Will Drones and Planes be Treated as Equals by FAA?

Soon, perhaps even by the time you read this, the rules for flying remote-controlled aircraft in the United States will be very different. The Federal Aviation Authority (FAA) is pushing hard to repeal Section 336, which states that small remote-controlled aircraft as used for hobby and educational purposes aren’t under FAA jurisdiction. Despite assurances that the FAA will work towards implementing waivers for hobbyists, critics worry that in the worst case the repeal of Section 336 might mean that remote control pilots and their craft may be held to the same standards as their human-carrying counterparts.

Section 336 has already been used to shoot down the FAA’s ill-conceived attempt to get RC pilots to register themselves and their craft, so it’s little surprise they’re eager to get rid of it. But they aren’t alone. The Commercial Drone Alliance, a non-profit association dedicated to supporting enterprise use of Unmanned Aerial Systems (UAS), expressed their support for repealing Section 336 in a June press release:

Basic ‘rules of the road’ are needed to manage all this new air traffic. That is why the Commercial Drone Alliance is today calling on Congress to repeal Section 336 of the FAA Modernization and Reform Act of 2012, and include new language in the 2018 FAA Reauthorization Act to enable the FAA to regulate UAS and the National Airspace in a common sense way.

With both the industry and the FAA both pushing lawmakers to revamp the rules governing small remote-controlled aircraft, things aren’t looking good for the hobbyists who operate them. It seems likely those among us with a penchant for airborne hacking will be forced to fall in line. But what happens then?

Continue reading “Will Drones and Planes be Treated as Equals by FAA?”

Electromagnetic Field 2018: Event Review

This summer’s Electromagnetic Field hacker camp in a field in western England gave many of the European side of our community their big fix of cool stuff for the year.

Some lucky individuals can spend the year as perpetual travelers, landing in a new country every week or so for the latest in the global round of camps. For the rest of us it is likely that there will be one main event each year that is the highlight, your annual fill of all that our global community has to offer. For many Europeans the main event was the biennial British event, Electromagnetic Field. From a modest start in 2012 this has rapidly become a major spectacle, one of the ones to include in your calendar, delivered both for our community and by our community.

Continue reading “Electromagnetic Field 2018: Event Review”

How Precise is That Part? Know Your GD&T

How does a design go from the computer screen to something you hold in your hand? Not being able to fully answer this question is a huge risk in manufacturing because . One of the important tools engineers use to ensure success is Geometric Dimensioning and Tolerancing (GD&T).

A good technical drawing is essential for communicating your mechanical part designs to a manufacturer. Drafting, as a professional discipline, is all about creating technical drawings that are as unambiguous as possible, and that means defining features explicitly. The most basic implementation of that concept is dimensioning, where you state the distance or angle between features. A proper technical drawing will also include tolerances for those dimensions, and I recently explained how to avoid the pitfall of stacking those tolerances.

Dimensions and tolerances alone, however, don’t tell the complete story. On their own, they don’t specify how closely the geometric form of the manufactured part needs to adhere to your perfect, nominal representation. That’s what we’re going to dig into today with GD&T.

Continue reading “How Precise is That Part? Know Your GD&T”

Malicious Component Found on Server Motherboards Supplied to Numerous Companies

This morning Bloomberg is reporting a bombshell for hardware security. Companies like Amazon and Apple have found a malicious chip on their server motherboards. These are not counterfeit chips. They are not part of the motherboard design. These were added by the factory at the time of manufacture. The chip was placed among other signal conditioning components and is incredibly hard to spot as the nature of these motherboards includes hundreds of minuscule components.

Though Amazon and Apple have denied it, according to Bloomberg, a private security contractor in Canada found the hidden chip on server motherboards. Elemental Technologies, acquired by Amazon in 2015 for its video and graphics processing hardware, subcontracted Supermicro (Super Micro Computer, Inc.) to manufacture their server motherboards in China. It is unknown how many of the company’s products have this type of malicious hardware in them, equipment from Elemental Technologies has been supplied to the likes of government contractors as well as major banks and even reportedly used in the CIA’s drone operations.

How the Hack Works

The attacks work with the small chip being implanted onto the motherboard disguised as signal couplers. It is unclear how the chip gains access to the peripherals such as memory (as reported by Bloomberg) but it is possible it has something to do with accessing the bus. The chip controls some data lines on the motherboard that likely provide an attack vector for the baseboard management controller (BMC).

Hackaday spoke with Joe FitzPatrick (a well known hardware security guru who was quoted in the Bloomberg article). He finds this reported attack as a very believable approach to compromising servers. His take on the BMC is that it’s usually an ARM processor running an ancient version of Linux that has control over the major parts of the server. Any known vulnerability in the BMC would be an attack surface for the custom chip.

Data centers house thousands of individual servers that see no physical interaction from humans once installed. The BMC lets administrators control the servers remotely to reboot malfunctioning equipment among other administrative tasks. If this malicious chip can take control of the BMC, then it can provide remote access to whomever installed the chip. Reported investigations have revealed the hack in action with brief check-in communications from these chips though it’s difficult to say if they had already served their purpose or were being saved for a future date.

What Now?

Adding hardware to a design is fundamentally different than software-based hacking: it leaves physical evidence behind. Bloomberg reports on US government efforts to investigate the supply chain attached to these parts. It is worth noting though that the article doesn’t include any named sources while pointing the finger at China’s People’s Liberation Army.

The solution is not a simple one if servers with this malicious chip were already out in the field. Even if you know a motherboard has the additional component, finding it is not easy. Bloomberg also has unconfirmed reports that the next-generation of this attack places the malicious component between layers of the circuit board. If true, an x-ray would be required to spot the additional part.

A true solution for high-security applications will require specialized means of making sure that the resulting product is not altered in any way. This hack takes things to a whole new level and calls into question how we validate hardware that runs our networks.

Update: We changed the penultimate paragraph to include the word if: “…simple one if servers with…” as it has not been independently verified that servers were actually out in the field and companies have denied Bloomberg’s reporting that they were.

[Note: Image is a generic photo and not the actual hardware]

Icestorm Tools Roundup: Open Source FPGA Dev Guide

We like the ICE40 FPGA from Lattice for two reasons: there are cheap development boards like the Icestick available for it and there are open source tools. We’ve based several tutorials on the Icestorm toolchain and it works quite well. However, the open source tools don’t always expose everything that you see from commercial tools. You sometimes have to dig a little to find the right tool or option.

Sometimes that’s a good thing. I don’t need to learn yet another fancy IDE and we have plenty of good simulation tools, so why reinvent the wheel? However, if you are only using the basic workflow of Yosys, Arachne-pnr, icepack, and iceprog, you could be missing out on some of the most interesting features. Let’s take a deeper look.

Continue reading “Icestorm Tools Roundup: Open Source FPGA Dev Guide”

Bitcoin’s Double Spending Flaw Was Hush-Hush During Rollout

For a little while it was possible to spend Bitcoin twice. Think of it like a coin on a string, you put it into the vending machine to get a delicious snack, but if you pull the string quickly enough you could spend it again on some soda too. Except this coin is worth something like eighty-grand.

On September 20, the full details of the latest fix for the Bitcoin Core were published. This information came two days after the fix was actually released. Two vulnerabilities were involved; a Denial of Service vulnerability and a critical inflation vulnerability, both covered in CVE-2018-17144. These were originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited.

Let’s take a look at how this worked, and how the network was patched (while being kept quiet) to close up this vulnerability.

Continue reading “Bitcoin’s Double Spending Flaw Was Hush-Hush During Rollout”

Remember When Blockbuster Video Tried Burning Game Cartridges On Demand?

By the onset of the 1990s one thing was clear, the future was digital. Analog format sales for music were down, CD sales were up; and it was evident, at least in the US, that people were bringing more computing devices into their homes. At the beginning of the decade, roughly 1 in 3 American households had a Nintendo Entertainment System in them, according to this Good Morning America segment.

With all those consoles out there, every shopping season became a contest of “who could wait in line the longest” to pickup the newest titles. This left last minute shoppers resorting to taking a rain check or return home empty handed. Things didn’t have to be this way. The digital world had emerged and physical media just needed to catch up. It would take an unlikely alliance of two disparate companies for others to open their minds.

Continue reading “Remember When Blockbuster Video Tried Burning Game Cartridges On Demand?”