The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
Continue reading “Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security”
Hackers and makers see the desktop 3D printer as something close to a dream come true, a device that enables automated small-scale manufacturing for a few hundred dollars. But it’s not unreasonable to say that most of us are idealists; we see the rise of 3D printing as a positive development because we have positive intentions for the technology. But what of those who would use 3D printers to produce objects of more questionable intent?
We’ve already seen 3D printed credit card skimmers in the wild, and if you have a clear enough picture of a key its been demonstrated that you can print a functional copy. Following this logic, it’s reasonable to conclude that the forensic identification of 3D printed objects could one day become a valuable tool for law enforcement. If a printed credit card skimmer is recovered by authorities, being able to tell how and when it was printed could provide valuable clues as to who put it there.
This precise line of thinking is how the paper “PrinTracker: Fingerprinting 3D Printers using Commodity Scanners” (PDF link) came to be. This research, led by the University at Buffalo, aims to develop a system which would allow investigators to scan a 3D printed object recovered from a crime scene and identify which printer was used to produce it. The document claims that microscopic inconsistencies in the object are distinctive enough that they’re analogous to the human fingerprint.
But like many of you, I had considerable doubts about this proposal when it was recently featured here on Hackaday. Those of us who use 3D printers on a regular basis know how many variables are involved in getting consistent prints, and how introducing even the smallest change can have a huge impact on the final product. The idea that a visual inspection could make any useful identification with all of these parameters in play was exceptionally difficult to believe.
In light of my own doubts, and some of the excellent points brought up by reader comments, I thought a closer examination of the PrinTracker concept was in order. How exactly is this identification system supposed to work? How well does it adapt to the highly dynamic nature of 3D printing? But perhaps most importantly, could these techniques really be trusted in a criminal investigation?
Continue reading “No, Your 3D Printer Doesn’t Have A Fingerprint”
“Don’t Be Evil” was the mantra of Google from years before even Gmail was created. While certainly less vague than their replacement slogan “Do the Right Thing”, there has been a lot of criticism directed at Google over the past decade and a half for repeatedly being at odds with one of their key values. It seems as though they took this criticism to heart (or found it easier to make money without the slogan), and subsequently dropped it in 2018. Nothing at Google changed, though, as the company has continued with several practices which at best could be considered shady.
The latest was the inclusion of an undisclosed microphone in parts of their smart home system, the Nest Guard. This is a member of the Nest family of products — it is not the thermostat itself, but a base station for a set of home security hardware you can install yourself. The real issue is that this base station was never billed as being voice activated. If you’re someone who has actively avoided installing “always-listening” style devices in your home, it’s infuriating to learn there is hardware out that have microphones in them but no mention of that in the marketing of the product. Continue reading “What Hardware Lies Beneath? Companies Swear They Never Meant To Violate Your Privacy”
Just when you though it was safe to venture out, the National Oceanic and Atmospheric Administration released an unexpected update. Magnetic North is on the move — faster than expected. That’s right, we know magnetic north moves around, but now it’s happened at a surprising rate. Instead of waiting for the normal five year interval before an update on its position, NOAA have given us a fresh one a bit earlier.
There are some things that we can safely consider immutable, reliable, they’ll always be the same. You might think that direction would be one of them. North, south, east, and west, the points of the compass. But while the True North of the Earth’s rotation has remained unchanged, the same can not be said of our customary method of measuring direction.
Earth’s magnetic field is generated by a 2,000 km thick outer core of liquid iron and nickel that surrounds the planet’s solid inner core. The axis of the earth’s internal magnet shifts around the rotational axis at the whim of the currents within that liquid interior, and with it changes the readings returned by magnetic compasses worldwide.
The question that emerged at Hackaday as we digested news of the early update was this: as navigation moves inexorably towards the use of GPS and other systems that do not depend upon the Earth’s magnetic field, where is this still relevant beyond the realm of science?
Continue reading “Ask Hackaday: Earth’s Magnetic Field Shifting Rapidly, But Who Will Notice?”
Oddly, there’s been a few recent outbreaks of measles. It struck me how when I was a kid, a few hundred kids getting measles wouldn’t have been news at all. However, even a handful makes the news now, since in 2000 the Center for Disease Control declared measles eradicated in the United States.
So how can an eradicated disease come back? How did we eradicate it to start with? The answers tell a pretty interesting tale of science applying to everyday life.
Continue reading “Better Living Through Science: Why Your Kids Probably Aren’t Getting Measles”
You’ve got to admit, things have been going exceptionally well for SpaceX. In the sixteen years they’ve been in operation, they’ve managed to tick off enough space “firsts” to make even established aerospace players blush. They’re the first privately owned company to not only design and launch their own orbital-class rocket, but to send a spacecraft to the International Space Station. The first stage of their Falcon 9 rocket is the world’s only orbital booster capable of autonomous landing and reuse, and their Falcon Heavy has the highest payload capacity of any operational launch system. All of which they’ve managed to do at a significantly lower cost than their competition.
So it might come as a surprise to hear that SpaceX recently lost out on a lucrative NASA launch contract to the same entrenched aerospace corporations they’ve been running circles around for the last decade. It certainly seems to have come as a surprise to SpaceX, at least. Their bid to launch NASA’s Lucy mission on the Falcon 9 was so much lower than the nearly $150 million awarded to United Launch Alliance (ULA) for a flight on their Atlas V that the company has decided to formally protest the decision. Publicly questioning a NASA contract marks another “first” for the company, and a sign that SpaceX’s confidence in their abilities has reached the point that they’re no longer content to be treated as a minor player compared to heavyweights like Boeing and Lockheed Martin.
But this isn’t the first time NASA has opted to side with more established partners, even in the face of significantly lower bids by “New Space” companies. Their decision not to select Sierra Nevada Corporation’s Dream Chaser spaceplane for the Commercial Crew program in 2014, despite it being far cheaper than Boeing’s CST-100 Starliner, triggered a similar protest to the US Government Accountability Office (GAO). In the end, the GAO determined that Boeing’s experience and long history justified the higher sticker price of their spacecraft compared to the relative newcomer.
NASA has yet to officially explain their decision to go with ULA over SpaceX for the Lucy mission, but in light of what we know about the contract, it seems a safe bet they’ll tell SpaceX the same thing they told Sierra Nevada in 2014. The SpaceX bid might be lower, but in the end, NASA’s is willing to pay more to know it will get done right. Which begs the question: at what point are the cost savings not compelling enough to trust an important scientific mission (or human lives) to these rapidly emerging commercial space companies?
Continue reading “When New Space Loses Out To NASA Pragmatism”
In 2016, a Tesla Model S T-boned a tractor trailer at full speed, killing its lone passenger instantly. It was running in Autosteer mode at the time, and neither the driver nor the car’s automatic braking system reacted before the crash. The US National Highway Traffic Safety Administration (NHTSA) investigated the incident, requested data from Tesla related to Autosteer safety, and eventually concluded that there wasn’t a safety-related defect in the vehicle’s design (PDF report).
But the NHTSA report went a step further. Based on the data that Tesla provided them, they noted that since the addition of Autosteer to Tesla’s confusingly named “Autopilot” suite of functions, the rate of crashes severe enough to deploy airbags declined by 40%. That’s a fantastic result.
Because it was so spectacular, a private company with a history of investigating automotive safety wanted to have a look at the data. The NHTSA refused because Tesla claimed that the data was a trade secret, so Quality Control Systems (QCS) filed a Freedom of Information Act lawsuit to get the data on which the report was based. Nearly two years later, QCS eventually won.
Looking into the data, QCS concluded that crashes may have actually increased by as much as 60% on the addition of Autosteer, or maybe not at all. Anyway, the data provided the NHTSA was not sufficient, and had bizarre omissions, and the NHTSA has since retracted their safety claim. How did this NHTSA one-eighty happen? Can we learn anything from the report? And how does this all align with Tesla’s claim of better-than-average safety line up? We’ll dig into the numbers below.
But if nothing else, Tesla’s dramatic reversal of fortune should highlight the need for transparency in the safety numbers of self-driving and other advanced car technologies, something we’ve been calling for for years now.
Continue reading “Does Tesla’s Autosteer Make Cars Less Safe?”
