Day: February 17, 2023

This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs

February 17, 2023 by 14 Comments

There is vulnerability in many Hyundai and Kia vehicles, where the ignition switch can be bypassed with a USB cable. And it’s getting a patch rollout right now, but it’s not a USB vulnerability, in quite the way you might think. In most cars, the steering column is easily disassembled, but these vehicles have an extra-bad design problem. The ignition cylinder can be disassembled while locked, just by depressing a pin.

Physical security has some parallels to computer security, and one such parallel is that good security can often be bypassed by a simple mistake. When it comes to lock design, one such potential bypass is the ability to disassemble a lock while it’s still locked. And somehow, Kias after 2010, and Hyundais after 2015 were made with exactly this flaw. The lock could be disassembled, and the interface between the lock and the ignition switch just happens to be the right shape and size for USB A. Oh, and these cars don’t have an engine immobilizer — there isn’t a chip built into the keys for extra security.

The problem became widespread late last year when the flaw went viral on TikTok, and thousands of copycat crimes were inspired. Beyond the obvious problem, that teenagers were getting an early start on a life of crime with grand theft auto, there were at least 8 deaths directly attributed to the inane stunt. And this brings us back to this week’s news, that a software update is rolling out to address the issue.

Honestly, I have questions. A software update doesn’t add in-key security chips. At best, it could attempt to detect the key position, and sabotage the engine management control, in an ad-hoc immobilizer. That’s likely a paper clip-turned-jumper away from being bypassed. The other new feature, doubling the alarm time from 30 second to a minute, doesn’t inspire much confidence. Hopefully the changes are enough to kill the trend. Continue reading “This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs”

3D Printing With Rice Might Be Nice

February 17, 2023 by 36 Comments

The United Nations Industrial Development Organization recently pointed out a possible replacement for petrochemical-based polymers: rice resin. A Japanese company makes the material from inedible rice and also makes a biodegradable polymer known as Neoryza, which seems to contain some amount of rice as well. The rice resin contains 10 to 70% rice waste. You can see a video with English subtitles about the material below.

According to the video, there is plenty of waste rice. The resulting resin isn’t as toxic as petrochemical-based plastics and doesn’t consume food crops like other plant-based polymers. The video shows the rice resin being extruded like a normal polymer, so it should work like any other thermoplastic.

The video says the properties are similar to petrochemical-based plastics and no special equipment is required to handle it. They also claim that production is easier because, unlike other bioplastics, they don’t generate ethanol as the first part of the process. Waste rice should be cheap to obtain since it is essentially trash today. We aren’t sure what polymers are used in the 90 to 30% of the plastic that isn’t rice, but presumably, that is being brought in as a raw material.

We’ll be interested to see if anyone tries to make 3D printing filament from the stuff. We know that it is being used to replace polyethylene in furniture. We couldn’t help but think about using waste coffee grounds in 3D printing. If you want to compare this to PLA, we’ve talked quite a bit about the corny polymer.

Continue reading “3D Printing With Rice Might Be Nice”

Running The Xbox Series S On A USB Powerbank

February 17, 2023 by 9 Comments

Home consoles were never intended to be made portable, though enterprising hackers have always pushed the boundaries with various tricks and innovative builds. [Robotanv] hasn’t built a fully handheld Xbox Series S, but he has demonstrated one neat trick: making one run on a USB powerbank.

The project starts with an Anker USB-C powerbank, chosen for its ability to deliver a mighty 140 watts. It’s hooked up to a ZY12PDN USB-C trigger board, which enables the powerbank and tells it which voltage to output. It’s set up to run at 20 volts, which is too much for the Xbox, which prefers 12 volts. The reason for this is that the only way to get the full power out of the powerbank is to run at its maximum voltage. A buck converter is used to step down the voltage to 12 volts.

As for the console itself, a lot of disassembly is required, but minimal modifications. Just two wires connect the power supply to the Xbox’s motherboard. Subbing in your own 12 volt supply here is enough to run the console without any problems.

Running the Xbox off the powerbank, along with an external screen, [Robotanv] is able to play Cyberpunk 2077 for an about hour before the juice runs out. While we’d love to see the whole setup duct-taped together into a ersatz Xbox portable, it would probably be a little messy. [Robotanv] has big plans for the future of the project, though, and we can’t wait to see what those are. Continue reading “Running The Xbox Series S On A USB Powerbank”