Security researchers have found that it is possible to alter a digitally signed PDF without invalidating its signatures. To demonstrate it, they produced a fake document “refund order” of $1,000,000,000,000 dollars, with a valid signature from Amazon. This sparked my attention, since I was quite sure that they didn’t use some sort of quantum device to break the cryptography involved in the signing process. So what exactly is going on?
The researchers claim to found at least three different ways to, in their words:
… use an existing signed document (e.g., amazon.de invoice) and change the content of the document arbitrarily without invalidating the signatures. Thus, we can forge a document signed by email@example.com to refund us one trillion dollars.
That’s not good news if you take into account that the main purpose of digitally signing a document is, well, prevent unauthorized changes in that document. The good news is that you can update your software to fix this flaws because of this research; the main PDF readers companies were given time to fix the issues. The bad news is that if you rely on the signature verification for any sensitive process, you likely want to go back and see if you were using vulnerable software previously and check that documents were correctly validated. I’m thinking about government institutions, banks, insurance companies and so on.
The implications are yet to be seen and probably won’t even be fully known.
There are three classes of attacks that work on different software. I’ll try to go into each one from what I could tell from reading the research.
Continue reading “1 Trillion USD Refund! (PDF Enclosed)”
For a little while it was possible to spend Bitcoin twice. Think of it like a coin on a string, you put it into the vending machine to get a delicious snack, but if you pull the string quickly enough you could spend it again on some soda too. Except this coin is worth something like eighty-grand.
On September 20, the full details of the latest fix for the Bitcoin Core were published. This information came two days after the fix was actually released. Two vulnerabilities were involved; a Denial of Service vulnerability and a critical inflation vulnerability, both covered in CVE-2018-17144. These were originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited.
Let’s take a look at how this worked, and how the network was patched (while being kept quiet) to close up this vulnerability.
Continue reading “Bitcoin’s Double Spending Flaw Was Hush-Hush During Rollout”
Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.
A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.
But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation up with firm reasoning. In fact, Efail isn’t an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.
Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.
Continue reading “Explaining Efail and Why It Isn’t the End of Email Privacy”
Are you a wizard at antenna design? Chances are you’ve never even given it a try, but this tool could change that. Most home-made WiFi signal boosting antenna plans around the Internet share one feature: they are directional antennas or reflectors. But WiPrint is a tool for designing custom WiFi reflectors that map to the specific application.
If we want to increase the signal strength in two or three different locations the traditional solution is an omnidirectional antenna. The problem is, although a good omnidirectional antenna increases the signal power in those locations we want, it also increases the signal power where we don’t want.
A team of researchers led by Dartmouth College created WiPrint to allow users to input a floor plan, the location of the WiFi access point and a desired signal map into the system. The software uses an optimization algorithm to produce a custom reflector shape for that floor plan. The reflector can then be fabricated and placed next to the access point antenna to reflect and concentrate the signal in the specified area, while decreasing signal strength outside of it. The best thing is: you can actually 3D print the reflector and just glue tin foil on it!
The results show that optimized reflectors can weaken or enhance signals in target areas by up to 10 or 6 dB, respectively, and resulting in throughput changes by up to -63.3% or 55.1%. That is not the only advantage, as the researchers point out:
Our approach provides four benefits. First, it provides strong physical security by limiting the physical reach of wireless signals, hence creating a virtual wall for wireless signals. Second, it relies on a low-cost ($35), reproducible 3D reflector, which can be easily replaced upon substantial changes in the environment or coverage requirement. Third, it offers an easily accessible and easy-to-configure solution to non-expert users. Users only need to specify coverage requirements and a coarse environment model, with which our system computes a reflector shape tailored to the built environment. Finally, it is applicable to commodity low-end Wi-Fi APs without directional or multiple antennas.
The sad part is that, for now, no software is available. The study and results have just been presented at ACM’s BuildSys 2017. It would be great to see something like this open-sourced. Meanwhile, this is further proof that [Brian Benchoff] knew what he was doing when he told you to use duct tape for superior WiFi range.
Our own [Brian Benchoff] asked this same question just six months ago in a similar headline. At that time, the answer was no. Or kind of no. Some exploits existed but with some preconditions that limited the impact of the bugs found in Intel Management Engine (IME). But 2017 is an unforgiving year for the blue teams, as lot of serious bugs have been found throughout the year in virtually every fields of computing. Researchers from Positive Technologies report that they found a flaw that allows them to execute unsigned code on computers running the IME. The cherry on top of the cake is that they are able to do it via a USB port acting as a JTAG port. Does this mean the zombie apocalypse is coming?
Before the Skylake CPU line, released in 2015, the JTAG interface was only accessible by connecting a special device to the ITP-XDP port found on the motherboard, inside a computer’s chassis. Starting with the Skylake CPU, Intel replaced the ITP-XDP interface and allowed developers and engineers to access the debugging utility via common USB 3.0 ports, accessible from the device’s exterior, through a new a new technology called Direct Connect Interface (DCI). Basically the DCI provides access to CPU/PCH JTAG via USB 3.0. So the researchers manage to debug the IME processor itself via USB DCI, which is pretty awesome, but USB DCI is turned off by default, like one of the researchers states, which is pretty good news for the ordinary user. So don’t worry too much just yet.
Continue reading “Is Intel’s Management Engine Broken yet?”
Browsing around the depths of the Internet we came across a super low tech version of Super Mario from [Sata Productions]. The video presents a complete tutorial on how to make a playable, cardboard version of the famous Super Mario game. If you are a fan, you probably going to like this.
You basically need cardboard, a hot glue gun, a ball bearing, a couple of DC motors, some iron BBs, some magnets, batteries, some wires… it sounds just like shopping list for a MacGuyver episode. But it works and it’s playable. It has a wired remote control, you control Mario to move and make him jump up and down in a kind of turning dashboard game. It even has a game over screen when Mario dies. Yes, Mario can die in this cardboard version. If you want to make a custom version you can always print a bigger level and resize the cardboard box.
Super Mario has had its shares of hacks, like this interface hack using a Kinect to control Mario or this super tricky jailbreak hack that allows players to run their own game mods, but this one is just on another level: a low tech approach. It seems like it could be a fun weekend project, especially if you have kids. If you’re not into Super Mario, it’s possible to just print a different game, the supporting platform is pretty generic and could support several simplified platform games.
Check out the video:
Continue reading “Super Low Tech Mario”
There are so many autonomous devices nowadays that can run Skynet Inside(TM) that it’s hard to keep track. But one was still missing: the versatile Bobcat. When we say “Bobcat”, we mean track loader — it’s just one of those things that the name and the brand stoke together so strongly that it’s hard to actually recall the technical name. A company by the name of Built Robotics is betting on autonomous track loaders as being a big part of the future of construction.
The tractor can navigate, excavate, and carry a 1,000 pound load with 1 cm precision using its LIDAR, specially designed to work with high-vibration, high-impact environment of construction excavation. Additionally, the lasers also allow the robot to measure the amount of material it has scooped up. But the precision does not come from the LIDAR alone. To position the robot, Built Robotics uses augmented GPS, which combines an on-site base station and GPS satellites to produce accurate location data.
It is supposed to be completely autonomous: given a location and holes to dig, it can plan and execute the work. It resembles a self-driving car, but the challenges are actually quite different. Cars are mean to drive around and reach a destination without touching anything. Like the CEO of Built Robotics says:
“If a car is changing the environment around it, then something’s gone really wrong.”
Continue reading “Skynet will have Bobcats”