This Week In Security: Find My Keylogger, Zephyr, And Active Exploitation

November 10, 2023 by 7 Comments

Keyloggers. Such a simple concept — you secretly record all the characters typed on a keyboard, and sort through it later for interesting data. That keyboard sniffer could be done in software, but a really sneaky approach is to implement the keylogger in hardware. Hardware keyloggers present a unique problem. How do you get the data back to whoever’s listening? One creative solution is to use Apple’s “Find My” tracking system. And if that link won’t let you read the story, a creative solution for that issue is to load the page with javascript disabled.

This is based on earlier work from [Fabian Bräunlein], dubbed “Send My”. As an aside, this is the worst naming paradigm, and Apple should feel bad for it. At the heart of this cleverness is the fact that Apple used the standard Bluetooth Low Energy (BLE) radio protocol, and any BLE device can act like an Apple AirTag. Bits can be encoded into the reported public key of the fake AirTag, and the receiving side can do a lookup for the possible keys.

A fake AirTag keylogger manages to transfer 26 characters per second over the “Find My” system, enough to keep up with even the fastest of typists, given that no keyboard is in use all the time. Apple has rolled out anti-tracking protections, and the rolling key used to transmit data also happens to completely defeat those protections. Continue reading “This Week In Security: Find My Keylogger, Zephyr, And Active Exploitation”

Getting PCIe Working On The New Pi 5

November 8, 2023 by 36 Comments

After the Pi 4 released, a discovery was quickly made that the internals of the popular single-board computer use PCIe to communicate with each other. This wasn’t an accessible PCIe bus normally available in things like desktop computers for expansion cards, though; this seemed to be done entirely internally. But a few attempts were made to break out the PCIe capabilities and connect peripherals to it anyway, with varying levels of success. The new Pi 5 seems to have taken that idea to its logical conclusion and included a PCIe connector, and [George] is showing us a way to interface with this bus.

The bus requires the port to be enabled, but once that’s done it’s ready to be used. First, though, some support circuitry needs to be worked out which is why [George] is reverse engineering the system to see what’s going on under the hood. There are a few handshakes that happen before it will work with any peripherals, but with that out of the way a PCIe card can be connected. [George] removed the connector to solder wires to the board directly in order to connect a proper PCIe port allowing a variety of cards to be connected, in this case a wireless networking card and an old Firewire card. This specific build only allows Gen 1 speeds, but the bus itself supports faster connections in theory with better wiring and support circuitry.

While it might not be the prettiest solution, as [George] admits, it does a great job of showing the inner workings of this communication protocol and its use in the new, more powerful Raspberry Pi 5. This makes a lot of things more accessible, such as high-speed PCIe HATs allowing for a wide range of expansion for these popular single-board computers, which wouldn’t have been possible before. If you’re still stuck with a Pi 4, though, don’t despair. You can still access the PCIe bus on these older models but it’ll take a little bit more work.

Thanks to [CJay] for the tip!

Continue reading “Getting PCIe Working On The New Pi 5”

Browsing The WWW On A 1980s IBM PC Using MicroWeb

November 6, 2023 by 12 Comments

Do you ever sit at your 1981 vintage IBM PC and get the urge to pop onto that newfangled ‘WWW’ to stay up to date on all the goings-on in the world? Fret not, because [Al’s Geek Lab] has you covered with a new video (also embedded below), which you will unfortunately have to watch on a device that was made at the very least in the late 1990s. What makes this feat possible is a miniscule web browser called MicroWeb, created by [jhhoward], that will happily run on an 8088 CPU or compatible, without requiring any fiddling with EMS or similar RAM extensions.

Of course, you do need to have some kind of way to actually connect to the World Wide Web, which can be an ISA network expansion card, EtherSlip, as well as using a thin client as a network bridge with some Serial Line Interface Protocol (SLIP) action. Of course, some limitations exist, in that graphics and CSS are not rendered, JavaScript is totally off-limits, and for HTTPS-only websites a workaround like retro-proxy has to be used as TLS encryption would be completely unusable on a couple-of-MHz-CPU.

There’s also the FrogFind service, which will helpfully strip down a target website down to its barest HTML essentials, along with the 68K News site that strips down Google News, so that you can enjoy the WWW in its text-based glory as it would have looked in the early 1980s.

(Thanks to [Stephen Walters] for the tip)

Continue reading “Browsing The WWW On A 1980s IBM PC Using MicroWeb”

This Week In Security: CVSS 4, OAuth, And ActiveMQ

November 3, 2023 by 4 Comments

We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times a minor problem in a library is a major problem in certain use cases, and not an issue at all in others. And with some of those issues in mind, let’s take a look at the fourth version of the Common Vulnerability Scoring System.

One of the first tweaks to cover is the de-emphasis of the base score. Version 3.1 did have optional metrics that were intended to temper the base score, but this revision has beefed that idea up with Threat Metrics, Environmental Metrics, and Supplemental Metrics. These are an attempt to measure how likely it is that an exploit will actually be used. The various combinations have been given names. Where CVSS-B is just the base metric, CVSS-BT is the base and threat scores together. CVSS-BE is the mix of base and environmental metrics, and CVSS-BTE is the combination of all three.

Another new feature is multiple scores for a given vulnerability. A problem in a library is first considered in a worst-case scenario, and the initial base score is published with those caveats made clear. And then for each downstream program that uses that library, a new base score should be calculated to reflect the reality of that case. Continue reading “This Week In Security: CVSS 4, OAuth, And ActiveMQ”

Digital Photography Comes To The Apple II

November 1, 2023 by 8 Comments

Back in the very early days of consumer digital photography, one of the first stars of the new medium came from Apple. The QuickTake 100 used a novel flat form factor and at its highest resolution could only shoot 640×480 images, but at the time it was a genuine object of desire. It came in Windows and Apple versions, and to use the Apple variant required a Mac of the day with appropriate software.

The interface was an Apple serial connector though, so it was quite reasonable for [Colin Leroy-Mira] to wonder whether it could work with Apple’s 8-bit machines. The result is QuickTake for the Apple IIc, the product that perhaps Apple should have brought us in an alternative 1994.

Fortunately the protocol has already been reverse engineered and forms part of the dcraw package, however the process of extracting the code wasn’t easy. The full resolution and colour of the original pictures has to be sacrificed, and of course once the custom serial cable has been made it’s a painfully slow process transferring the pictures. But to get anything running in this way on such elderly hardware which was never intended to  perform this task is an extremely impressive feat. We would have given anything for this, back in the 8-bit days.

If you have a QuickTake and want to use a more modern machine, we’ve got you covered there, too.

Custom Fume Hood For Safe Electroless Plating

October 22, 2023 by 10 Comments

There are plenty of chemical processes that happen commonly around the house that, if we’re really following safety protocols to the letter, should be done in a fume hood. Most of us will have had that experience with soldering various electronics, especially if we’re not exactly sure where the solder came from or how old it is. For [John]’s electroless plating process, though, he definitely can’t straddle that line and went about building a fume hood to vent some of the more harmful gasses out of a window.

This fume hood is pretty straightforward and doesn’t have a few of the bells and whistles found in commercial offerings, but this process doesn’t really require things like scrubbing or filtering the exhaust air so he opted to omit these pricier and more elaborate options. What it does have, though, is an adjustable-height sash, a small form factor that allows it to easily move around his shop, and a waterproof, spill-collecting area in the bottom. The enclosure is built with plywood, allowing for openings for an air inlet, the exhaust ducting, and a cable pass-through, and then finished with a heavy-duty paint. He also included built-in lighting and when complete, looks indistinguishable from something we might buy from a lab equipment supplier.

While [John] does admit that the exhaust fan isn’t anything special and might need to be replaced more often than if he had gone with one that was corrosion-resistant, he’s decided that the cost of this maintenance doesn’t outweigh the cost of a specialized fan. He also notes it’s not fire- or bomb-proof, but nothing he’s doing is prone to thermal anomalies of that sort. For fume hoods of all sorts, we might also recommend adding some automation to them so they are used any time they’re needed.

Continue reading “Custom Fume Hood For Safe Electroless Plating”

Humble Arduino As PLC

October 19, 2023 by 33 Comments

On the surface, a programmable logic controller (PLC) might seem like nothing more than a generic microcontroller, perhaps outfitted to operate in industrial settings with things like high temperatures or harsh vibrations. While this is true to some extent, PLCs also have an international standard for their architecture and programming languages. This standard is maintained by the International Electrotechnical Commission, making it so that any device built under these specifications will be recognizable to control engineers and maintenance personnel worldwide. And, if you use this standard when working with certain Arduinos, this common platform can become a standard-compliant PLC as well.

The IDE itself supports programming ladder diagrams, functional block diagrams, and other programming systems covered under the IEC 61131-3 standard. Not only that, it allows the combination of these types of PLC programming with Arduino sketches. The system offers many of the perks of PLC programming alongside the familiar Arduino platform, and supports a number of protocols as well including CANOpen, Modbus RTU, and Modbus TCP. It can also be used for monitoring a PLC system, essentially adding IoT capabilities to existing systems, enabling continuous monitoring, debugging, and program updates.

While not every Arduino is a great platform to build a PLC around, there are a few available for those looking for a system a little less proprietary and a little more user-friendly than typical PLC systems tend to be. There’s a reason that PLCs are built around an international standard and generally have certain hardware in mind to run it, though, and this comparison of a Raspberry Pi with an off-the-shelf PLC goes into detail about why certain components aren’t good choices for PLCs.