Day: November 1, 2024

This Week In Security: Playing Tag, Hacking Cameras, And More

November 1, 2024 by 3 Comments

Wired has a fascinating story this week, about the length Sophos has gone to for the last 5 years, to track down a group of malicious but clever security researchers that were continually discovering vulnerabilities and then using those findings to attack real-world targets. Sophos believes this adversary to be overlapping Chinese groups known as APT31, APT41, and Volt Typhoon.

The story is actually refreshing in its honesty, with Sophos freely admitting that their products, and security products from multiple other vendors have been caught in the crosshairs of these attacks. And indeed, we’ve covered stories about these vulnerabilities over the past weeks and months right here on this column. The sneaky truth is that many of these security products actually have pretty severe security problems.

The issues at Sophos started with an infection of an informational computer at a subsidiary office. They believe this was an information gathering exercise, that was a precursor to the widespread campaign. That campaign used multiple 0-days to crack “tens of thousands of firewalls around the world”. Sophos rolled out fixes for those 0-days, and included just a bit of extra logging as an undocumented feature. That logging paid off, as Sophos’ team of researchers soon identified an early signal among the telemetry. This wasn’t merely the first device to be attacked, but was actually a test device used to develop the attack. The game was on. Continue reading “This Week In Security: Playing Tag, Hacking Cameras, And More”

Fail Of The Week: Subscription EV Charger Becomes Standalone, Briefly

November 1, 2024 by 48 Comments

At this point in the tech dystopia cycle, it’s no surprise that the initial purchase price of a piece of technology is likely not the last payment you’ll make. Almost everything these days needs an ongoing subscription to do whatever you paid for it to do in the first place. It’s ridiculous, especially when all you want to do is charge your electric motorcycle with electricity you already pay for; why in the world would you need a subscription for that?

That was [Maarten]’s question when he picked up a used EVBox wall mount charger, which refused to charge his bike without signing up for a subscription. True, the subscription gave access to all kinds of gee-whiz features, none of which were necessary for the job of topping off the bike’s battery. A teardown revealed a well-built device with separate modules for mains supply and battery charging, plus a communications module with a cellular modem, obviously the bit that’s phoning home and keeping the charger from working without the subscription.

Continue reading “Fail Of The Week: Subscription EV Charger Becomes Standalone, Briefly”

Combining Gyro Stabilisation With Weight Shift Balancing

November 1, 2024 by 4 Comments

Gyroscopes are perfect to damper short impulses of external forces but will eventually succumb if a constant force, like gravity, is applied. Once the axis of rotation of the mass aligns with the axis of the external torque, it goes into the gimbal lock and loses the ability to compensate for the roll on that axis. [Hyperspace Pirate] tackled this challenge on a gyroscopically stabilized RC bike by shifting a weight around to help keep the bike upright.

[Hyperspace Pirate] had previously stabilized a little monorail train with a pair of control moment gyroscopes. They work by actively adjusting the tilt of gyroscopes with a servo to apply a stabilizing torque. On this bike, he decided to use the gyro as a passive roll damper, allowing it to rotate freely on the pitch axis. The bike will still fall over but at a much slower rate, and it buys time for a mass on the end of the servo-actuated arm to shift to the side. This provides a corrective torque and prevents gimbal lock.

[Hyperspace Pirate] does an excellent job of explaining the math and control theory behind the system. He implemented a PD-controller (PID without the integral) on an Arduino, which receives the roll angle (proportional) from the accelerometer on an MPU6050 MEMS sensor and the roll rate (Derivative) from a potentiometer that measures the gyro’s tilt angle. He could have just used the gyroscope output from the MPU6050, but we applaud him for using the actual gyro as a sensor.

Like [Hyperspace Pirate]’s other projects, aesthetics were not a consideration. Instead, he wants to experiment with the idea and learn a few things in the process, which we can support.

Continue reading “Combining Gyro Stabilisation With Weight Shift Balancing”