Update On The BLUFFS Bluetooth Vulnerability

December 2, 2023 by 14 Comments

As we first reported in yesterday’s weekly security post, researchers at EURECOM have revealed the details (PDF, references) of a new man-in-the-middle (MITM) attack on Bluetooth 4.2 through 5.4, which has been assigned CVE-2023-24023. Like preceding CVEs, it concerns the session authentication between Bluetooth devices, where the attacker uses spoofed paired or bonded devices to force the use of a much shorter encryption key length.

The name of this newly discovered vulnerability is BLUFFS (Bluetooth Forward and Future Secrecy), where forward and future secrecy are important terms that refer to the protection of secure sessions against compromise in the past (forward, FoS) and future (FuS). The CVE presentation notes that the Bluetooth specification does not cover either FuS or FoS. In total two new architectural vulnerabilities were discovered, both of which attack the security key.

The Bluetooth SIG has released a statement regarding this attack method. Although serious, it would seem that the core issue is that some implementations allow for encryption key lengths below 7 octets:

Continue reading “Update On The BLUFFS Bluetooth Vulnerability”

The Physics Lesson I Keep Re-Learning

December 2, 2023 by 69 Comments

One of the most broadly applicable ideas I’ve ever encountered is the concept of impedance matching. If you’re into radio frequency electronics, you’re probably thinking that I mean getting all your circuit elements working to a common characteristic resistance for maximum power transfer. (If you’re not, you’re probably wondering what that jumble of words even means. Fear not!)

But I mean impedance matching in the larger sense. Think about driving a stick-shift automobile. In low gear, the engine has a lot of torque on the wheels, but it can’t spin them all that fast. In high, the wheels turn fastest, but there’s not enough torque to get you started from a standstill. Sometimes you need more force and less motion, other times more motion and less force. The gearbox lets you match the motor’s power to the resistance – the impedance – it’s trying to overcome.

Or think about a cello. The strings are tight, and vibrate with quite a bit of force, but they don’t move all that much. Air, which is destined to carry the sound to your ear, doesn’t take much force to move, and the cello would play louder if it moved more of it. So the bridge conveys the small, but strong, vibrations of the strings and pushes against the top of the resonant box that makes up the body of the instrument. This in turn pushes a lot of air, but not very hard. This is also why speakers have cones, and also why your ear has that crazy stirrup mechanism. Indeed, counting the number of impedance matches between Yo Yo Ma and your brain, I come up with four or five, including electrical matches in the pre-amp.

I mention this because I recently ran into a mismatch. Fans blow air either hard or in large volume. If you pick a fan that’s designed for volume, and put it in a pressure application, it’s like trying to start driving in fifth gear. It stalled, and almost no air got pushed up through the beans in my new “improved” coffee roaster, meaning I had to rebuild it with the old fan, and quick before the next cup was due.

I ran into this mismatch even though I knew there was a possible impedance issue there. I simply don’t have a good intuitive feel how much pressure I needed to push the beans around – the impedance in question – and I bought the wrong fan. But still, knowing that there is a trade-off is a good start. I hope this helps you avoid walking in my footsteps!

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

Generating Motion Via Nitinol Wires

December 2, 2023 by 13 Comments

Generally, when we’re looking to build something that moves we reach for motors, servos, or steppers — which ultimately are all just variations on the same concept. But there are other methods of locomotion available. As [Jamie Matthews] demonstrates, Nitinol wires can be another way to help get things moving.

Nitinol is a type of metal wire made of nickel and titanium that is also known as “memory wire”, because it can remember its former shape and transition back to it with a temperature change. [Jamie] uses this property to create a simple hand that is actuated by pieces of wire sourced from Amazon. This is actually a neat way to go, as it goes some way to mimicking how our own hands are moved by our tendons.

[Jamie] does a great job of explaining how to get started with Nitinol and how it works in a practical sense. We’ve seen it put to some wacky uses before, too, such as the basis for an airless tire.

Continue reading “Generating Motion Via Nitinol Wires”

LED Tester Also Calculates Resistor For Target Voltage

December 2, 2023 by 12 Comments

[mircemk] built a slick-looking LED tester with a couple handy functions built in. Not only can one select a target current to put through an LED, but by providing a target voltage, the system will automatically calculate the necessary series resistor. If for example the LED is destined for 14 V, this device will not only show how the LED looks at the chosen current, but will calculate the required resistor to get the same results on a 14 V system.

The buttons on the left control the target current and the voltage of the destination system. Once an LED is connected it will light up and the display indicates the LED’s forward voltage, the LED current, and the calculated series resistor value to obtain the same result at the selected target voltage. It’s a handy way to empirically dial in LED brightness values without needing to actually set up any particular test environment.

On the inside there’s little more than a handful of passive components, an Arduino, an LCD display, and a few buttons. This kind of tool reminds us of the highly clever component testers that hit the hobbyist scene years ago, showing what kind of advanced tricks a modern microcontroller is capable of with the right programming. (Here’s a look at how those work, if you’re interested in some deeper details.)

[mircemk] demonstrates his tool in the video, embedded below. We particularly like the attention he paid to the enclosure, giving it a very functional layout. It goes to show that when designing something, it’s never too early to consider enclosure and UI layout.

Continue reading “LED Tester Also Calculates Resistor For Target Voltage”

Print Your Own Brain Lamp From MRI Data

December 1, 2023 by 12 Comments

MRIs generally fall somewhere on the scale from boring to stressful depending on why you’re having one and how claustrophobic you get. Regardless, they’re a wonderful diagnostic tool and they’ve saved thousands if not millions of lives over the years. In a fun use of the technology, [mandalaFractals] has shown us how to make a 3D-printed brain lamp using an MRI scan of the head.

The build starts with an off-the-shelf lamp base and a smart LED bulb as the light source, though you could swap those out as desired for something like a microcontroller, a USB power supply, and addressable LEDs if you were so inclined. The software package Slicer is then used to take an MRI brain scan and turn it into something that you can actually 3D print. It’ll take some cleaning up to remove artifacts and hollow it out, but it’s straightforward enough to get a decent brain model out of the data. Alternatively, you can use someone else’s if you don’t have your own scan. Then, all you have to do is print it in a couple of halves, and pop it on the lamp base, and you’re done!

It’s a pretty neat build. Who wouldn’t love telling their friends that their new brain lamp was an accurate representation of their own grey noodles, after all? It could be a fun gift next time Halloween rolls around, too!

Meanwhile, if you’ve got your own MRI hacks that you’ve been cooking up, don’t hesitate to let us know!

Cat-o-Matic 3000 Serves Your Feline Masters

December 1, 2023 by 8 Comments

When you have three cats and three humans, you have one problem: feeding them on a schedule without over or under feeding them. Even if there was only one human in the equation, the Cat-o-Matic 3000 would still be a useful tool.

Essentially, it’s a traffic light for cats — where green means you are go for feeding, and red means the cat was just fed. Yellow, of course, means the cat is either half-full or half-empty, depending on your outlook.

The brains of this operation is an ATmega88PA leftover from another project. There’s a no-name voltage regulator that steps up the two AA cells to 5 volts. Timing comes from a 32 kHz crystal that allows the microcontroller to stay in power-saving sleep mode for long periods of time.

Creator [0xCAFEAFFE] says the firmware was cobbled together from other projects. Essentially, it wakes up once per second to increment the uptime counter and then goes back to sleep. Short-pressing a button shows the feeding status, and long-pressing it will reset the timer.

Wanna make a cat status indicator without electronics? Give flexures a try.

Robot Pianist Runs On Arduino Nano

December 1, 2023 by 7 Comments

The piano has been around for a long time now. Not long after its invention, humans started contemplating how they could avoid playing it by getting a machine to do the job instead. [vicenzobit] is the latest to take on this task, building a “Robot Pianista” that uses a simple mechanism to play a tune under electronic command (Spanish language, Google Translate link).

An Arduino Nano is the heart of the build, paired with a shield that lets it run a number of servo motors. The servos, one per key, are each assembled into a 3D-printed bracket with a cam-driven rod assembly. When the servo turns, the cam turns, and pushes down a rod that presses the piano key.

The build is limited in the sense that you can only play as many keys as you have servo channels, but nonetheless, it does the job. With eight servos, it’s able to play a decent rendition of Ode to Joy at a steady tempo, and that’s an excellent start.

We’ve featured some great mechanized instruments before, too. Video after the break.

Continue reading “Robot Pianist Runs On Arduino Nano”