This Week In Security: Ransomware Keys, IOS Woes, And More

July 19, 2019 by 12 Comments

Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to breach the command and control servers where the master keys were stored. It’s yet to be known whether this breach was the cause for the retirement, or was a result of it.

Apple’s Secure Enclave is Broken?

A Youtube video and Reddit thread show a way to bypass the iPhone’s TouchID and FaceID, allowing anyone to access the list of saved passwords. The technique for breaking into that data? Tap the menu option repeatedly, and cancel the security prompts. Given enough rapid tries, the OS gives up on the validation and simply shows the passwords!

The iPhone has an onboard security chip, the Secure Enclave, that is designed to make this sort of problem nearly impossible. The design specification dictates that data like passwords are encrypted, and the only way to decrypt is to use the Enclave. The purpose is to mitigate the impact of programming bugs like this one. It seems that the issue is limited to the iOS 13 Beta releases, and you’d expect bugs in beta, but a bug like this casts some doubt on the effectiveness of Apple’s Security Enclave.

URL Scheme Hijacking

Our next topic is also iOS related, though it’s possible the same issue could effect Android phones: URL scheme problems. The researchers at Trend Micro took a look at how iOS handles conflicting app URLs. Outside of the normal http: and https: URLs, applications can register custom URL schemes in order to simplify inter-process communication. The simplest example is something like an email address and the mailto: scheme. Even on a desktop, using one of these links will open a different application to handle that request. What could go wrong?

One weakness in using URL schemes like this is that not all apps properly validate what launched the request, and iOS allows multiple apps to use the same URL scheme. In the example given, a malicious app could register the same URL handler as the target, and effectively launch a man-in-the-middle attack.

Bluekeep, and Patching Systems

It has been five weeks since Bluekeep, the Remote Desktop Protocol vulnerability, was revealed. Approximately 20% of the vulnerable systems exposed to the internet have been patched. Bitsight has been running scans of the remaining vulnerable machines, and estimates about 800,000 remaining vulnerable systems. You may remember this particularl vulnerability was considered so problematic that even the NSA released a statement encouraging patching. So far, there hasn’t been a worm targeting the vulnerability, but it’s assumed that at least some actors have been using this vulnerability in attacks.

Farting Baseball; From The Makers Of Self-Solving Rubik’s Cube

July 19, 2019 by 12 Comments

Some hackers have a style all their own that is immediately recognizable from one project to the next. For instance, you can tell a [Takashi Kaburagi] by its insides. The behavior of his Farting Baseball project (machine translation) is amusing, but the joke is only skin deep. Look inside and you’ll gain a huge appreciation for what has been done here. It’s not as mind-boggling as his work on the self-solving Rubiks cube robot, but the creativity and design constraints are similarly impressive.

Clever detail is the square of soft material used to cushion impact

This whimsical project is a curve ball no matter who throws it. While in flight, a jet of compressed gas can alter the trajectory at the press of a button. Inside is a small pressure vessel that is filled with HFC134A refrigerant commonly used on gas blowback pistols. It’s a non-combustible that lies in wait until a solenoid is activated to release the pressure in a powerful jet. The ball carries a CR2032 to power the wireless link for activation, but that solenoid needs more juice so capacitors are charged for this purpose.

It’s worth digging through the details on this one, including the article on measuring discharge time (machine translation). There are numerous nice touches, like the yellow Whoopee Cushion neck that directs the jet, the capacitor discharge materials so there is not an accidental activation when not in use, and clever and clean construction that make everything fit.

Another hacker with an equally iconic style is [Mohit Bhoite]’s work; make his flywire sculptures your next stop.

Continue reading “Farting Baseball; From The Makers Of Self-Solving Rubik’s Cube”

Hybrid Drones Could Have Massively Extended Flight Times

July 19, 2019 by 130 Comments

Multirotor drones truly took off with the availability of lithium polymer batteries, brushless motors, and cheap IMUs. Their performance continues to improve, but their flight time remains relatively short due to the limits of battery technology. [Nicolai Valenti] aims to solve the problem by developing a hybrid generator for drones.

The basic concept consists of a small gasoline engine, connected to a brushless motor employed as a generator. The electricity generated is used to run the main flight motors of the multirotor drone. The high energy density of gasoline helps to offset the added weight of the generator set, and [Nicolai] is aiming to reach a goal of two hours of flight time.

There are many engineering problems to overcome. Engine starting, vibration and rectification are all significant challenges, but [Nicolai] is tackling them and has already commenced flight testing. Experiments are ongoing with 500 W, 1,000 W, and 2,000 W designs, and work is ongoing to optimise the engine and electronics package.

It’s a project that holds the potential to massively expand the range of operation for medium to large multirotors, and should unlock certain capabilities that have thus far been limited by short battery runtimes. Gasoline powered drones aren’t a new idea, but we’ve seen precious little in the hybrid space. We look forward to seeiing how this technology develops. Video after the break.

Continue reading “Hybrid Drones Could Have Massively Extended Flight Times”

Turning A Single Bolt Into A Combination Lock

July 18, 2019 by 27 Comments

In our search for big-box convenience, we tend to forget that locksmiths once not only copied keys but also created complex locks and other intricate mechanisms from scratch. [my mechanics] hasn’t forgotten, and building a lock is his way of celebrating of the locksmith’s skill. Building a combination lock from a single stainless bolt is probably also showing off just a little, and we’re completely fine with that.

Granted, the bolt is a rather large one – an M20x70 – and a few other materials such as brass rod and spring wire were needed to complete the lock. But being able to look at a single bolt and slice it up into most of the stock needed for the lock is simply amazing. The head became the two endplates, while the shank was split in half lengthwise and crosswise after the threads were turned off; those pieces were later turned down into the tubes and pins needed to create the lock mechanism. The combination wheels probably could have come from another – or longer – bolt, but we like the look of the brass against the polished stainless, as well as the etched numbers and subtle knurling. The whole thing is a locksmithing tour de force, and the video below captures all of it without any fluff or nonsense.

If working in steel and brass isn’t your thing, fear not – a 3D-printed combination lock is probably within your reach. Or laser cut wood. Or even plain paper, if you’re not into the whole security thing.

Continue reading “Turning A Single Bolt Into A Combination Lock”

A (Card) Table-Top Turing Machine Of Magic: The Gathering Cards

July 18, 2019 by 8 Comments

Within normal rules of collectible card game Magic: The Gathering a player may find themselves constrained to only a single legal course of action forward. It’s a situation players could craft to frustrate their opponents, though the victims usually break free after a few moves. But under a carefully crafted scenario, players would have no choice but to become the execution engine for a Turing-complete programming language written with Magic cards via techniques detailed in this paper.

One of the authors of this paper, [Alex Churchill], started working on this challenge in 2010. We covered an earlier iteration of his work here, and his own criticism that it was dependent on player cooperation. At various points, the game rules state a player “may” take certain actions and the construct falls apart if our player chooses the wrong thing. It would be as if a computer was built out of transistors that “may” switch as commanded or not, which would not be a very reliable method of computation.

To improve reliability of this particular Turing machine execution engine, the team combed through rules and cards to devise an encoding where the player is only ever presented with a single legal course forward. This ensures deterministic execution of the instruction stream, and now with proof of Turing-completeness in hand, we congratulate [Alex] on a successful conclusion to his decade-long quest.

We have a primer available for anyone who wants a refresher on Turing machines. They are utterly impractical but fun for hackers to build, and they are typically constructed of electronics and LEDs instead of ink on cardboard.

Via Ars Technica, who have presented their own analysis of this machine.

Main image: Unspecified set of Magic: The Gathering cards by [Robert] CC BY 2.0

Live Apollo 11 Transcript On EInk Display

July 18, 2019 by 1 Comment

There are few moments in history that have ever been recorded in more detail or analyzed as thoroughly as the Apollo 11 mission to the Moon. Getting three men to our nearest celestial neighbor and back in one piece took a lot of careful planning, and recording every moment of their journey was critical to making sure things were going smoothly. As we celebrate the 50th anniversary of man’s first steps off our world, these records give us a way to virtually tag along with Armstrong, Aldrin, and Collins.

As part of the 50th anniversary festivities at the Parkes Radio Telescope in Australia, [Andrew] created a badge that would let him wear a little piece of Apollo 11. Using an ESP32 and an eInk screen, it replays the mission transcript between the crew and ground control in real-time. It’s a unique way to experience the mission made possible by that meticulous data collection that’s a hallmark of the National Aeronautics and Space Administration.

[Andrew] was inspired by the “Apollo 11 In Real Time” website, but rather than pulling the content from the Internet, he’s loaded the mission transcripts onto the ESP32’s SPIFFS filesystem as a CSV file. Not that the badge is completely offline, it does need to connect to the Internet (via a hotspot on his phone) so it can keep its internal clock synchronized with NTP. Keeping everything local does reduce power consumption compared to streaming it from the Internet, but he admits that otherwise he didn’t give much thought to energy efficiency and there’s definitely some room for improvement.

The LILYGO TTGO board he’s using combines the ESP32 with a 2.13 inch eInk display, in a formfactor not unlike the Badgy we’ve covered previously. He was able to find a STL for a 3D printed case on Thingiverse which he modified to fit a battery. Unfortunately the original model was released under a license that prevents him from distributing his modified version, but it doesn’t sound too difficult to replicate if you’re interested in building your own running ticker of humanity’s greatest adventure.

Put Those IPad Displays To Work With This EDP Adapter

July 18, 2019 by 37 Comments

Regardless of how you might feel about Apple and the ecosystem they’ve cultured over the years, you’ve got to give them some credit in the hardware department. Their “Retina” displays are a perfect example; when they brought the 2,048 by 1,536 panel to the iPad 3, the technology instantly became the envy of every tablet owner. But what if you want to use one of these gorgeous screens outside of Apple’s walled garden?

As it turns out, there are a number of options out there to use these screens on other devices, but [Arthur Jordan] wasn’t quite happy with any of them. So he did what any self respecting hacker would do, and built his own adapter for iPad 3 and 4 screens. Not that he did it completely in the dark; his design is based on the open source Adafruit Qualia driver, which in turn was based on research done by [Mike’s Mods]. A perfect example of the open source community at work.

The resulting board allows you to connect the Retina display from the iPad 3 or 4 to any device that features Embedded DisplayPort (eDP). Rather than put a dedicated port on his board, [Arthur] just left bare pads where you can solder up whatever interface method your particular gadget might use. In his case, he wanted to hook it up to an x86 UP Core SBC, so he even came up with a seperate adapter that breaks out that board’s diminutive display connector to something that can be soldered by hand.

So what’s different between the board [Arthur] developed and Adafruit’s Qualia? Primarily its been made smaller by deleting the DisplayPort connectors in favor of those bare pads, but he’s also dumped the backlight control hardware and 3.3V regulator that in his experience hasn’t been necessary with the eDP devices he’s worked with. So if space is a concern in your build, this version might be what you’re after.

We’ve seen other Retina display adapters in the past, and of course the iPad isn’t the only high-end device that’s had a screen good enough to reuse on its own. The lesson here is that if you put a must-have feature in your product, don’t be surprised when some hacker comes along and figures out how to liberate it for their own purposes.