This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t

July 26, 2019 by 18 Comments

Selfblow (Don’t google that at work, by the way) is a clever exploit by [Balázs Triszka] that affects every Nvidia Tegra device using the nvtboot bootloader — just about all of them except the Nintendo Switch. It’s CVE 2019-5680, and rated at an 8.2 according to Nvidia, but that high CVE rating isn’t entirely reflective of the reality of the situation. Taking advantage of the vulnerability means writing to the boot device, which requires root access, as well as a kernel flag set to expose the boot partitions to userspace. This vulnerability was discovered as part of an effort by [Balázs] and other LineageOS developers to build an open source bootloader for Nvidia Tegra devices.

The Tegra boot process is a bit different, having several stages and a dedicated Boot and Power Management CPU (BPMP). A zero-stage ROM loads nvtboot to memory and starts it executing on the BPMP. One of the tasks of nvtboot is to verify the signature of the next bootloader step, nvtboot-cpu. The file size and memory location are embedded in the nvtboot-cpu header. There are two problems here that together make this vulnerability possible. The first is that the bootloader binary is loaded to its final memory location before the signature verification is performed. The code is written to validate the bootloader signature before starting it executing on the primary CPU, so all is well, right? Continue reading “This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t”

The Trials And Tribulations Of Building An IOT Garage Door Opener

July 15, 2019 by 18 Comments

Garage doors can be frustrating things, being a chore to open manually and all. Many people opt to install a motorized opener, but for some, even this isn’t enough. Hooking up a garage door to the Internet of Things has long been a popular project, and [Simon Ludborzs] decided to give it a shot. Naturally, there were some obstacles to be overcome along the way.

[Simon]’s build is relatively straight down the lines, using an ESP-12 as the brains of the operation, which connects to the internet over WiFi. However, robustness was a major goal of the project, and being reliant on shaky cloud-based services wouldn’t do. This opener is set up to work independently of an internet connection, too. There’s a nifty control panel with glowing buttons to operate the opener, in addition to the webpage served up on the network.

During the development, [Simon] ran into several roadblocks. A set of roller door motors were inadvertently killed, and there were issues in getting the web interface working as expected. None of these were showstoppers, though, and with a little work and some new parts, everything came together in the end. The project was then given a proper commercial-grade case, sourced from AliBaba. This is a great step to take for a project expected to hold up to daily use for years on end. He also took the time to document his tips for easier ESP8266 development, which may prove useful to those just getting started with the platform.

Garage door openers remain a common theme around here, but every project has its own story to tell. If you’ve developed a particularly unique solution to your garage access problems, you know who to call.

Well-Built Sentry Gun Addresses The Menace Of Indoor Micro-UAVs

June 13, 2019 by 21 Comments

What is this world coming to when you can’t even enjoy sitting in your living room without some jamoke flying a drone in through the window? Is nothing sacred? Won’t someone think of the children?

Apparently [Drew Pilcher] did, and the result is this anti-drone sentry gun.  It’s a sturdily built machine – one might even say it’s overbuilt. The gimbal is made from machined steel pieces, and the swivels are a pair of Sherline stepper-controlled rotary tables with 1/40 of a degree accuracy selling for $400 each. Riding atop that is a Nerf rifle, which is cocked by a stepper-actuated linear slide, as well as a Kinect for object tracking. The tracking app is a little rough – just OpenCV hacked onto the Kinect SDK – but good enough for testing. The gun tracks as smoothly as one would expect given the expensive hardware, and the auto-cocking feature works well if a bit slowly. Based as it is on Nerf technology, this sentry is only indicated for the control of the micro-drones seen in the snuff video below, but really, anyone afflicted by indoor infestations of Phantoms or Mavics has bigger problems to worry about.

Over-engineered? Perhaps, but it’s better than letting the menace of indoor drones go unanswered. And it’s far from the first sentry gun we’ve seen, targeting everything from cats to squirrels using lasers, paintballs, and even plain water.

Continue reading “Well-Built Sentry Gun Addresses The Menace Of Indoor Micro-UAVs”

Video Doorbell Focuses On Quality, Aesthetic

May 13, 2019 by 2 Comments

One of the most popular futurist tropes of the 20th century was the video intercom. Once this technology was ready, it would clearly become a mainstay of modern living overnight. Our lived reality is however somewhat different. For [MisterM], that simply wouldn’t do, so he set about producing a retro-themed video doorbell that is sure to be the envy of the neighbourhood.

Not one to settle for second best, [MisterM] wanted to focus on quality in video and sound. A Microsoft LifeCam 3000HD handles video and audio capture, with a Raspberry Pi 3B+ providing plenty of grunt to run the show. The Pimoroni pHAT BEAT add-on provides audio output. It’s all integrated into a 1980s vintage intercom, which is painted a deep shade of maroon for an extra classy look. Further parts are integrated into a classic Sony tape deck, with LEDs shining out from under the cassette door for added visual appeal.

The doorbell works by making calls to Google Duo, which allows the user to answer the door from anywhere in the house, or indeed – anywhere with an Internet connection! [MisterM] reports this has already proved useful for communicating with couriers delivering packages to the house. There’s also a standard wireless doorbell and chime integrated into the unit which alerts those within the house in the usual way.

It’s a project that is both highly functional and looks particularly swish. Integrating new brains into old-school enclosures is a great way to give your project a cool look. These aircraft surplus clocks are a great example. Video after the break.

Continue reading “Video Doorbell Focuses On Quality, Aesthetic”

This Week In Security: Backdoors In Cisco Switches, PGP Spoofing In Emails, Git Ransomware

May 13, 2019 by 7 Comments

Some switches in Cisco’s 9000 series are susceptible to a remote vulnerability, numbered CVE-2019-1804 . It’s a bit odd to call it a vulnerability, actually, because the software is operating as intended. Cisco shipped out these switches with the same private key hardcoded in software for all root SSH logins. Anyone with the key can log in as root on any of these switches.

Cisco makes a strange claim in their advisory, that this is only exploitable over IPv6. This seems very odd, as there is nothing about SSH or the key authentication process that is IPv6 specific. This suggests that there is possibly another blunder, that they accidentally left the SSH port open to the world on IPv6. Another possibility is that they are assuming that all these switches are safely behind NAT routers, and therefore inaccessible through IPv4. One of the advantages/disadvantages of IPv6 is that there is no NAT, and all the network devices are accessible from the outside network. (Accessible in the sense that a route exists. Firewalling is still possible, of course.)

It’s staggering how many devices, even high end commercial devices, are shipped with unintentional yet effective backdoors, just like this one. Continue reading “This Week In Security: Backdoors In Cisco Switches, PGP Spoofing In Emails, Git Ransomware”

Barn Door Tracker Needs No Special Tools

May 10, 2019 by 15 Comments

If you want to take a long exposure photograph, you need a tripod to hold your camera steady. But a tripod won’t help when the ground it’s standing on is moving. That’s exactly the problem [Emvilza] ran into when he wanted to take minutes or hours long photographs of the night sky. His solution was to build a barn door tracker, which he carefully documented in both English and Spanish.

Barn door trackers, also known as scotch mounts have been used by photographers for many years to cancel out the rotation of the earth. This causes stars to appear frozen in the sky and allows for photographs of very dim celestial objects. These trackers range from simple hand-cranked affairs to complex mechanical creations. [Emvilza] decided to have a go at designing and building his own tracker, using only basic tools, as he didn’t have access to a CNC or 3D printer.

The tracker itself is built from wood, with metal hardware. [Emvilza] spent a ton of time designing the tracker using SketchUp. The carefully drawn plans ensured everything would fit together and operate correctly.

One of the toughest parts was accurately bending a threaded rod enough to make it work with the tracker, but not bind the drive system. The mount’s motion comes from a threaded rod. The rod is driven by a stepper motor.  Control and sensing is handled by an ATmega328 programmed using the Arduino toolchain. [Emvilza] learned Eagle and designed a PCB. Rather than etch a board, he simply built the circuit on perfboard, following his layout and traces.

The end result is a tracker that looks and performs great — just check out the images on [Emvilza’s] site to see some examples. Not only that, [Emvilza’s] well written documentation will help anyone looking to build a tracker in the future!

WiFi Your Door Lock With An ESP

March 25, 2019 by 18 Comments

The Internet of Things is upon us, and with that comes a deluge of smart cameras, smart home monitors, and smart home locks. There actually aren’t many smarts in these smart conveniences, and you can easily build your own. That’s what [MakerMan] did with some off-the-shelf parts and just a little bit of code. Now he can open his door with WiFi, and it’s a nice clean build.

The build process began by first removing the existing barrel bolt on the door. This was replaced by a deadbolt that also had some really neat solenoids inside for remote activation. This was mounted to the door in a way that the door could lock, with a minimal amount of damage from some skillful hacksaw work. The only thing left to do after this was add some electronics and brains to the lock.

For this, [MakerMan] added a button and LED to the outside of the door. Some of these wires were fed into the lock mechanism, with a few more run over to a project enclosure mounted next to a power outlet. The project enclosure holds an ESP-8266, power regulator, and relay board, and the ESP is running code that instantiates a web server that will unlock the door with a few clicks on a web page.

Sure, it’s probably not the most secure lock on the planet, and the 5V linear regulator is held on to the relay board with hot glue, but this is an exceptionally well-documented project, and all the code is available in an archive.

Continue reading “WiFi Your Door Lock With An ESP”