This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt

February 7, 2025 by 9 Comments

There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.

Additionally, the firmware sends patient and sensor data to this same hard-coded IP address. This backdoor also includes a system call to enable the eth0 network before attempting to access the hardcoded IP address, meaning that simply disabling the Ethernet connection in the device options is not sufficient to prevent the backdoor from triggering. This is a stark reminder that in the firmware world, workarounds and mitigations are often inadequate. For instance, you could set the gateway address to a bogus value, but a slightly more sophisticated firmware could trivially enable a bridge or alias approach, completely bypassing those settings. There is no fix at this time, and the guidance is pretty straightforward — unplug the affected devices.

Continue reading “This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt”

Split-Flap Clock Makes A Nice Side Quest In Larger Project

February 7, 2025 by 2 Comments

Sometimes projects spawn related projects that take on a life of their own. That’s OK, especially when the main project is large and complex, In that case, side-quest projects provide a deliverable that can help keep the momentum of the whole project going. The mojo must flow, after all.

That seems to be what’s going on with this beautiful split-flap clock build by [Erich Styger]. It’s part of a much larger effort which will eventually see 64 separate split-flap units chained together. This project has been going on for a while; we first featured it back in 2022 when it was more of a prototype. Each unit is scratch-built, using laser-cut fiberboard for parts like the spool and frame, thin PVC stock for the flip cards, and CNC-cut vinyl for the letters and numbers. Each unit is powered by its own stepper motor.

To turn four of these displays into a clock, [Erich] milled up a very nice enclosure from beech. From the outside it’s very clean and simple, almost like something from Ikea, but the inside face of the enclosure is quite complex. [Erich] had to mill a lot of nooks and crannies into the wood to provide mounting space and clearance for the split-flap mechanism, plus a thinned-down area at the top of each window to serve as a stop for the flaps. The four displays are controlled by a single controller board, which houses an NXP K22FN512 microcontroller along with four stepper drivers and interfaces for the Hall-effect sensors needed to home each display. There’s also an RS-485 interface that lets the controllers daisy-chain together, which is how the big 64-character display will be controlled.

We’re looking forward to that, but in the meantime, enjoy the soft but pleasant flappy goodness of the clock in the brief video below.

Continue reading “Split-Flap Clock Makes A Nice Side Quest In Larger Project”

Quix Furniture For Modular Furniture Fun

February 7, 2025 by 13 Comments

If you’re someone who moves a lot, or just likes to change your decor, the limitations of conventional furniture can be a bit of a pain. Why not build your furniture modularly, so it can change with you?

QUIX is a modular building system designed for furnishings developed by [Robert Kern]. Giving people the ability to “build any kind of furniture in minutes with no tools,” it seems like a good gateway for people who love building with LEGO but find the pegs a little uncomfortable and expensive for full-sized chairs and couches. Anything that makes making more accessible is an exciting development in our book.

Featuring a repeating series of interlocking hooks, the panels can be produced via a number of techniques like CNC, laser cutter, or even smaller 3D printed models. Dowels and elastic bands serve as locks to prevent the furniture from tilting and since you have such a wide variety of panel materials to choose from, the color combinations can range from classic plywood to something more like a Mondrian.

If you’re looking for more modular inspiration for your house, how about gridbeam or Open Structures? If you’re wanting your furniture more musically-inclined, try Doodlestation instead.

Continue reading “Quix Furniture For Modular Furniture Fun”

RC Cars With First Person Video, All With An ESP32

February 6, 2025 by 6 Comments

Those little ESP32-CAM boards which mate the WiFi-enabled microcontroller with a small parallel-interface camera module have been with us for years, and while they are undeniably cool to play with, they sometimes stretch the available performance in trying to process and stream video. [Mattsroufe] has made a very cool project with one of them, not only managing to stream video from a small model car, but also to control the steering and motor by means of servos and a little motor driver.

Sadly it’s not entirely a stand-alone device, as the ESP32 streams video to a web server with some Python code to handle the controls. The server can aggregate several of them on one page though, for perhaps a little real-life quad-screen Mario Kart action if you have enough of the things. We can see that this idea has plenty of potential beyond the mere fun of driving a toy car around though, but to whet your appetite there’s a demo video below.

We’ve seen enough of the ESP32-cam before, but perhaps more as a photographic device.

Continue reading “RC Cars With First Person Video, All With An ESP32”

Solid Tips For Designing Assistive Technology (Or Anything Else, Really)

February 6, 2025 by 8 Comments

Do you make things, and have you got almost ten minutes to spare? If not, make the time because this video by [PrintLab] is chock-full of healthy and practical design tips. It’s about effective design of Assistive Technology, but the design concepts extend far beyond that scope.

It’s about making things that are not just functional tools, but objects that are genuinely desirable and meaningful to people’s lives. There are going to be constraints, but constraints aren’t limits on creativity. Heck, some of the best devices are fantastic in their simplicity, like this magnetic spoon.

It’s not just about functionality. Colors, textures, and style are all meaningful — and have never been more accessible.

One item that is particularly applicable in our community is something our own [Jenny List] has talked about: don’t fall into the engineer-saviour trap. The video makes a similar point in that it’s easy and natural to jump straight into your own ideas, but it’s critical not to make assumptions. What works in one’s head may not work in someone’s actual life. The best solutions start with a solid and thorough understanding of an issue, the constraints, and details of people’s real lives.

Another very good point is that designs don’t spring fully-formed from a workbench, so prototype freely using cardboard, models, 3D printing, or whatever else makes sense to you. Don’t be stingy with your prototyping! As long as you’re learning something each time, you’re on the right path.

And when a design is complete? It has the potential to help others, so share it! But sharing and opening your design isn’t just about putting the files online. It’s also about making it as easy as possible for others to recreate, integrate, or modify your work for their own needs. This may mean making clear documentation or guides, optimizing your design for ease of editing, and sharing the rationale behind your design choices to help others can build on your work effectively.

The whole video is excellent, and it’s embedded here just under the page break. Does designing assistive technology appeal to you? If so, then you may be interested in the Make:able challenge which challenges people to design and make a 3D printable product (or prototype) that improves the day-to-day life of someone with a disability, or the elderly. Be bold! You might truly help someone’s life.

Continue reading “Solid Tips For Designing Assistive Technology (Or Anything Else, Really)”

T1 Is A RISC-V Cray

February 6, 2025 by 13 Comments

The crux of most supercomputers is the ability to operate on many pieces of data at once — something video cards are good at, too. Enter T1 (short for Torrent-1), a RISC-V vector inspired by the Cray X1 vector machine.

T1 has support for features, including lanes and chaining. The chip contains a version of the Rocket Core for scalar operations, but there’s no official support for using it. The project claims you could easily replace that core with any other RISC-V CPU IP.

Continue reading “T1 Is A RISC-V Cray”

Running Doom On An Apple Lightning To HDMI Adapter

February 6, 2025 by 17 Comments

As a general rule of thumb, anything that has some kind of display output and a processor more beefy than an early 90s budget PC can run Doom just fine. As [John] AKA [Nyan Satan] demonstrates in a recent video, this includes running the original Doom on an Apple Lightning to HDMI Adapter. These adapters were required after Apple moved to Lightning from the old 30-pin connector which had dedicated pins for HDMI output.

As the USB 2.0 link used with Lightning does not have the bandwidth for 1080p HDMI, compression was used, requiring a pretty beefy processor in the adapter. Some enterprising people at the time took a hacksaw to one of these adapters to see what’s inside them and figure out the cause of the visual artifacts. Inside is a 400 MHz ARM SoC made by Samsung lovingly named the S5L8747. The 256 MB of RAM is mounted on top of the package, supporting the RAM disk that the firmware is loaded into.

Although designed to only run the Apple-blessed firmware, these adapters are susceptible to the same Checkm8 bootROM exploit, which enables the running of custom code. [John] adapted this exploit to target this adapter, allowing this PoC Doom session to be started. As the link with the connected PC (or Mac) is simply USB 2.0, this presumably means that sending keyboard input and the like is also possible, though the details are somewhat scarce on this aspect.

Continue reading “Running Doom On An Apple Lightning To HDMI Adapter”