This Week In Security: WinRAR, DNS Disco, And No Silver Bullets

So what does WinRAR, day trading, and Visual Basic have in common? If you guessed “elaborate malware campaign aimed at investment brokers”, then you win the Internet for the day. This work comes from Group-IB, another cybersecurity company with a research team. They were researching a malware known as DarkMe, and found an attack on WinRAR being used in the wild, using malicious ZIP files being spread on a series of web forums for traders.

Among the interesting tidbits of the story, apparently at least one of those forums locked down the users spreading the malicious files, and they promptly broke into the forum’s back-end and unlocked their accounts. The vulnerability itself is interesting, too. A rigged zip file is created with identically named image file and folder containing a script. The user tries to open the image, but because the zip is malformed, the WinRAR function gets confused and opens the script instead.

Based on a user’s story from one of those forums, it appears that the end goal was to break into the brokers’ trading accounts, and funnel money into attacker accounts. The one documented case only lost $2 worth of dogecoin.

There was one more vulnerability found in WinRAR, an issue when processing malicious recovery volumes. This can lead to code execution due to a memory access error. Both issues were fixed with release 6.23, so if you still have a WinRAR install kicking around, make sure it’s up to date! Continue reading “This Week In Security: WinRAR, DNS Disco, And No Silver Bullets”

RPDot: The RP2040 Dev Board Barely Bigger Than The Chip

Is [William Herr]’s RPDot actually the world’s smallest RP2040 dev board? We can’t say for sure, but at 10 mm on a side, we’d say it has a pretty good shot at the record.

Not that it really matters, mind you — the technical feat of building a fully functional dev board that’s only 3 mm longer on each side than the main chip is the kind of stuff we love to see. [William] says he took inspiration from the [SolderParty] RP2040 Stamp, which at one inch (25.4 mm) on a side is gigantic compared to the RPDot. Getting the RP2040 and all the support components, which include an 8MB QSPI Flash chip, a 3V3 LDO, a handful of 0201 passives, and even a pair of pushbuttons, required quite a lot of design tweaking. He started his PCB design as a four-layer board; while six layers would have made things easier, the budget wouldn’t allow such extravagance for a prototype. Still, he somehow managed to stuff everything in the allotted space and send the designs off — only to get back defective boards.

After reordering from a different vendor, the real fun began. Most of the components went on the front side of the board and were reflowed using a hot plate. The RP2040 itself needed to go on the back side, which required gentle hot air reflow so as not to disrupt the other side of the board. The results look pretty good, although those castellated edges look a little worse for the wear. Still, for someone who only ever worked with 0402 components before, it’s pretty impressive.

[William] says he’s going to open-source the designs as well as make some available for sale. We’ll be looking out for those and other developments, but for now, it’s just pretty cool to see such SMD heroics.

Next-Gen Autopilot Puts A Robot At The Controls

While the concept of automotive “autopilots” are still in their infancy, pretty much any aircraft larger than an ultralight will have some mechanism to at least hold a fixed course and altitude. Typically the autopilot system is built into the airplane’s controls, but this new system replaces the pilot themselves in a manner reminiscent of the movie Airplane.

The robot pilot, known as PIBOT, uses both AI and robotics technology to fly the airplane without altering the aircraft. Unlike a normal autopilot system, this one can be fed the aircraft’s manuals in natural language, understand them, and use that information to fly the airplane. That includes operating any of the aircraft’s cockpit controls, not just the control column and pedal assembly. Supposedly, the autopilot can handle everything from takeoff to landing, and operate capably during heavy turbulence.

The Korea Advanced Institute of Science and Technology (KAIST) research team that built the machine hopes that it will pave the way for more advanced autopilot systems, and although this one has only been tested in simulators so far it shows enormous promise, and even has certain capabilities that go far beyond human pilots’ abilities including the ability to remember a much wider variety of charts. The team also hopes to eventually migrate the technology to the land, especially military vehicles, although we’ve seen how challenging that can be already.

Flexure PCB Actuators Made Before Your Very Eyes

When we see something from [Carl Bugeja], we expect to see flexible PCBs and magnets being pushed to do unexpected things. His latest video in which he designs a set of PCB actuators using flexure joints certainly doesn’t fail to please.

His intent is to create a simple actuator in which a magnet is placed over a coil, and moves upward within the confines of he flexure which surrounds it. And rather than try individual designs one after the other he’s created a huge all-in-one test array of different flexure actuators, each having a slightly different design and construction to whichever one is next to it. There are plenty of magnet flips as he tests them, and using this approach he’s quickly able to eliminate the designs which work less well.

To give an idea how these actuators might be best used, he tried them in a few applications. Their lifting force is relatively tiny, but he found them possibly suitable for a haptic feedback device. Of particular interest is that as the structure is a PCB it’s relatively straightforward to run a line to the magnet and turn it into a touch sensor. The idea of an all in one sensor and haptic feedback component is rather appealing, we think.

If you’ve not seen Carl’s work before, we’ve encountered him many times over the years.

Continue reading “Flexure PCB Actuators Made Before Your Very Eyes”

Supremely-tough Glass Performs Under Pressure

There’s some nifty research from the University of Bayreuth, together with partners in China and the U.S., on creating supremely tough aluminosilicate glass that boasts an unusual structure. The image above represents regular glass structure on the left, and the paracrystalline structure on the right.

Aluminosilicate, which contains silicon, aluminum, boron and oxygen, is a type of oxide glass. Oxide glasses are a group to which borosilicate and other common glasses belong. Structurally speaking, these glasses all have a relatively disordered internal structure. They’re known for their clarity, but not especially their durability. Continue reading “Supremely-tough Glass Performs Under Pressure”

Squid-Con Brings Joy To All

While we’re always happy to see accessibility aids come into fruition, most of them focus on daily tasks, not that there’s anything wrong with that. But what about having some fun? That’s the idea behind [Akaki Kuumeri]’s accessibly-awesome Joy-Con controller, the Squid-Con, which provides access to every button with just one hand. It even has tripod and AMPS mounts.

The joysticks themselves are controlled with the thumb and pinky, although some of [Akaki]’s beta testers changed it up a bit. That’s okay, because it’s designed to be comfortable in a variety of positions for either hand. As for the ABXY buttons, those are actuated using 3D-printed arms that connect to a central piece which [Akaki] calls the turbine.

But perhaps the coolest part of this project is the flexures that actuate the shoulder buttons (L, R, zL, and zR) on the controllers. It’s a series of four arms that are actuated by bringing the fingers back toward the palm. If all of this sounds confusing, just check out the video after the break.

We love flexures around here, and we’ve seen them in everything from cat feeding calendars to 6-DOF positioners to completely new kinds of joysticks.

Continue reading “Squid-Con Brings Joy To All”

Hackaday Prize 2023: Ubo Project: Building For Builders

The Ubo Pod by [Mehrdad Majzoobi] is a very highly polished extension pack and enclosure for the Raspberry Pi 4, which shows you how far you can go to turn a bare PCB into something that rivals the hardware offerings from Google and others. Gadgets like the Sonos speakers and Amazon or Google’s covert listening devices (aka Echo, Alexa, or whatever they’re branded as) are fun to play with. Still, the difficulty of hacking custom applications into them and god-forbid adding one’s own extension hardware, makes them fairly closed ecosystems. Add in the concerns of privacy and data security; they look less and less attractive the closer you look. Luckily the Raspberry Pi and its friends have improved the accessibility to the point where it’s positively easy to create whatever you want with whatever hardware you need, and to that end we think [Mehrdad] has done a splendid job.

The custom top PCB sits below the wooden top surface, hosting a central LCD display with push buttons located around it. Also sitting atop are some IR transmitters and receivers as well as RGB LEDs for the ring lighting. This top PCB acts as a RPi hat, and plugs into an RPi4 below, which then attaches to a side board via some PCB-mounted connectors, matching up with the USB and audio connectors. This board seems to act purely as an interconnect and form-factor adaptor allowing interfaces to be presented more conveniently without needing wires. This makes for a very clean construction. Extensive use of resin printing is shown, with lots of nice details of how to solve problems such as LED diffusion and bleeding. Overall, a very slick and well-executed project, that is giving us a few ideas for our own projects.

This type of project is commonplace on these fair pages, like this DIY smart speaker for example. With the supply of pi being still a little difficult to deal with, could you roll your own or get an alternative? What about just using your old mobile phone?