This Week In Security: 0-Days, Pwn2Own, IOS And Tesla

LILIN DVRs and cameras are being actively exploited by a surprisingly sophisticated botnet campaign. There are three separate 0-day vulnerabilities being exploited in an ongoing campaigns. If you have a device built by LILIN, go check for firmware updates, and if your device is exposed to the internet, entertain the possibility that it was compromised.

The vulnerabilities include a hardcoded username/password, command injection in the FTP and NTP server fields, and an arbitrary file read vulnerability. Just the first vulnerability is enough to convince me to avoid black-box DVRs, and keep my IP cameras segregated from the wider internet.

Continue reading “This Week In Security: 0-Days, Pwn2Own, IOS And Tesla”

Faking Your Way To USB-C Support On Laptops Without It

Is there no end to the dongle problem? We thought the issue was with all of those non-USB-C devices that want to play nicely with the new Macbooks that only have USB-C ports. But what about all those USB-C devices that want to work with legacy equipment?

Now some would say just grab yourself a USB-C to USB-A cable and be done with it. But that defeats the purpose of USB-C which is One-Cable-To-Rule-Them-All[1]. [Marcel Varallo] decided to keep his 2011 Macbook free of dongles and adapter cables by soldering a USB-C port onto a USB 2.0 footprint on the motherboard.

How is that even possible? The trick is to start with a USB-C to USB 3 adapter. This vintage of Macbook doesn’t have USB 3, but the spec for that protocol maintains backwards compatibility with USB 2. [Marcel] walks through the process of freeing the adapter from its case, slicing off the all-important C portion of it, and locating the proper signals to route to the existing USB port on his motherboard.

[1] Oh my what a statement! As we’ve seen with the Raspberry Pi USB-C debacle, there are actually several different types of USB-C cables which all look pretty much the same on the outside, apart from the cryptic icons molded into the cases of the connectors. But on the bright side, you can plug either end in either orientation so it has that going for it.

Measuring UV-C For About $5

Looking to sterilize something? Give it a good blast of the old UV-C. Ultraviolet radiation in the shortest wavelength band breaks down DNA and RNA, so it’s a great way to kill off any nasties that are lurking. But how much UV-C are you using? [Akiba] at Hackerfarm has come up with the NukeMeter, a meter that measures the output of their UV-C sterilizer the NukeBox. It is built around a $2.50 sensor and a $3 Arduino.

Continue reading “Measuring UV-C For About $5”

Launch Console Delivers Enjoyment To Software Deployment

Sometimes it feels as though all the good physical interactions with machines have disappeared. Given our current germ warfare situation, that is probably a good thing. But if fewer than ten people ever will be touching something, it’s probably okay to have a little fun and make your own interfaces for things.

Fun definitely seems to be some of the inspiration behind [sethvoltz]’s retro-style launch console. This two-factor authorization token-based system is responsible for an important task that usually receives no fanfare — deploying code to production.

The console is centered around a Yubikey, which is type of hardware dongle for 2FA. Flipping the guarded toggle switch will initiate the launch sequence, and then it’s time to insert the Yubikey into the 3D-printed lock cylinder and wait for authorization. If the Raspberry Pi decides all systems are go, then the key can be turned ninety degrees and the mushroom button mashed. You have our permission to peek at the declassified demo after the break. Stick around for a CAD view inside the lock cylinder.

Console culture was great, but the old full-size cabinets sure took up a lot of space. If you’re more of a hardware person, check out this mini-console for testing multiple servos.

Continue reading “Launch Console Delivers Enjoyment To Software Deployment”

What’s In A Name For A Tool Battery Pack?

Power tools have come a long way. It used to be you needed extension cords or a generator for your tools, but now you can get just about anything with a nice rechargeable battery pack. As it turns out, most of those packs are made by the same company, and [syonyk] wanted to see how similar two different Makita packs and a Rayovac pack were. What he found was surprising. The outsides were very similar, but what was on the inside?

The Rayovac pack was easy to open and had a controller, a thermal cutoff device, and two layers of 18650 batteries. The similar Makita pack looked identical from the outside until he tried to take it apart. The maker had plugged one screw hole and used security screws instead of the Phillips heads like on the Rayovac.

Continue reading “What’s In A Name For A Tool Battery Pack?”

Introducing The Hackaday Calendar Of Virtual Events

For many of us, the social distancing procedures being used to help control the spread of COVID-19 have been a challenge. We can’t go to our hackerspaces, major events have been postponed or canceled entirely, and even getting parts has become difficult due to the immense pressure currently being placed on retailers and delivery services. For even the most stoic hacker, these are difficult times.

But you don’t have to go through it alone. We might not be able to meet in person, but that doesn’t mean the exchange of thoughts and ideas has to stop. Hackaday has started up a calendar of events you can use to keep track of virtual classes and hangouts that you can take part in from the comfort of your own home. You don’t even need to wear pants (but you should, just to be safe).

Hacker Check-in returns tomorrow at 5pm Eastern time and this weekend is packed with must-see entries. You can start your Saturday by taking part in a KiCad/FreeCAD meetup, sit in on the BSides Atlanta security conference, jump over to a hardware show and tell in New Delhi, and then cap things off with an introduction to quantum computing presented by Kitty Yeung.

Looking to be more than an idle participant? If you want to teach a class, host a show and tell, or put together a round-table discussion, drop a line to superconference@hackaday.io. Pretty much anything of interest to the hacking and making community is fair game, and who knows when you’ll ever get another chance at a captive audience like this. When you haven’t left the house in a week, there’s not a whole lot you won’t watch online.

It’s easy to see social distancing as an overreaction, but the numbers don’t lie. Things are serious out there, especially in the dense population centers where hacker events generally take place. By staying home and taking part in events virtually, we can do our part to control the spread of this virus and hopefully return things to normal that much sooner.

Put Down New Roots From Home With A Free-Form Tree Of Life

Mandalas are meditative objects that mean many things to myriad religions. Psychologist Carl Jung equated them with the concept of the Self as a whole, and put forth the notion that an urge to create mandalas signifies a period of intense personal growth.

[Sander van de Bor] took up the mandala challenge at the beginning of 2020 and decided to create several of them in free-form electronic style. If you’re looking for a healthy new way to deal, [Sander] has step-by-step instructions for making your own light-up tree of life by wrangling a wad of wires into a trunk and branches. Big bonus if you already find soldering to be soothing.

[Sander] starts by forming a circle from brass rod. This is the base for the rest of the build and will tie all the LED grounds together. The tree is twisted from a cluster of enameled copper wires that are eventually soldered together to distribute power from a coin cell out to the six SMT LEDs.

You could argue that the tree should be ground because it’s rooted to Earth, but you could also argue that the circle should be ground because the circle of life is a grounding force. Something to think about while you design and build your own, eh?

If electronic sculpture becomes your new thing, explore all the angles with the master manipulator, [Mohit Bhoite].