam-operated valves to control a pair of repurposed hydraulic cylinders to turn a big flywheel.

Using scuba tanks, [Tim] was able to power the engine for a full fourteen minutes — very encouraging. But would the engine have the oomph needed for real farm work? To answer that, [Tim] plunked the engine on a spare bogie, connected the engine shaft to one of the axles with a length of rope, and let it go. Even with no optimization and zero mechanical advantage, the engine was easily able to move a heavy load of sleepers. The makeshift pneumatic railway even managed to carry its first passenger, [Tim]’s very trusting wife [Sandra].

There’s clearly more work to do here, and many problems to overcome. But we really appreciate the “just try it” approach [Tim] employed here, and with a lot of what he does.

Continue reading “Powering A Backyard Railway With Compressed Air”

Automate The Freight: Autonomous Buses To Start Operation In UK

May 5, 2022 by 40 Comments

The UK will get its first full-size autonomous bus service this summer, if final road testing that begins in the next two weeks goes according to plan.

Known as Project CAVForth for the UK government’s Center for Connected and Autonomous Vehicles (CCAV) and the Forth bridge, over which the buses will travel, it is said to be the most complex test of autonomous on-road mass transit yet undertaken in Europe. The full-size single-deck motorcoaches, five in total, will ply a 22-km (14-mile) route into Edinburgh from Fife, crossing the famous Firth of Forth on the Forth Road suspension bridge. The buses will carry about 36 passengers each and run at SAE Level 4 autonomy, meaning that a safety driver is optional under good driving conditions. Continue reading “Automate The Freight: Autonomous Buses To Start Operation In UK”

bolt with maze threads

Maze Bolt Toy By Lost PLA Casting

May 5, 2022 by 8 Comments

Maze bolts, a bolt which has a maze along its shaft traversed by a pin on its nut, are great fun. Here’s a really beautiful metal version by [Robinson Foundry], made by a process more makers should know about – lost PLA casting.

His basic method is to 3D print in PLA, and then use more or less the same process as lost wax casting.

He 3D printed the part, along with the sprues and risers that go along with casting, in PLA, then dipped the parts in slurry ten (10) times.  He heated in a kiln to 500°F (260°C), the PLA melted and ran out or burned away. With the PLA gone, after repairing a few cracks, he raised the temperature to 1500°F (815°C) and vitrified the slurry into a ceramic. He now had molds.

The nut is bronze. The bolt is aluminum.  He poured the metal with the molds hot, held in heated sand, so the metal can flow into all the small details. The rest of the project is just cleanup, but we learned that you can vary the finish produced by glass bead blasting just by varying the air pressure.

A great demo of a useful technique and a fun toy at the end.

We covered a great technique for doing lost PLA casting using a microwave.

Continue reading “Maze Bolt Toy By Lost PLA Casting”

Toast Keyboard Raises A Glass To Short Index Fingers

May 5, 2022 by 4 Comments

Custom keyboards? They’re totally great. And we can keep telling you this, but you really won’t feel it until you try a few and find one or two that are right for you. If you’re already on board, we wonder: is there any limit to what custom keyboards can provide in terms of a good, comfortable time for your fingers, wrists, arms, shoulders, and neck? We think not, and as time goes on, there is more and more evidence to support this.

Take [vpzed]’s Toast keyboard for example. The beauty of customization is that as with any other human input problem, you’ll discover many more people who share your misery once you present a solution. In this case, it is the portion of the population whose index fingers are shorter than their ring fingers (which is evidently men in general). This is known as the 2D:4D ratio and is decided during gestation. At first, the phenomenon was thought to be due to high testosterone exposure in the womb, but subsequent studies have debunked this belief.

Toast aims to sate the need for a keyboard layout that accounts for a significantly shorter 2D than 4D by way of aggressively staggering the index finger’s key positions and staggering the columns overall. As you might imagine, there are no inner keys for length-challenged index fingers to grasp at — that would just be cruel. But there is another pinky column on each hand, which bring the key total to 34. We like the square boards, and frankly wish they were bread-shaped.

Not enough keys for you? Take a look at this many-keyed monoblock split with a numpad in the middle.

via KBD