Serious Vulnerability In European Trunked Radio System

July 26, 2023 by 41 Comments

Trunked radio systems can be difficult to wrap one’s mind around, and that’s partially by design. They’re typically used by organizations like police, firefighters, and EMS to share a limited radio frequency band with a much larger number of users than would otherwise be able to operate. From a security standpoint, it also limits the effectiveness of scanners who might not know the control methods the trunked systems are using. But now a global standard for encrypted trunked radio systems, known as TETRA, has recently been found to have major security vulnerabilities, which could result in a lot more headache than disrupted voice communications.

One of the vulnerabilities in this radio system was a known backdoor, which seems to have been protected largely via a “security through obscurity” method. Since the system has been around for about 25 years now, it was only a matter of time before this became public knowledge. The backdoor could allow non-authorized users to snoop on encrypted radio traffic. A second serious vulnerability, unrelated to this backdoor, would further allow listening to encrypted voice traffic. There are a few other minor vulnerabilities recently uncovered by the same security researchers who found these two major ones, and the current recommendation is for anyone using a TETRA system to take a look to see if they are impacted by any of these issues.

Part of the reason this issue is so concerning is that these systems aren’t just used for encrypted voice among first responders. They also are used for critical infrastructure like power grids, rail networks, and other systems controlled by SCADA. This article from Wired goes into much more detail about this vulnerability as well, and we all know that most of our infrastructure already needs significant help when it comes to vulnerabilities to all kinds of failure modes.

Thanks to [cfacer] and [ToniSoft] who sent these tips!

Photo via Wikimedia Commons.

Where Old Files Go To Die

July 26, 2023 by 30 Comments

We all lead digital lives, and we work in and on files of one sort or another. And sometimes we get attached to them. That long manifesto you poured your heart into, but nonetheless probably shouldn’t see the light of day? Love letters from former flames? Your first favorite video game that you can’t play any more, but it just sits there eating up drive space?

These are the files that are important enough that they deserve better than just a drag-and-drop into the trashcan. They deserve to be buried with dignity, and that’s just what [Ulf Schleth]’s /death/null offers us – a digital graveyard where our files no longer exist as they were, but still are allowed to linger in memory.

This is an old project, but one that tickled our funny  and poignant bones in equal parts. The pun on /dev/null probably works just a little better if you read both filepaths with a German accent in your head, but the idea translates anyway.

To use it, you simply upload your file and it gets sent to the great trashcan in the sky, but along the way a 4 x 5 matrix of colored blocks is created that represents the file, and it is registered forever in the graveyard, where you can check up on it any time you like. Of course you can’t read it – only 20 RGB triples remain – but you have the digital “gravestone” as commemoration.

Even if you don’t have any loved ones in [Ulf]’s graveyard, you can walk by and see which files others have chosen to remember. Swing on by and pay your respects to notepad.exe.

Beautifully Rebuilding A VR Headset To Add AR Features

July 25, 2023 by 12 Comments

[PyottDesign] recently wrapped up a personal project to create himself a custom AR/VR headset that could function as an AR (augmented reality) platform, and make it easier to develop new applications in a headset that could do everything he needed. He succeeded wonderfully, and published a video showcase of the finished project.

Getting a headset with the features he wanted wasn’t possible by buying off the shelf, so he accomplished his goals with a skillful custom repackaging of a Quest 2 VR headset, integrating a Stereolabs Zed Mini stereo camera (aimed at mixed reality applications) and an Ultraleap IR 170 hand tracking module. These hardware modules have tons of software support and are not very big, but when sticking something onto a human face, every millimeter and gram counts.

Continue reading “Beautifully Rebuilding A VR Headset To Add AR Features”

No Fish Left Behind

July 25, 2023 by 25 Comments

For hundreds of years, Icelanders have relied on the ocean for survival. This is perhaps not surprising as it’s an isolated island surrounded by ocean near the Arctic circle. But as the oceans warm and fisheries continue to be harvested unsustainably, Iceland has been looking for a way to make sure that the fish they do catch are put to the fullest use, for obvious things like food and for plenty of other novel uses as well as they work towards using 100% of their catch.

After harvesting fish for food, most amateur fishers will discard around 60% of the fish by weight. Some might use a portion of this waste for fertilizer in a garden, but otherwise it is simply thrown out. But as the 100% Fish Project is learning, there are plenty of uses for these parts of the fish as well. Famously, cod skin has been recently found to work as skin grafts for humans, while the skin from salmon has been made into a leather-type product and the shells of crustaceans like shrimp can be made into medicine. The heads and bones of fish can be dried and made into soups, and other parts of fish can be turned into things like Omega-3 capsules and dog treats.

While we don’t often feature biology-related hacks like this, out-of-the-box thinking like this is an important way to continue to challenge old ideas, leave less of a footprint, improve human lives, and potentially create a profitable enterprise on top of all of that. You might even find that life in the seas can be used for things you never thought possible before, like building logic gates out of crabs.

Thanks to [Ben] for the tip!

486 Gets Animated Turbo Button Thanks To Arduino

July 25, 2023 by 27 Comments

There was a point in time, excruciatingly brief, in which desktop computers often had a large “TURBO” button on their front panel. Some even featured an LED display that would indicate the current CPU frequency, providing visual conformation that your machine had leaped to a blistering 66 MHz.

The 486 that [someyob] is restoring had the Turbo button, but sadly there was just a simple LED to show whether or not it was engaged. But there was a window in the front panel where it seemed like a numerical display was intended to go, so they decided to wire up their own CPU indicator by sensing the state of the Turbo LED with an Arduino Pro Mini.

Now to modern audiences, this might seem like cheating. After all, the Arduino isn’t actually measuring the CPU speed, nor is it directly controlling it (that’s still done by the original Turbo button wiring). But the truth is, even back in the day, the CPU frequency displays faked it — they just toggled between showing two predefined frequencies depending on the state of the button. The arrangement [someyob] has come up with does the same thing, except now there’s some extra processing power in the mix, so the display can show some slick animations as it switches between 33 and 66 Mhz.

In the GitHub repository, [someyob] has provided the Arduino source code and schematics showing how the microcontroller was shoehorned into the existing front panel wiring without compromising its functionality. There’s even a brief video below that shows the display in operation.

Like the idea but don’t have a 486 laying around? Don’t worry. We’ve seen a similar panel built for modern machines that  just doesn’t look the part, it actually manages to be functional.

Continue reading “486 Gets Animated Turbo Button Thanks To Arduino”

Debian Officially Adds RISC-V Support

July 25, 2023 by 21 Comments

As time goes on, more and more computer manufacturers are moving towards the ARM architecture and away from the bloated and outdated x86 instruction set. Apple is the most prominent producer to take this step, but plenty others are using ARM for its flexibility and efficiency. The only problem with ARM is that it’s licensed, so if you want to go even further down the open-source path the RISC-V instruction set is the next logical step. Now at least one mainline Linux distribution will officially support this architecture.

While Debian did have some support for RISC-V before this as a Debian port, which was not officially part of Debian. However, the official support will begin with the release of Debian 13, which is currently in the testing phase and hasn’t seen a stable release yet. To that end, the current state of this official version is extremely limited, being described as “almost empty” but with planned support for an initial 90 packages in the coming days. Most users working on a RISC-V platform will most likely to continue to use their Debian ports version.

It might be a little while before the RISC-V version is as full-featured as the ARM or x86 versions of this Linux distribution, but we are happy to see it move in this direction at all. And don’t think that RISC-V is limited to embedded systems or otherwise limited computing platforms, either. We’ve seen full Linux desktops with RISC-V processors since at least 2019.

Car Security System Monitors Tiny Voltage Fluctuations

July 25, 2023 by 43 Comments

As the old saying goes, there’s no such thing as a lock that can’t be picked. However, it seems like there are plenty of examples of car manufacturers that refuse to add these metaphorical locks to their cars at all — especially when it comes to securing the electronic systems of vehicles. Plenty of modern cars are essentially begging to be attacked as a result of such poor practices as unencrypted CAN busses and easily spoofed wireless keyfobs. But even if your car comes from a manufacturer that takes basic security precautions, you still might want to check out this project from the University of Michigan that is attempting to add another layer of security to cars.

The security system works like many others, by waiting for the user to input a code. The main innovation here is that the code is actually a series of voltage fluctuations that are caused by doing things like turning on the headlights or activating the windshield wipers. This is actually the secondary input method, though; there is also a control pad that can mimic these voltage fluctuations as well without having to perform obvious inputs to the vehicle’s electrical system. But, if the control pad isn’t available then turning on switches and lights to input the code is still available for the driver. The control unit for this device is hidden away, and disables things like the starter motor until it sees these voltage fluctuations.

One of the major selling points for a system like this is the fact that it doesn’t require anything more complicated than access to the vehicle’s 12 volt electrical system to function. While there are some flaws with the design, it’s an innovative approach to car security that, when paired with a common-sense approach to securing modern car technology, could add some valuable peace-of-mind to vehicle ownership in areas prone to car theft. It could even alleviate the problem of cars being stolen via their headlights.

Continue reading “Car Security System Monitors Tiny Voltage Fluctuations”