Students 3D Print Low Cost Braille Keypad

July 14, 2023 by Lewin Day 7 Comments

Numerical keypads are common entry devices for everything from home security systems to phones and more. Unfortunately, a great deal of them are difficult to use if you’re visually impaired. This high-contrast Braille keypad aims to solve those issues with simple design choices.

The keypad was developed as a school project by students [Nicholas Nguyen] and [Daniel Wang]. It uses a regular layout, with 1 at the top left and 9 at the bottom right. The keypad itself is 3D printed with large buttons for easier use. Each button has its numeral inlaid on the face which allows it to be easily filled in with paint for high-contrast readability.

The real neat feature, though, is that each individual button features its relevant number in Braille. The pips are directly 3D printed into the shape of each button. For those that familiar with the tactile writing system, this makes the keypad much easier to use. It obviates the need to guess at the keypad’s orientation, and we’re honestly surprised we don’t see this on more devices out in the wild.

We’ve featured a variety of neat Braille hacks over the years, including this neat tactile display.

Continue reading “Students 3D Print Low Cost Braille Keypad” →

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

July 14, 2023 by Jonathan Bennett 4 Comments

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More” →

How Does Your McDonald’s Burger Get To You?

July 14, 2023 by Jenny List 32 Comments

Table service and McDonalds sound as though they should be mutually exclusive as a fundamental of the giant chain’s fast food business model, but in many restaurants there’s the option of keying in the number from a plastic beacon when you order, placing the beacon on the table, and waiting for a staff member to bring your food. How does the system work? [Whiterose Infosec] scored one of the beacons, and subjected it to a teardown and some probing.

The beacon in question has the look of being an older model judging by the 2009 date codes on its radio module and the evident corrosion on its battery terminals. Its Bluetooth 4 SoC is end-of-life, so it’s possible that this represents a previous version of the system. It has a few other hardware features, including a magnet and a sensor designed to power the board down when it is stacked upon another beacon.

Probing its various interfaces revealed nothing, as did connecting to the device via Bluetooth. However some further research as well as asking some McD’s employees revealed some of its secret. It does little more than advertise its MAC address, and an array of Bluetooth base stations in the restaurant use that to triangulate its approximate position.

If you’ve ever pondered how these beacons work while munching on your McFood, you might also like to read about McVulnerabilities elsewhere in the system.

Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures

July 14, 2023 by Lewin Day 3 Comments

[Alan Reiner] is building a sloth-like door greeter for his house. Sloxel, as he is affectionately known, can move around and even talk, with [Alan] using some nifty tricks in the design process

Sloxel’s job is to vet visitors to [Alan’s] house, before inviting them to knock on the door or to leave their details and go away. There’s still plenty of work to do on that functionality, which [Alan] plans to implement using ChatGPT. In the meantime, though, he’s been working hard on the hardware platform that will power Sloxel. A Raspberry Pi 3B+ is charged with running the show, including talking to the ChatGPT API and handling Sloxel’s motion along a linear rail with a number of stepper motors.

What we really love about this build, though, is the enclosure. [Alan] designed a housing for everything that can be 3D printed as a single part with print-in-place hinges. The four sides of the enclosure can then be folded up and into place with a minimum of fuss. Plus, the enclosure has plenty of nifty features that makes it easy to mount all the required hardware. It’s a neat design that we’d love to repurpose for some of our own projects.

We’ve seen other neat ideas in this area before, like using PCBs themselves as an enclosure. Video after the break.

Continue reading “Sloth Door Greeter Uses Neat Fold-Up Electronics Enclosures” →