Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.

Full details are not yet available; the research team is waiting until October to publicly release proof-of-concept code in order to give time for companies to patch their devices. The basic idea however, is in the name. “Brak” is the Norweigan word for “crash,” with “tooth” referring to Bluetooth itself. The attack involves repeatedly attempting to crash devices to force them into undesired operation.

The Espressif ESP32 is perhaps one of the worst affected. Found in all manner of IoT devices, the ESP32 can be fooled into executing arbitrary code via this vulnerability, which can do everything from clearing the devices RAM to flipping GPIO pins. In smart home applications or other security-critical situations, this could have dire consequences.

Other chipsets are affected to varying degrees, including parts from manufacturers like Texas Instruments and Cypress Semiconductor. Some parts are vulnerable to denial of service, while audio devices may be frozen up or shut down by the attack. The group claims over 1400 products could be affected by the bug.

Firmware patches are being rolled out, and researcher [Matheus E. Garbelini] has released code to build a sniffer device for the vulnerability on GitHub. If you’re involved with the design or manufacture of Bluetooth hardware, it might pay to start doing some homework on this one! Concerned vendors can apply for proof-of-concept test code here.

Download From NFC Datalogger, No App Required

The plethora of wireless technologies has made internet-connected devices the norm, but it’s not always necessary if you don’t need real-time updates. Whether it’s due to battery life, or location and range constraints, downloading data directly from the device whenever possible might be a viable solution. [Malcolm Mackay] demonstrates an elegant solution on the open source cuplTag temperature/humidity logger, using any NFC-enabled smartphone, without requiring a custom app.

The cuplTag utilizes the feature on NFC-enabled smartphones to automatically open a URL provided by the cuplTag. It encodes the sensor data from the sensor unit as a circular buffer in a ~1 kB URL, which automatically uploads to a web frontend that plots the data. (You can use their server or run your own.)

This means that data can be collected by anyone with the appropriate phone with zero setup. The data is displayed on the web app and can be downloaded as a CSV. To deter spoofing, each tag ships with a secret key which is used to generate a unique HMAC every time the circular buffer changes.

Battery life is a priority on the cuplTag, and it’s theoretically capable of running seven years on a single CR1220 coin cell using the current-sipping Texas Instruments MSP430 microcontroller. The hardware, firmware, and server-side frontend and backend code are all open source and available on GitHub.

Earlier this year, we held a data logging contest, and featured submissions that monitored everything from your garden’s moisture levels to your caffeine intake.

Even Faster Fourier Transforms On The Raspbery Pi Zero

Oftentimes in computing, we start doing a thing, and we’re glad we’re doing it. But then we realise, it would be much nicer if we could do it much faster. [Ricardo de Azambuja] was in just such a situation when working with the Raspberry Pi Zero, and realised that there were some techniques that could drastically speed up Fast Fourier Transforms (FFT) on the platform. Thus, he got to work.

The trick is using the Raspberry Pi Zero’s GPU to handle the FFTs instead of the CPU itself. This netted Ricardo a 7x speed upgrade for 1-dimensional FFTs, and a 2x speed upgrade for 2-dimensional operations.

The idea was cribbed from work we featured many years ago, which provided a similar speed up to the very first Raspberry Pi. Given the Pi Zero uses the same SoC as the original Raspberry Pi but at a higher clock rate, this makes perfect sense. However, in this case, [Ricardo] implemented the code in Python instead of C as suits his use case.

[Ricardo] uses the code with his Maple Syrup Pi Camera project, which pairs a Coral USB machine learning accelerator with a Pi Zero and a camera to achieve tasks such as automatic licence plate recognition or facemask detection. Fun!

3D Printed Sensor Detects Glyphosate

Typically, detecting glyphosate — a herbicide — in a beverage requires a sophisticated test setup. But Washington State University has a 3D printed sensor that uses nanotubes to simplify the detection of the toxin.

The idea is very similar to inexpensive blood glucose monitors. The test will eventually find use for human samples, but the initial testing was for detecting contamination in orange juice.

Continue reading “3D Printed Sensor Detects Glyphosate”

3D printed rocket laying on grass

3D Printed Rocket’s Features Are Out Of This World

We’re delighted to see the progress on [Foaly]’s 3D-printed Cortex 2 rocket, and the latest build log is full of beautiful pictures and design details. Not only is this rocket jam-packed with an efficiency of electronics and smart design, but it almost seems out to single-handedly prove that 3D-printing is far from the novelty some think it is.

Electronics and wires packing the fuselage of a model rocket
Cable management and component layout is far from a trivial task in a rocket like this.

There is so much going on in the Cortex 2 that it simply wouldn’t be possible to do everything it does without the ability to make one’s own parts exactly to specification. In fact, there is so much going on that cable management is its own challenge.

Everything in the build log is interesting, but the design of the parachute system is of particular note. [Foaly]’s original Cortex rocket met it’s end when the parachute failed to deploy, and Cortex 2 is determined to avoid that fate if it can. For the parachute and any cords and anchors, a careful layout maximizes the chances of a successful deployment without anything tangling, but there are some extra features as well. The panel covering the parachute is mounted with the help of four magnets, which are mounted with opposing polarities. This provides an initial repulsing force when the door is unlocked by a servo, which should help wind immediately rush in to the opening to blow the panel away. The recovery system even has its own dedicated microcontroller and can operate autonomously; even if software for everything else crashes, the parachute will still get deployed. Locking connectors for all cables also ensure that acceleration forces don’t dislodge any contacts.

Everything about the rocket looks great, and the amount of work that has gone into the software is particularly evident. The main controller even has an interactive pre-flight checklist, which is a fantastic feature.

The last time we saw the Cortex 2 it was still only about half built, and we can’t wait to see how it performs. Rocketry is a field that has benefited greatly from things like 3D printing, the availability of highly-integrated electronics, and even such things as a rocket design workbench for FreeCAD. Better tools enable better work, after all.

Firmware Find Hints At Subscription Plan For ReMarkable Tablet

We’ve been keeping a close eye on the development of electronic paper tablets such as the reMarkable for a while now. These large-format devices would be a great way to view schematics and datasheets, and with the right software, could easily become an invaluable digital sidekick. Unfortunately, a troubling discovery made in a beta version of the reMarkable firmware is a strong indication the $400 USD device may be heading down a path that many in this community wouldn’t feel comfortable with.

While trying to get a reMarkable tablet running firmware version 2.10.0.295 synced up to self-hosted server using rmfakecloud, Reddit user [dobum] was presented with a very unusual prompt. The tablet displayed several subscription levels, as well as brief description of what each one unlocked. It explained that standard users would get “basic functions only”, while the highest tier subscription would unlock an “expanding universe of powerful tools” for the e-paper tablet. In addition, only recently used documents would be synced with the cloud unless you had a paid subscription.

Continue reading “Firmware Find Hints At Subscription Plan For ReMarkable Tablet”

An Entirely Frivolous Way To Measure Data

[lexie] is a librarian, and librarians live in the real world. They’re not concerned with vague digital notions about the size of data, but practical notions of space. Thus, she created a tool to answer an important question: how long do your shelves need to be if you’re storing all your information on 3.5″ floppy disks?

It’s a great question, and one we find ourselves asking, well, pretty much never. [lexie]’s tool is also built using modern web technologies, and 3.5″ floppy disks were never really used for bulk storage, either. It just makes the whole thing all the more frivolous, and that makes it more fun.

You can key in any quantity from megabytes to exabytes and the tool will spit out the relevant answer in anything from millimeters to miles as appropriate. Despite the graphics on the web page, it does assume rational shelving practices of placing disks along the shelves on their thinner 4 mm edge.

We’d love to see a expanded version that covers other storage methods, like tape, hard drives, or burnt media. It could actually become pretty useful for those building their own mass storage farms at home. With CHIA cryptocurrency that could become more popular, even if it does run us all out of hard drives along the way. Altnernatively, you might consider hooking up a floppy controller for your Raspberry Pi.