Seek And Exploit Security Vulnerabilities In An Infusion Pump

January 22, 2018 by 16 Comments

Infusion pumps and other medical devices are not your typical everyday, off-the-shelf embedded system. Best case scenario, you will rarely, if ever, come across one in your life. So for wide-spread exploitation, chances are that they simply seem too exotic for anyone to bother exploring their weaknesses. Yet their impact on a person’s well-being makes potential security holes tremendously more severe in case someone decides to bother one day after all.

[Scott Gayou] is one of those someones, and he didn’t shy away from spending hundreds of hours of his free time inspecting the Smiths Medical Medfusion 4000 infusion pump for any possible security vulnerabilities. Looking at different angles for his threat model, he started with the physical handling of the device’s user interface. This allowed him to enable the external communication protocols settings, which in turn opened to the device’s FTP and Telnet ports. Not to give too much away, but he manages to gain access to both the file system content and — as a result of that — to the system’s login credentials. This alone can be clearly considered a success, but for [Scott], it merely opened a door that eventually resulted in desoldering the memory chips to reverse engineer the bootloader and firmware, and ultimately executing his own code on the device.

Understanding the implications of his discoveries, [Scott] waited long enough to publish his research so the manufacturer could address and handle these security issues. So kudos to him for fighting the good fight. And just in case the thought of someone gaining control over a machine that is crucial to your vitality doesn’t scare you enough yet, go ahead and imagine that device was actually implanted in your body.

Hackaday Belgrade Call For Proposals Now Open!

January 22, 2018 by 6 Comments

Prepare yourself for the return of Hackaday Belgrade! Our premier European conference — Hackaday Belgrade — is on 26 May and we want to hear what you’ve been working on. The Call for Proposals is now open. We seek talks and workshops exploring the most interesting uses of technology and the culture that goes along with it. This includes design, prototyping, research, manufacturing, and the stories of people and progress that move hardware hacking forward.

We’ve booked Dom Omladine for the event because it was perfect for our previous Belgrade conference in 2016. The sold-out conference became a living organism of excitement when the Hackaday community from across Europe came together. A spectacular slate of speakers presented topics like designing computing clusters for use in University research programs, combining projection mapping with high powered lasers, building hardware for advertising campaigns, uncovering forgotten projector technology called Eidophor, fully embracing Open Hardware during product development, and so much more. All of this while hundreds in attendance joined forces for some of the best hardware badge hacking we’ve ever seen.

Hackaday Belgrade is the rare kind of opportunity that is worth reorganizing your life to attend. Want to guarantee yourself a ticket? They’re not available yet, but you can hack your way into the conference: submit a proposal! In addition to the adoration of the Hackaday community, accepted speakers will receive free admission. Everyone who submits a quality talk proposal will be given priority when tickets do go on sale. This event will sell out!

For updates, keep an eye on the conference page and pop into the chat on the project page by clicking “Join this project’s team”. Do you know someone who should be a speaker at this conference? Reach out to them personally, share this CFP on social media, or let us know in the comments below so we can make it happen.

Quantum Computing Hardware Teardown

January 22, 2018 by 59 Comments

Although quantum computing is still in its infancy, enough progress is being made for it to look a little more promising than other “revolutionary” technologies, like fusion power or flying cars. IBM, Intel, and Google all either operate or are producing double-digit qubit computers right now, and there are plans for even larger quantum computers in the future. With this amount of inertia, our quantum computing revolution seems almost certain.

There’s still a lot of work to be done, though, before all of our encryption is rendered moot by these new devices. Since nothing is easy (or intuitive) at the quantum level, progress has been considerably slower than it was during the transistor revolution of the previous century. These computers work because of two phenomena: superposition and entanglement. A quantum bit, or qubit, works because unlike a transistor it can exist in multiple states at once, rather than just “zero” or “one”. These states are difficult to determine because in general a qubit is built using a single atom. Adding to the complexity, quantum computers must utilize quantum entanglement too, whereby a pair of particles are linked. This is the only way for any hardware to “observe” the state of the computer without affecting any qubits themselves. In fact, the observations often don’t yet have the highest accuracy themselves.

There are some other challenges with the hardware as well. All quantum computers that exist today must be cooled to a temperature very close to absolute zero in order to take advantage of superconductivity. Whether this is because of a reduction in thermal noise, as is the case with universal quantum computers based on ion traps or other technology, or because it is possible to take advantage of other interesting characteristics of superconductivity like the D-Wave computers do, all of them must be cooled to a critical temperature. A further challenge is that even at these low temperatures, the qubits still interact with each other and their read/write devices in unpredictable ways that get more unpredictable as the number of qubits scales up.

So, once the physics and the refrigeration are sorted out, let’s take a look at how a few of the quantum computing technologies actually manipulate these quantum curiosities to come up with working, programmable computers. Continue reading “Quantum Computing Hardware Teardown”

How Low Can An ESP8266 Go?

January 22, 2018 by 40 Comments

We’ve been tuned into coin cell designs lately given the coin cell challenge, so we were interested in [CNLohr]’s latest video about pushing the ESP8266 into the lowest-possible battery drain with coin cells. The result is a series of hacks, based on a reverse-engineered library and depends on a modified router, but that gets the power consumption down by more than a factor of ten!

Although the ESP8266 has a deep sleep mode that draws only 20 microamps or so, that isn’t as rosy as it seems. If you could go to sleep for a while, wake up for just a moment, send your data, and then go back to sleep, that might be one thing. But when you use conventional techniques, the device wakes up and has to do about ten seconds of work (at high power) to connect to a nearby access point. Then it can do what you want and go back to sleep. That ten-second hit is a killer on small batteries.

Since that’s all you can do with the standard libraries, the next step was to find [pvvx] who has reverse engineered a great deal of the libraries and provides a library with no WiFi capability. That’s a two-edged sword. The pro is you get a 30 ms startup from a deep sleep. The downside is — well — you don’t have WiFi.

Continue reading “How Low Can An ESP8266 Go?”

We Couldn’t Afford An Oculus, So We Built One

January 22, 2018 by 20 Comments

Like a lot of 16-year-olds, [Maxime Coutté] wanted an Oculus Rift. Unlike a lot of 16-year-olds, [Maxime] and friends [Gabriel] and [Jonas] built one themselves for about a hundred bucks and posted it on GitHub. We’ll admit that at 16 we weren’t throwing around words like quaternions and antiderivatives, so we were duly impressed.

Before you assume this is just a box to put a phone in like a Google Cardboard, take a look at the bill of materials: an Arduino Due, a 2K LCD screen, a Fresnel lens, and an accelerometer/gyro. The team notes that the screen is what will push the price unpredictably, but they got by for about a hundred euro. At the current exchange rate, if you add up all the parts, they went a little over $100, but they were still under $150 assuming you have a 3D printer to print the mechanical parts.

Continue reading “We Couldn’t Afford An Oculus, So We Built One”

Someone’s Made The Laptop Clive Sinclair Never Built

January 21, 2018 by 42 Comments

The Sinclair ZX Spectrum was one of the big players in the 8-bit home computing scene of the 1980s, and decades later is sports one of the most active of all the retrocomputing communities. There is a thriving demo scene on the platform, there are new games being released, and there is even new Spectrum hardware coming to market.

One of the most interesting pieces of hardware is the ZX Spectrum Next, a Spectrum motherboard with the original hardware and many enhancements implemented on an FPGA. It has an array of modern interfaces, a megabyte of RAM compared to the 48k of the most common original, and a port allowing the connection of a Raspberry Pi Zero for off-board processing. Coupled with a rather attractive case from the designer of the original Sinclair model, and it has become something of an object of desire. But it’s still an all-in-one a desktop unit like the original, they haven’t made a portable. [Dan Birch has changed all that, with his extremely well designed Spectrum Next laptop.

He started with a beautiful CAD design for a case redolent of the 1990s HP Omnbook style of laptop, but with some Spectrum Next styling cues. This was sent to Shapeways for printing, and came back looking particularly well-built. Into the case went an LCD panel and controller for the Next’s HDMI port, a Raspberry Pi, a USB hub, a USB to PS/2 converter, and a slimline USB keyboard. Unfortunately there does not seem to be a battery included, though we’re sure that with a bit of ingenuity some space could be found for one.

The result is about as good a Spectrum laptop as it might be possible to create, and certainly as good as what might have been made by Sinclair or Amstrad had somehow the 8-bit micro survived into an alternative fantasy version of the 1990s with market conditions to put it into the form factor of a high-end compact laptop. The case design would do any home-made laptop design proud as a basis, we can only urge him to consider releasing some files.

There is a video of the machine in action, which we’ve placed below the break.

Continue reading “Someone’s Made The Laptop Clive Sinclair Never Built”

Weaving With Light: An OLED Fibre Fabric Display

January 21, 2018 by 11 Comments

If you think of wearable electronic projects, in many cases what may come to mind are the use of addressable LEDs, perhaps on strips or on sewable PCBs like the Neopixel and similar products. They make an attractive twinkling fashion show, but there remains a feeling that in many cases once you have seen one project, you have seen them all.

So if you are tiring of static sewable LED projects and would like to look forward to something altogether more exciting, take a look at some bleeding-edge research from a team at KAIST, the Korean Advanced Institute of Science & Technology. They have created OLED fibres and woven them into fabric in a way that appears such that they can be lit at individual points to create addressable pixels. In this way there is potential for fabrics that incorporate entire LED displays within their construction rather than in which they serve as a substrate.

The especially interesting feature of the OLED fibres from the KAIST team is that their process does not require any high temperatures, meaning that a whole range of everyday textile fibres can be used as substrates for OLEDs. The results are durable and do not lose OLED performance under tension, meaning that there is the possibility of their becoming practical fabrics for use in garments.

While this technology is a little way away from a piece of clothing you might buy from a store, the fact that it does not rely on special processes during weaving means that when the fibres become commercially available we are likely to see their speedy adoption. Meanwhile you can buy conductive fabric, but you might have to take a multimeter to the store to find it.

Via EENewsLED, and thank you [Carl] for the tip.