Arduino Cable Tracer Helps Diagnose Broken USB Cables

July 18, 2021 by 31 Comments

We’ve all found ourselves swimming amongst too many similar-looking USB cables over the years. Some have all the conductors and functionality, some are weird power-only oddballs, and some charge our phones quickly while others don’t. It’s a huge headache and one that [TechKiwiGadgets] hopes to solve with the Arduino Cable Tracer.

The tracer works with USB-A, Mini-USB, Micro-USB, and USB-C cables to determine whether connections are broken or not and also to identify wiring configurations. It’s built around the Arduino Mega 2560, which is ideal for providing a huge amount of GPIO pins that are perfect for such a purpose. Probing results are displayed upon the 2.8″ TFT LCD display that makes it easy to figure out which cables do what.

It’s a tidy build, and one that we could imagine would be very useful for getting a quick go/no-go status on any cables dug out of a junk box somewhere. Just remember to WIDLARIZE any bad cables you find so they never trouble you again. Video after the break.

Continue reading “Arduino Cable Tracer Helps Diagnose Broken USB Cables”

AUTOVON: A Phone System Fit For The Military

September 9, 2020 by 61 Comments

It’s a common enough Hollywood trope that we’ve all probably seen it: the general, chest bespangled with medals and ribbons, gazes at a big screen swarming with the phosphor traces of incoming ICBMs, defeatedly picks up the phone and somberly intones, “Get me the president.” We’re left on the edge of our seats as we ponder what it must be like to have to deliver the bad news to the boss, knowing full well that his response will literally light the world on fire.

Scenes like that work because we suspect that real-life versions of it probably played out dozens of times during the Cold War, and likely once or twice since its official conclusion. Such scenes also play into our suspicion that military and political leaders have at their disposal technologies that are vastly superior to what’s available to consumers, chief among them being special communications networks that provide capabilities we could only have dreamed of back then.

As it turns out, the US military did indeed have different and better telephone capabilities during the Cold War than those enjoyed by their civilian counterparts. But as we shall see, the increased capabilities of the network that came to be known as AUTOVON didn’t come so much from better technology, but more from duplicating the existing public switched-telephone network and using good engineering principles, a lot of concrete, and a dash of paranoia to protect it.

Continue reading “AUTOVON: A Phone System Fit For The Military”

Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack

August 7, 2020 by 5 Comments

This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?

To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.

There are several scenarios where interference can occur, the main ones are:

  • Two radio systems occupy neighboring frequencies and carrier leakage occurs
  • The harmonics of one transmitter fall on frequencies used by another system
  • Two radio systems share the same frequencies

To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.

Spectra

Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.

Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.

Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.

Continue reading “Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack”

DIY Dongle Breathes Life Into Broken Ventilators

July 15, 2020 by 51 Comments

We have a new hero in the COVID-19 saga, and it’s some hacker in Poland. Whoever this person is, they are making bootleg dongles that let ventilator refurbishers circumvent lockdown software so they can repair broken ventilators bought from the secondhand market.

The dongle is a DIY copy of one that Medtronic makes, which of course they don’t sell to anyone. It makes a three-way connection between the patient’s monitor, a breath delivery system, and a computer, and lets technicians sync software between two broken machines so they can be Frankensteined into a single working ventilator. The company open-sourced an older model at the end of March, but this was widely viewed as a PR stunt.

This is not just the latest chapter in the right-to-repair saga. What began with locked-down tractors and phones has taken a serious turn as hospitals are filled to capacity with COVID-19 patients, many of whom will die without access to a ventilator. Not only is there a shortage of ventilators, but many of the companies that make them are refusing outside repair techs’ access to manuals and parts.

These companies insist that their own in-house technicians be the only ones who touch the machines, and many are not afraid to admit that they consider the ventilators to be their property long after the sale has been made. The ridiculousness of that aside, they don’t have the manpower to fix all the broken ventilators, and the people don’t have the time to wait on them.

We wish we could share the dongle schematic with our readers, but alas we do not have it. Hopefully it will show up on iFixit soon alongside all the ventilator manuals and schematics that have been compiled and centralized since the pandemic took off. In the meantime, you can take Ventilators 101 from our own [Bob Baddeley], and then find out what kind of engineering goes into them.

36C3: All Wireless Stacks Are Broken

December 30, 2019 by 29 Comments

Your cellphone is the least secure computer that you own, and worse than that, it’s got a radio. [Jiska Classen] and her lab have been hacking on cellphones’ wireless systems for a while now, and in this talk gives an overview of the wireless vulnerabilities and attack surfaces that they bring along. While the talk provides some basic background on wireless (in)security, it also presents two new areas of research that she and her colleagues have been working on the last year.

One of the new hacks is based on the fact that a phone that wants to support both Bluetooth and WiFi needs to figure out a way to share the radio, because both protocols use the same 2.4 GHz band. And so it turns out that the Bluetooth hardware has to talk to the WiFi hardware, and it wouldn’t entirely surprise you that when [Jiska] gets into the Bluetooth stack, she’s able to DOS the WiFi. What this does to the operating system depends on the phone, but many of them just fall over and reboot.

Lately [Jiska] has been doing a lot of fuzzing on the cell phone stack enabled by some work by one of her students [Jan Ruge] work on emulation, codenamed “Frankenstein”. The coolest thing here is that the emulation runs in real time, and can be threaded into the operating system, enabling full-stack fuzzing. More complexity means more bugs, so we expect to see a lot more coming out of this line of research in the next year.

[Jiska] gives the presentation in a tinfoil hat, but that’s just a metaphor. In the end, when asked about how to properly secure your phone, she gives out the best advice ever: toss it in the blender.

John McMaster Explains Crypto Ignition Phone Keys And How To Reproduce Them

December 2, 2019 by 17 Comments

When you’re a nation state, secure communications are key to protecting your sovereignty and keeping your best laid plans under wraps. For the USA, this requirement led to the development of a series of secure telephony networks over the years. John McMaster found himself interested in investigating the workings of the STU-III secure telephone, and set out to replicate the secure keys used with this system.

An encryption key in a very physical, real sense, the Crypto Igntion Key was used with the STU-III to secure phone calls across many US government operations. The key contains a 64KB EEPROM that holds the cryptographic data.

[John] had a particular affinity for the STU-III for its method of encrypting phone calls. A physical device known as a Crypto Ignition Key had to be inserted into the telephone, and turned with a satisfying clunk to enable encryption. This physical key contains digital encryption keys that, in combination with those in the telephone, are used to encrypt the call. The tactile interface gives very clear feedback to the user about securing the communication channel. Wishing to learn more, John began to research the system further and attempted to source some hardware to tinker with.

As John explains in his Hackaday Superconference talk embeded below, he was able to source a civilian-model STU-III handset but the keys proved difficult to find. As carriers of encryption keys, it’s likely that most were destroyed as per security protocol when reaching their expiry date. However, after laying his hands on a broken key, he was able to create a CAD model and produce a mechanically compatible prototype that would fit in the slot and turn correctly.

Continue reading “John McMaster Explains Crypto Ignition Phone Keys And How To Reproduce Them”

This Week In Security: Is RSA Finally Broken? The Push For Cloud Accounts, Encrypted DNS, And More Mobile Mayhem

October 4, 2019 by 24 Comments

Ever wondered what “cyberwar” looks like? Apparently it’s a lot of guessing security questions and changing passwords. It’s an interesting read on its own, but there are some interesting clues if you read between the lines. A General in the know mentioned that Isis:

clicked on something or they did something that then allowed us to gain control and then start to move.

This sounds very similar to stories we’ve covered in the past, where 0-days are used to compromise groups or individuals. Perhaps the NSA supplied such an exploit, and it was sent in a phishing attack. Through various means, the U.S. team quietly compromised systems and collected credentials.

The article mentions something else interesting. Apparently the targets of this digital sting had also been compromising machines around the world, and using those machines to manage their efforts. The decision was made by the U.S. team to also compromise those machines, in order to lock out the Isis team. This might be the most controversial element of the story. Security researchers have wanted permission to do this for years. How should the third parties view these incursions?

The third element that I found particularly interesting was the phase 2 attack. Rather than outright delete, ban, and break Isis devices and accounts, the U.S. team installed persistent malware that emulated innocuous glitches. The internet connection is extremely laggy on certain days, certain websites simply don’t connect, and other problems. These are the sort of gremlins that networking pros spend all day trying to troubleshoot. The idea that it’s intentional gives me one more thing to worry about. Continue reading “This Week In Security: Is RSA Finally Broken? The Push For Cloud Accounts, Encrypted DNS, And More Mobile Mayhem”