Year: 2023

Easily Bypass Laptop Fingerprint Sensors And Windows Hello

November 27, 2023 by 30 Comments

The fun part of security audits is that everybody knows that they’re a good thing, and also that they’re rarely performed prior to another range of products being shoved into the market. This would definitely seem to be the case with fingerprint sensors as found on a range of laptops that are advertised as being compatible with Windows Hello. It all began when Microsoft’s Offensive Research and Security Engineering (MORSE) asked the friendly people over at Blackwing Intelligence to take a poke at a few of these laptops, only for them to subsequently blow gaping holes in the security of the three laptops they examined.

In the article by [Jesse D’Aguanno] and [Timo Teräs] the basic system and steps they took to defeat it are described. The primary components are the fingerprint sensor and Microsoft’s Secure Device Connection Protocol (SDCP), with the latter tasked with securing the (USB) connection between the sensor and the host. Theoretically the sensitive fingerprint-related data stays on the sensor with all matching performed there (Match on Chip, MoC) as required by the Windows Hello standard, and SDCP keeping prying eyes at bay.

Interestingly, the three laptops examined (Dell Inspiron 15, Lenovo ThinkPad T14 and Microsoft Surface Pro X) all featured different sensor brands (Goodix, Synaptics and ELAN), with different security implementations. The first used an MoC with SDCP, but security was much weaker under Linux, which allowed for a fake user to be enrolled. The Synaptics implementation used a secure TLS connection that used part of the information on the laptop’s model sticker as the key, and the ELAN version didn’t even bother with security but responded merrily to basic USB queries.

To say that this is a humiliating result for these companies is an understatement, and demonstrates that nobody in his right mind should use fingerprint- or similar scanners like this for access to personal or business information.

CAR T Cell Immunotherapy And The Quiet Hope For A Universal Cancer Treatment

November 27, 2023 by 1 Comment

All of us have to deal with the looming threat of developing cancer during our lifetime, no matter how good our genetics are, or how healthy our lifestyle is. Despite major improvements to the way that we treat and even cure cases of cancer, the reality today is that not all types of cancer are treatable, in many cases there’s the likelihood that one day it will return even after full remission, and chemotherapy in particular comes with potential life-long health issues. Of the most promising new and upcoming treatments, immunotherapy, is decidedly among the most interesting.

With this approach, it is the body’s own immune system that is taught to attack those cancer cells, requiring little more than a few tweaks to T-cells harvested from the patient’s body, after which they’re sent on their merry cancer-killing way.  Yet as simple as this sounds, finding the right characteristics which identify the cancerous cells, and getting a solid and long-lasting immune response is a tough challenge. Despite highly promising results with immunotherapy treatment for non-solid cancers like leukemia – that have resulted in almost miraculous cures – translating this success to other cancer types has so far remained elusive.

New research now shows that changing some characteristics of these modified (chimeric antigen receptors, or CAR) T-cells may be key to making them significantly more long-lived and effective within a patient’s body. Is this the key to making immunotherapy possible for many more cancers?

Continue reading “CAR T Cell Immunotherapy And The Quiet Hope For A Universal Cancer Treatment”

Could North Korea’s New Satellite Have Spied On Guam So Easily?

November 27, 2023 by 29 Comments

Earlier this week, another nation joined the still relatively exclusive club of those which possess a satellite launch capability. North Korea launched their Malligyong-1 spy satellite, and though it has naturally inflamed the complex web of political and military tensions surrounding the Korean peninsula, it still represents something of a technical achievement for the isolated Communist state. The official North Korean news coverage gleefully reported with much Cold War style rhetoric, that Kim Jong-Un had visited the launch control centre the next day and viewed intelligence photographs of an American base in Guam. Could the satellite have delivered in such a short time? [SatTrackCam Leiden] has an interesting analysis. Continue reading “Could North Korea’s New Satellite Have Spied On Guam So Easily?”

How Do You Prove An AI Didn’t Make Your Art?

November 27, 2023 by 92 Comments

In the world of digital art, distinguishing between AI-generated and human-made creations has become a significant challenge. Almost overnight, tool sets for generating AI artworks became commonly available to the public, and suddenly, every digital art competition had to contend with potential submissions. Some have welcomed AI, while others demand competitors create artworks by their own hand and no other.

The problem facing artists and judges alike is just how to determine whether an artwork was created by a human or an AI. So what can be done?

Continue reading “How Do You Prove An AI Didn’t Make Your Art?”

Voice-Over-LTE: The Reason Why Your Phone May Soon Stop Working

November 27, 2023 by 45 Comments

Although wireless standards like 3G, 4G, and 5G are mostly associated with mobile internet, they also include a phone (voice) component. Up till 4G this was done using traditional circuit-switched telephony service, but with this fourth generation the entire standard instead moved to a packet-switched version akin to Voice-over-IP, called VoLTE (voice-over-LTE). Even so, a particular phone can choose to use a 4G modem, yet still use 3G-style phone connections. Until the 3G network is shutdown, that is. This is the crux of [Hugh Jeffreys]’s latest video.

In order to make a VoLTE phone call, your phone, your provider, the receiving phone and the intermediate network providers must all support the protocol. Even some newer phones like the Samsung Galaxy J3 (2016) do not support this. For other phones you have to turn the feature on yourself, if it is available. As [Hugh] points out in the video, there’s no easy way to know whether an Android phone supports it, which is likely to lead to chaos as more and more 3G networks in Australia and elsewhere are turned off, especially in regions where people use phones for longer than a few years.

The cessation of such basic functionality is why in most countries 2G networks remain active, as they are being used by emergency services and others for whom service interruptions can literally cost lives, as well as countless feature phones and Internet of Things devices. For some phones without VoLTE, falling back to 2G might therefore still be an option if they support this. With the spotty support, lack of transparency and random shutdowns, things may however get rather frustrating for some the coming years.

Continue reading “Voice-Over-LTE: The Reason Why Your Phone May Soon Stop Working”

Tiny Speaker Busts Past Sound Limits With Ultrasound

November 27, 2023 by 15 Comments

Conventional speakers work by moving air around to create sound, but tiny speakers that use ultrasonic frequencies to create pressure and generate sound opens some new doors, especially in terms of maximum achievable volume.

A new design boasts being the first 140 dB, full-range MEMS speaker. But that kind of volume potential has less to do with delivering music at an ear-splitting volume and more to do with performing truly effective noise cancellation even in a small device like earbuds. Cancelling out the jackhammers of the world requires parts able to really deliver a punch, especially in low frequencies. That’s something that’s not so easy to do in a tiny form factor. The new device is the Cypress, from MEMS speaker manufacturer xMEMS and samples are aiming to ship in June 2024.

Combining ultrasonic waves to create audible sound is something we’ve seen show up in different ways, like using an array of transducers to focus sound like a laser beam. Another thing ultrasonics can do is cause sensors in complex electronics to become unhinged from reality and report false readings. Neato!

3D Printing A Nifty Sphere Without Supports

November 26, 2023 by 6 Comments

[DaveMakesStuff] demonstrates a great technique for 3D printing a sphere; a troublesome shape for filament-based printers to handle. As a bonus, it uses a minimum of filament. His ideas can be applied to your own designs, but his Giant Spiralized Sphere would also just happen to make a fine ornament this holiday season.

Printing two interlocking parts and using vase mode ensures a support-free print that uses a minimum of filament.

The trick is mainly to print the sphere in two parts, but rather than just split the sphere right down the middle, [Dave] makes two hollow C-shaped sections, like a tennis ball. This structure allows the halves to be printed in vase mode, which minimizes filament use while also printing support-free.

Vase (or spiral) mode prints an object using a single, unbroken line of extruded filament. The resulting object has only one wall and zero infill, but it’s still plenty strong for an ornament. Despite its size, [Dave]’s giant ball uses only 220 grams of filament.

A video (also embedded below) shows the design in better detail. If you’d like to experiment, we’ve previously covered how PETG’s transparency is best preserved when 3D printing by using vase mode, slightly overextruding, and printing at a higher temperature to ensure solid bonding between each layer. Continue reading “3D Printing A Nifty Sphere Without Supports”