Day: March 2, 2023

How Hard Could It Be To Get Millions Of Phone Bills Right?

March 2, 2023 by 46 Comments

It may be a foreign concept to anyone who has never paid a dime for a phone call over and above the monthly service charge, but phone calls were once very, VERY expensive — especially long-distance calls, which the phone company ungenerously defined as anything more than a few towns away. Woe betide the 70s teen trying to talk to out-of-town friends or carry on a romance with anyone but the guy or girl next door when that monthly phone bill came around; did anyone else try to intercept it from the mailbox before the parents could see it?

While it seems somewhat quaint now, being charged for phone calls was not only a big deal to the customers, but to the phone company itself. The Bell System, which would quickly become a multi-billion dollar enterprise, was built on the ability to accurately meter the use of their service and charge customers accordingly. Like any engineered system, it grew and changed over time, and it had to adapt to the technologies and economic forces at the time.

One of the most interesting phases of its development was the development of Automatic Message Accounting (AMA), which in a very real way paved the way for the wide-open, worldwide, too-cheap-to-meter phone service we enjoy today.

Continue reading “How Hard Could It Be To Get Millions Of Phone Bills Right?”

Security Vulnerabilities In Modern Cars Somehow Not Surprising

March 2, 2023 by 16 Comments

As the saying goes, there’s no lock that can’t be picked, much like there’s no networked computer that can’t be accessed. It’s usually a continual arms race between attackers and defenders — but for some modern passenger vehicles, which are essentially highly mobile computers now, the defenders seem to be asleep at the wheel. The computing systems that control these cars can be relatively easy to break into thanks to manufacturers’ insistence on using wireless technology to unlock or activate them.

This particular vulnerability involves the use of a piece of software called gattacker which exploits vulnerabilities in Bluetooth Low Energy (BLE), a common protocol not only for IoT devices but also to interface a driver’s smartphone or other wireless key with the vehicle’s security system. By using a man-in-the-middle attack the protocol between the phone and the car can be duplicated and the doors unlocked. Not only that, but this can be done without being physically close to the car as long as a network of some sort is available.

[Kevin2600] successfully performed these attacks on a Tesla Model 3 and a few other vehicles using the seven-year-old gattacker software and methods first discovered by security researcher [Martin Herfurt]. Some other vehicles seem to have patched these vulnerabilities as well, and [Kevin2600] didn’t have universal success with every vehicle, but it does remind us of some other vehicle-based attacks we’ve seen before.

A CH32V003 Toolchain — If You Can Get One To Try It On

March 2, 2023 by 40 Comments

We’re in an exciting time for cheap microcontrollers, as with both the rise of RISC-V and the split between ARM and its Chinese subsidiary, a heap of super-cheap and very capable parts are coming to market. Sometimes these cheap chips come with the catch of being difficult to program though, but for one of them the ever-dependable [CNLohr] has brought together his own open-source toolchain. The part in question is the WCH CH32V003, which is a ten-cent RISC-V part that has an impressive array of capabilities. As always though, there’s a snag, in that we’re also told that while supplies are improving this part can be hard to find. The repository is ready for when you can get them again though, and currently also contains some demo work including addressable LED driver code.

As an alternative there’s a comparable and slightly cheaper ARM-based part, the Puya PY32. It’s reckoned to be the cheapest of the flash-based microcontrollers, and like the WCH part is bearing down on the crop of one-time-programmable chips such as the famous and considerably less powerful 3-cent Padauk. This end of the market is certainly heating up a little, and from our point of view this can only mean some exciting projects ahead.