cons

1388 Articles

36C3: Build Your Own Quantum Computer At Home

December 30, 2019 by 20 Comments

In any normal situation, if you’d read an article that about building your own quantum computer, a fully understandable and natural reaction would be to call it clickbaity poppycock. But an event like the Chaos Communication Congress is anything but a normal situation, and you never know who will show up and what background they will come from. A case in point: security veteran [Yann Allain] who is in fact building his own quantum computer in his garage.

Starting with an introduction to quantum computing itself, and what makes it so powerful also in the context of security, [Yann] continues to tell about his journey of building a quantum computer on his own. His goal was to build a stable computer he could “easily” create by himself in his garage, which will work at room temperature, using trapped ion technology. After a few iterations, he eventually created a prototype with KiCad that he cut into an empty ceramic chip carrier with a hobbyist CNC router, which will survive when placed in a vacuum chamber. While he is still working on a DIY laser system, he feels confident to be on the right track, and his estimate is that his prototype will achieve 10-15 qubits with a single ion trap, aiming to chain several ion traps later on.

As quantum computing is often depicted as cryptography’s doomsday device, it’s of course of concern that someone might just build one in their garage, but in order to improve future cryptographic systems, it also requires to fully understand — also on a practical level — quantum computing itself. Whether you want to replicate one yourself, at a rough cost of “below 15k Euro so far” is of course a different story, but who knows, maybe [Yann] might become the Josef Prusa of quantum computers one day.

Continue reading “36C3: Build Your Own Quantum Computer At Home”

36C3: SIM Card Technology From A To Z

December 30, 2019 by 1 Comment

SIM cards are all around us, and with the continuing growth of the Internet of Things, spawning technologies like NB-IoT, this might as well be very literal soon. But what do we really know about them, their internal structure, and their communication protocols? And by extension, their security? To shine some light on these questions, open source and mobile device titan [LaForge] gave an introductory talk about SIM card technologies at the 36C3 in Leipzig, Germany.

Starting with a brief history lesson on the early days of cellular networks based on the German C-Netz, and the origin of the SIM card itself, [LaForge] goes through the main specification and technology parts of each following generation from 2G to 5G. Covering the physical basics, I/O interfaces, communication protocols, and the file system located on the SIM card, you’ll get the answer to “what on Earth is PIN2 for?” along the way.

Of course, a talk like this, on a CCC event, wouldn’t be complete without a deep and critical look at the security side as well. Considering how over-the-air updates on both software and — thanks to mostly running Java nowadays — feature side are more and more common, there certainly is something to look at.

Continue reading “36C3: SIM Card Technology From A To Z”

Jeremy Cook Is Living His Strandbeest Dream

December 30, 2019 by 5 Comments

The first thing Jeremy Cook thought when he saw a video of Theo Jansen’s Strandbeest walking across the beach was how incredible the machine looked. His second thought was that there was no way he’d ever be able to build something like that himself. It’s a feeling that most of us have had at one time or another, especially when starting down a path we’ve never been on before.

But those doubts didn’t keep him from researching how the Strandbeest worked, or stop him from taking the first tentative steps towards building his own version. It certainly didn’t happen overnight. It didn’t happen over a month or even a year, either.

ClearCrawler at the 2019 Hackaday Superconference

For those keeping score, his talk at the 2019 Hackaday Superconference, “Strandbeests: From Impossible Build to Dominating My Garage” is the culmination of over six years of experimentation and iteration.

His first builds could barely move, and when they did, it wasn’t for long. But the latest version, which he demonstrated live in front of a packed audience at the LA College of Music, trotted across the stage with an almost otherworldly smoothness. To say that he’s gotten good at building these machines would be something of an understatement.

Jeremy’s talk is primarily focused on his Strandbeest creations, but it’s also a fascinating look at how a person can gradually move from inspiration to mastery through incremental improvements. He could have stopped after the first, second, or even third failure. But instead he persisted to the point he’s an expert at something he once believed was out of his reach.

Continue reading “Jeremy Cook Is Living His Strandbeest Dream”

36C3: All Wireless Stacks Are Broken

December 30, 2019 by 29 Comments

Your cellphone is the least secure computer that you own, and worse than that, it’s got a radio. [Jiska Classen] and her lab have been hacking on cellphones’ wireless systems for a while now, and in this talk gives an overview of the wireless vulnerabilities and attack surfaces that they bring along. While the talk provides some basic background on wireless (in)security, it also presents two new areas of research that she and her colleagues have been working on the last year.

One of the new hacks is based on the fact that a phone that wants to support both Bluetooth and WiFi needs to figure out a way to share the radio, because both protocols use the same 2.4 GHz band. And so it turns out that the Bluetooth hardware has to talk to the WiFi hardware, and it wouldn’t entirely surprise you that when [Jiska] gets into the Bluetooth stack, she’s able to DOS the WiFi. What this does to the operating system depends on the phone, but many of them just fall over and reboot.

Lately [Jiska] has been doing a lot of fuzzing on the cell phone stack enabled by some work by one of her students [Jan Ruge] work on emulation, codenamed “Frankenstein”. The coolest thing here is that the emulation runs in real time, and can be threaded into the operating system, enabling full-stack fuzzing. More complexity means more bugs, so we expect to see a lot more coming out of this line of research in the next year.

[Jiska] gives the presentation in a tinfoil hat, but that’s just a metaphor. In the end, when asked about how to properly secure your phone, she gives out the best advice ever: toss it in the blender.

36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware

December 29, 2019 by 29 Comments

With open source software, we’ve grown accustomed to a certain level of trust that whatever we are running on our computers is what we expect it to actually be. Thanks to hashing and public key signatures in various parts in the development and deployment cycle, it’s hard for a third party to modify source code or executables without us being easily able to spot it, even if it travels through untrustworthy channels.

Unfortunately, when it comes to open source hardware, the number of steps and parties involved that are out of our control until we have a final product — production, logistics, distribution, even the customer — makes it substantially more difficult to achieve the same peace of mind. To make things worse, to actually validate the hardware on chip level, you’d ultimately have to destroy it.

On his talk this year at the 36C3, [bunnie] showed a detailed insight of several attack vectors we could face during manufacturing. Skipping the obvious ones like adding or substituting components, he’s focusing on highly ambitious and hard to detect modifications inside an IC’s package with wirebonded or through-silicon via (TSV) implants, down to modifying the netlist or mask of the integrated circuit itself. And these aren’t any theoretical or “what if” scenarios, but actual possible options — of course, some of them come with a certain price tag, but in the end, with the right motivation, money is only a detail.

Continue reading “36C3: Open Source Is Insufficient To Solve Trust Problems In Hardware”

36C3: Phyphox – Using Smartphone Sensors For Physics Experiments

December 29, 2019 by 7 Comments

It’s no secret that the average smart phone today packs an abundance of gadgets fitting in your pocket, which could have easily filled a car trunk a few decades ago. We like to think about video cameras, music playing equipment, and maybe even telephones here, but let’s not ignore the amount of measurement equipment we also carry around in form of tiny sensors nowadays. How to use those sensors for educational purposes to teach physics is presented in [Sebastian Staacks]’ talk at 36C3 about the phyphox mobile lab app.

While accessing a mobile device’s sensor data is usually quite straightforwardly done through some API calls, the phyphox app is not only a shortcut to nicely graph all the available sensor data on the screen, it also exports the data for additional visualization and processing later on. An accompanying experiment editor allows to define custom experiments from data capture to analysis that are stored in an XML-based file format and possible to share through QR codes.

Aside from demonstrating the app itself, if you ever wondered how sensors like the accelerometer, magnetometer, or barometric pressure sensor inside your phone actually work, and which one of them you can use to detect toilet flushing on an airplane and measure elevator velocity, and how to verify your HDD spins correctly, you will enjoy the talk. If you just want a good base for playing around with sensor data yourself, it’s all open source and available on GitHub for both Android and iOS.

Continue reading “36C3: Phyphox – Using Smartphone Sensors For Physics Experiments”

Bend It Like Bhoite: Circuit Sculptures Shatter The Bounds Of Flatland

December 27, 2019 by 5 Comments

As electronics hobbyists, we live in a somewhat two-dimensional world. Our craft is so centered around the printed circuit board that our design tools are specifically geared to spit out files tailored to the board house, who can then ship us a study in fiberglass and copper. We daub on flux and solder, add components, apply heat, and like magic, our circuits come to life, all within a few millimeters above and below the PCB.

Breaking out of this self-imposed Flatland can be therapeutic. At least that’s how Mohit Bhoite sees his free-form circuit sculptures, which he spoke about at length at the Hackaday Superconference this year. By way of disclosure, I have to admit to being a longtime fan of Mohit’s work, both at his day job as a designer at Particle, and with his spare time hobby of creating sculptures from electronic components and brass wire which can be followed on his Twitter feed. He ended up joining us for a circuit sculpture Hack Chat just before heading to Supercon, too, so not only was I looking forward to meeting him, I was sure his talk would reveal the secrets of his art and give me the inspiration to start doing some of my own. I wasn’t disappointed on either score.

Continue reading “Bend It Like Bhoite: Circuit Sculptures Shatter The Bounds Of Flatland”