Day: February 7, 2025

This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt

February 7, 2025 by No comments

There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.

Additionally, the firmware sends patient and sensor data to this same hard-coded IP address. This backdoor also includes a system call to enable the eth0 network before attempting to access the hardcoded IP address, meaning that simply disabling the Ethernet connection in the device options is not sufficient to prevent the backdoor from triggering. This is a stark reminder that in the firmware world, workarounds and mitigations are often inadequate. For instance, you could set the gateway address to a bogus value, but a slightly more sophisticated firmware could trivially enable a bridge or alias approach, completely bypassing those settings. There is no fix at this time, and the guidance is pretty straightforward — unplug the affected devices.

Continue reading “This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt”

Split-Flap Clock Makes A Nice Side Quest In Larger Project

February 7, 2025 by 2 Comments

Sometimes projects spawn related projects that take on a life of their own. That’s OK, especially when the main project is large and complex, In that case, side-quest projects provide a deliverable that can help keep the momentum of the whole project going. The mojo must flow, after all.

That seems to be what’s going on with this beautiful split-flap clock build by [Erich Styger]. It’s part of a much larger effort which will eventually see 64 separate split-flap units chained together. This project has been going on for a while; we first featured it back in 2022 when it was more of a prototype. Each unit is scratch-built, using laser-cut fiberboard for parts like the spool and frame, thin PVC stock for the flip cards, and CNC-cut vinyl for the letters and numbers. Each unit is powered by its own stepper motor.

To turn four of these displays into a clock, [Erich] milled up a very nice enclosure from beech. From the outside it’s very clean and simple, almost like something from Ikea, but the inside face of the enclosure is quite complex. [Erich] had to mill a lot of nooks and crannies into the wood to provide mounting space and clearance for the split-flap mechanism, plus a thinned-down area at the top of each window to serve as a stop for the flaps. The four displays are controlled by a single controller board, which houses an NXP K22FN512 microcontroller along with four stepper drivers and interfaces for the Hall-effect sensors needed to home each display. There’s also an RS-485 interface that lets the controllers daisy-chain together, which is how the big 64-character display will be controlled.

We’re looking forward to that, but in the meantime, enjoy the soft but pleasant flappy goodness of the clock in the brief video below.

Continue reading “Split-Flap Clock Makes A Nice Side Quest In Larger Project”

Quix Furniture For Modular Furniture Fun

February 7, 2025 by 3 Comments

If you’re someone who moves a lot, or just likes to change your decor, the limitations of conventional furniture can be a bit of a pain. Why not build your furniture modularly, so it can change with you?

QUIX is a modular building system designed for furnishings developed by [Robert Kern]. Giving people the ability to “build any kind of furniture in minutes with no tools,” it seems like a good gateway for people who love building with LEGO but find the pegs a little uncomfortable and expensive for full-sized chairs and couches. Anything that makes making more accessible is an exciting development in our book.

Featuring a repeating series of interlocking hooks, the panels can be produced via a number of techniques like CNC, laser cutter, or even smaller 3D printed models. Dowels and elastic bands serve as locks to prevent the furniture from tilting and since you have such a wide variety of panel materials to choose from, the color combinations can range from classic plywood to something more like a Mondrian.

If you’re looking for more modular inspiration for your house, how about gridbeam or Open Structures? If you’re wanting your furniture more musically-inclined, try Doodlestation instead.

Continue reading “Quix Furniture For Modular Furniture Fun”