Author: Bryan Cockfield

1708 Articles

Serious Vulnerability In European Trunked Radio System

July 26, 2023 by 41 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

No Fish Left Behind

July 25, 2023 by 25 Comments

For hundreds of years, Icelanders have relied on the ocean for survival. This is perhaps not surprising as it’s an isolated island surrounded by ocean near the Arctic circle. But as the oceans warm and fisheries continue to be harvested unsustainably, Iceland has been looking for a way to make sure that the fish they do catch are put to the fullest use, for obvious things like food and for plenty of other novel uses as well as they work towards using 100% of their catch.

After harvesting fish for food, most amateur fishers will discard around 60% of the fish by weight. Some might use a portion of this waste for fertilizer in a garden, but otherwise it is simply thrown out. But as the 100% Fish Project is learning, there are plenty of uses for these parts of the fish as well. Famously, cod skin has been recently found to work as skin grafts for humans, while the skin from salmon has been made into a leather-type product and the shells of crustaceans like shrimp can be made into medicine. The heads and bones of fish can be dried and made into soups, and other parts of fish can be turned into things like Omega-3 capsules and dog treats.

While we don’t often feature biology-related hacks like this, out-of-the-box thinking like this is an important way to continue to challenge old ideas, leave less of a footprint, improve human lives, and potentially create a profitable enterprise on top of all of that. You might even find that life in the seas can be used for things you never thought possible before, like building logic gates out of crabs.

Thanks to [Ben] for the tip!

Debian Officially Adds RISC-V Support

July 25, 2023 by 21 Comments

As time goes on, more and more computer manufacturers are moving towards the ARM architecture and away from the bloated and outdated x86 instruction set. Apple is the most prominent producer to take this step, but plenty others are using ARM for its flexibility and efficiency. The only problem with ARM is that it’s licensed, so if you want to go even further down the open-source path the RISC-V instruction set is the next logical step. Now at least one mainline Linux distribution will officially support this architecture.

While Debian did have some support for RISC-V before this as a Debian port, which was not officially part of Debian. However, the official support will begin with the release of Debian 13, which is currently in the testing phase and hasn’t seen a stable release yet. To that end, the current state of this official version is extremely limited, being described as “almost empty” but with planned support for an initial 90 packages in the coming days. Most users working on a RISC-V platform will most likely to continue to use their Debian ports version.

It might be a little while before the RISC-V version is as full-featured as the ARM or x86 versions of this Linux distribution, but we are happy to see it move in this direction at all. And don’t think that RISC-V is limited to embedded systems or otherwise limited computing platforms, either. We’ve seen full Linux desktops with RISC-V processors since at least 2019.

Car Security System Monitors Tiny Voltage Fluctuations

July 25, 2023 by 43 Comments

As the old saying goes, there’s no such thing as a lock that can’t be picked. However, it seems like there are plenty of examples of car manufacturers that refuse to add these metaphorical locks to their cars at all — especially when it comes to securing the electronic systems of vehicles. Plenty of modern cars are essentially begging to be attacked as a result of such poor practices as unencrypted CAN busses and easily spoofed wireless keyfobs. But even if your car comes from a manufacturer that takes basic security precautions, you still might want to check out this project from the University of Michigan that is attempting to add another layer of security to cars.

The security system works like many others, by waiting for the user to input a code. The main innovation here is that the code is actually a series of voltage fluctuations that are caused by doing things like turning on the headlights or activating the windshield wipers. This is actually the secondary input method, though; there is also a control pad that can mimic these voltage fluctuations as well without having to perform obvious inputs to the vehicle’s electrical system. But, if the control pad isn’t available then turning on switches and lights to input the code is still available for the driver. The control unit for this device is hidden away, and disables things like the starter motor until it sees these voltage fluctuations.

One of the major selling points for a system like this is the fact that it doesn’t require anything more complicated than access to the vehicle’s 12 volt electrical system to function. While there are some flaws with the design, it’s an innovative approach to car security that, when paired with a common-sense approach to securing modern car technology, could add some valuable peace-of-mind to vehicle ownership in areas prone to car theft. It could even alleviate the problem of cars being stolen via their headlights.

Continue reading “Car Security System Monitors Tiny Voltage Fluctuations”

Bridging A Gap Between LLMs And Programming With TypeChat

July 22, 2023 by 33 Comments

By now, large language models (LLMs) like OpenAI’s ChatGPT are old news. While not perfect, they can assist with all kinds of tasks like creating efficient Excel spreadsheets, writing cover letters, asking for music references, and putting together functional computer programs in a variety of languages. One thing these LLMs don’t do yet though is integrate well with existing app interfaces. However, that’s where the TypeChat library comes in, bridging the gap between LLMs and programming.

TypeChat is an experimental MIT-licensed library from Microsoft which sits in between a user and a LLM and formats responses from the AI that are type-safe so that they can easily be plugged back in to the original interface. It does this by generating JSON responses based on user input, making it easier to take the user input directly, run it through the LLM, and then use the output directly in another piece of code. It can be used for things like prototyping prompts, validating responses, and handling errors. It’s also not limited to a single LLM and can be fairly easily modified to work with many of the existing models.

The software is still in its infancy but does hope to make it somewhat easier to work between user inputs within existing pieces of software and LLMs which have quickly become all the rage in the computer science world. We expect to see plenty more tools like this become available as more people take up using these new tools, which have plenty of applications beyond just writing code.

Game Boy-Style Camera For Playdate

July 20, 2023 by No comments

The Game Boy Camera, while perhaps not the most technologically advanced piece of equipment, left a huge mark on video game and electronics culture. The grayscale photographs are still highly prized, and there are an untold number of projects which interface with original hardware to download authentic Game Boy Camera pictures to modern computers. There are others that look to recreate the feel and style of these images, and the latest comes to us on a Game Boy-like platform as well, the Playdate.

[t0mg] is the creator of this project, utilizing a OV7670 camera module sending data to a Teensy 4.1 which interfaces with the Playdate via USB. The images recorded on the Playdate are 1-bit, slightly different than the 2-bit images the Game Boy Camera was capable of. The case of the camera also physically matches up well with the small console, using magnets to secure it to the device either in normal camera mode, in reverse for selfie mode, and can also support the console in “cover” mode as a way of storing the console to protect the screen. A companion application needs to run on the Playdate to get this all up and running, but with that and a battery plenty of retro-style images are ready to be captured.

All of the source for this project is available on the project’s GitHub page for anyone ready to experience some nostalgia or just experiment with a small camera like this. It’s a clean build that takes advantage of the Playdate’s open-source nature, through which we’ve seen the console turned into a typewriter and inspire other builds like this one-off handheld with a crank-style controller.

Continue reading “Game Boy-Style Camera For Playdate”

Conductive Gel Has Potential

July 18, 2023 by 24 Comments

There are some technologies first imagined in the Star Trek universe have already come to exist in the modern day. Communicators, tablet computers, and computer voice recognition are nearly as good as seen in the future, and other things like replicators and universal translators are well on their way. Star Trek: Voyager introduced a somewhat ignored piece of futuristic technology, the bio-neural gel pack. Supposedly, the use of an organic gel improved the computer processing power on the starship. This wasn’t explored too much on the series, but [Tom] is nonetheless taking the first steps to recreating this futuristic technology by building circuitry using conductive gel.

[Tom]’s circuitry relies on the fact that salts in a solution can conduct electricity, so in theory filling a pipe or tube with a saline solution should function similarly to a wire. He’s also using xanthan gum to increase viscosity. While the gel mixture doesn’t have quite the conductivity of copper, with a slight increase in the supplied voltage to the circuit it’s easily able to be used to light LEDs. Unlike copper, however, these conductive gel-filled tubes have some unique properties. For example, filling a portion of the tube with conductive gel and the rest with non-conductive mineral oil and pushing and pulling the mixture through the tube allows the gel to move around and engage various parts of a circuit in a way that a simple copper wire wouldn’t be able to do.

In this build specifically, [Tom] is using a long tube with a number of leads inserted into it, each of which correspond to a number on a nixie tube. By moving the conductive gel, surrounded by mineral oil, back and forth through the tube at precise intervals each of the numbers on the nixie tube can be selected for. It’s not yet quite as good as the computer imagined in Voyager but it’s an interesting concept nonetheless, not unlike this working replica of a communicator badge.

Continue reading “Conductive Gel Has Potential”