Featured

3106 Articles

Longform articles, the best of what the Hackaday writing crew has to offer.

Impersonate The President With Consumer-Grade SDR

June 26, 2019 by 43 Comments

In April of 2018, the Federal Emergency Management Agency sent out the very first “Presidential Alert”, a new class of emergency notification that could be pushed out in addition to the weather and missing child messages that most users were already familiar with. But while those other messages are localized in nature, Presidential Alerts are intended as a way for the Government to reach essentially every mobile phone in the country. But what if the next Presidential Alert that pops up on your phone was actually sent from somebody with a Software Defined Radio?

According to research recently released by a team from the University of Colorado Boulder, it’s not as far-fetched a scenario as you might think. In fact, given what they found about how the Commercial Mobile Alert Service (CMAS) works, there might not be a whole lot we can even do to prevent it. The system was designed to push out these messages in the most expedient and reliable way possible, which meant that niceties like authentication had to take a backseat.

The thirteen page report, which was presented at MobiSys 2019 in Seoul, details their findings on CMAS as well as their successful efforts to send spoofed Presidential Alerts to phones of various makes and models. The team used a BladeRF 2.0 and USRP B210 to perform their mock attacks, and even a commercially available LTE femtocell with modified software. Everything was performed within a Faraday cage to prevent fake messages from reaching the outside world.

So how does the attack work? To make a long story short, the team found that phones will accept CMAS messages even if they are not currently authenticated with a cell tower. So the first phase of the attack is to spoof a cell tower that provides a stronger signal than the real ones in the area; not very difficult in an enclosed space. When the phone sees the stronger “tower” it will attempt, but ultimately fail, to authenticate with it. After a few retries, it will give up and switch to a valid tower.

This negotiation takes around 45 seconds to complete, which gives the attacker a window of opportunity to send the fake alerts. The team says one CMAS message can be sent every 160 milliseconds, so there’s plenty of time to flood the victim’s phone with hundreds of unblockable phony messages.

The attack is possible because the system was intentionally designed to maximize the likelihood that users would receive the message. Rather than risk users missing a Presidential Alert because their phones were negotiating between different towers at the time, the decision was made to just push them through regardless. The paper concludes that one of the best ways to mitigate this attack would be to implement some kind of digital signature check in the phone’s operating system before the message gets displayed to the user. The phone might not be able to refuse the message itself, but it can at least ascertain it’s authentic before showing it to the user.

All of the team’s findings have been passed on to the appropriate Government agencies and manufacturers, but it will likely be some time before we find out what (if any) changes come from this research. Considering the cost of equipment that can spoof cell networks has dropped like a rock over the last few years, we’re hoping all the players can agree on a software fix before we start drowning in Presidential Spam.

The Future Of Space Is Tiny

June 25, 2019 by 12 Comments

While recent commercial competition has dropped the cost of reaching orbit to a point that many would have deemed impossible just a decade ago, it’s still incredibly expensive. We’ve moved on from the days where space was solely the domain of world superpowers into an era where multi-billion dollar companies can join on on the fun, but the technological leaps required to reduce it much further are still largely relegated to the drawing board. For the time being, thing’s are as good as they’re going to get.

Starlink satellites ready for launch

If we can’t count on the per pound cost of an orbital launch to keep dropping over the next few years, the next best option would logically be to design spacecraft that are smaller and lighter. Thankfully, that part is fairly easy. The smartphone revolution means we can already pack an incredible amount sensors and processing power into something that can fit in the palm of your hand. But there’s a catch: the Tsiolkovsky rocket equation.

Often referred to as simply the “rocket equation”, it allows you to calculate (among other things) the ratio of a vehicle’s useful cargo to its total mass. For an orbital rocket, this figure is very small. Even with a modern launcher like the Falcon 9, the payload makes up less than 5% of the liftoff weight. In other words, the laws of physics demand that orbital rockets are huge.

Unfortunately, the cost of operating such a rocket doesn’t scale with how much mass it’s carrying. No matter how light the payload is, SpaceX is going to want around $60,000,000 USD to launch the Falcon 9. But what if you packed it full of dozens, or even hundreds, of smaller satellites? If they all belong to the same operator, then it’s an extremely cost-effective way to fly. On the other hand, if all those “passengers” belong to different groups that split the cost of the launch, each individual operator could be looking at a hundredfold price reduction.

SpaceX has already packed 60 of their small and light Starlink satellites into a single launch, but even those craft are massive compared to what other groups are working on. We’re seeing the dawn of a new era of spacecraft that are even smaller than CubeSats. These tiny spacecraft offer exciting new possibilities, but also introduce unique engineering challenges.

Continue reading “The Future Of Space Is Tiny”

Snoopy Come Home: The Search For Apollo 10

June 24, 2019 by 66 Comments

When it comes to the quest for artifacts from the Space Race of the 1960s, few items are more sought after than flown hardware. Oh sure, there have been stories of small samples of the 382 kg of moon rocks and dust that were returned at the cost of something like $25 billion making it into the hands of private collectors, and chunks of the moon may be the ultimate collector’s item, but really, at the end of the day it’s just rock and dust. The serious space junkie wants hardware – the actual pieces of human engineering that helped bring an epic adventure to fruition, and the closer to the moon the artifact got, the more desirable it is.

Sadly, of the 3,000,000 kg launch weight of a Saturn V rocket, only the 5,600 kg command module ever returned to Earth intact. The rest was left along the way, mostly either burned up in the atmosphere or left on the surface of the Moon. While some of these artifacts are recoverable – Jeff Bezos himself devoted a portion of his sizable fortune to salvage one of the 65 F1 engines that were deposited into the Atlantic ocean – those left on the Moon are, for now, unrecoverable, and in most cases they are twisted heaps of wreckage that was intentionally crashed into the lunar surface.

But at least one artifact escaped this ignominious fate, silently orbiting the sun for the last 50 years. This lonely outpost of the space program, the ascent stage from the Apollo 10 Lunar Module, appears to have been located by a team of amateur astronomers, and if indeed the spacecraft, dubbed “Snoopy” by its crew, is still out there, it raises the intriguing possibility of scoring the ultimate Apollo artifact by recovering it and bringing it back home.

Continue reading “Snoopy Come Home: The Search For Apollo 10”

Raspberry Pi 4 Just Released: Faster CPU, More Memory, Dual HDMI Ports

June 23, 2019 by 260 Comments

The Raspberry Pi 4 was just released. This is the newest version of the Raspberry Pi and offers a better CPU and more memory than the Raspberry Pi 3, dual HDMI outputs, better USB and Ethernet performance, and will remain in production until January, 2026.

There are three varieties of the Raspberry Pi 4 — one with 1GB of RAM, one with 2GB, and one with 4GB of RAM — available for $35, $45, and $55, respectively. There’s a video for this Raspberry Pi launch, and all of the details are on the Raspberry Pi 4 website.

A Better CPU, Better Graphics, and More Memory

The CPU on the new and improved Raspberry Pi 4 is a significant upgrade. While the Raspberry Pi 3 featured a Broadcom BCM2837 SoC (4× ARM Cortex-A53 running at 1.2GHz) the new board has a Broadcom BCM2711 SoC (a quad-core Cortex-A72 running at 1.5GHz). The press literature says this provides desktop performance comparable to entry-level x86 systems.

Of note, the new Raspberry Pi 4 features not one but two HDMI ports, albeit in a micro HDMI format. This allows for dual-display support at up to 4k60p. Graphics power includes H.265 4k60 decode, H.264 1080p60 decode, 1080p30 encode, with support for OpenGL ES, 3.0 graphics. As with all Raspberry Pis, there’s a component  composite video port as well tucked inside the audio port. The 2-lane MIPI DSI display port and 2-lane MIPI CSI camera port remain from the Raspberry Pi 3.

Continue reading “Raspberry Pi 4 Just Released: Faster CPU, More Memory, Dual HDMI Ports”

This Week In Security: SACK Of Death, Rambleed, HIBP For Sale, And Oracle Weblogic — Again!

June 21, 2019 by 13 Comments

Netflix isn’t the first name to come to mind when considering security research firms, but they make heavy use of FreeBSD in their content delivery system and do security research as a result. Their first security bulletin of the year, not surprisingly, covers a FreeBSD vulnerability that happens to also affect Linux kernels from the last 10 years. This vulnerability uses SACKs and odd MSS values to crash a server kernel.

To understand Selective ACKs, we need to step back and look at how TCP connections work. TCP connections provide guaranteed delivery, implemented in the from of ACKnowledgement (ACK) packets. We think of a TCP connection as having a dedicated ACK packet for every data packet. In reality, the Operating System makes great effort to avoid sending “naked” ACK packets, and combines multiple ACKs in a single packet. An ACK is simply a flag in a packet header combined with a running total of bytes received, and can be included in a normal data packet. As much as is possible, the ACK for data received is sent along with data packets flowing in the opposite direction. Continue reading “This Week In Security: SACK Of Death, Rambleed, HIBP For Sale, And Oracle Weblogic — Again!”

Electric Cars Sound Off, Starting July 1st

June 20, 2019 by 89 Comments

By and large, automakers have spent much of the last century trying to make cars quieter and more comfortable. Noise from vehicles can be disruptive and just generally annoying, so it makes sense to minimise it where possible.

However, the noise from the average motor vehicle can serve a useful purpose. A running engine acts as an auditory warning to those nearby. This is particularly useful to help people avoid walking in front of moving vehicles, and is especially important for the visually impaired.

Electric vehicles, with their near-silent powertrains, have put this in jeopardy. Thus, from July 1st, 2019, the European Union will enforce regulations on the installation of noise-making devices on new electric and hybrid vehicles. They are referred to as the “Acoustic Vehicle Alert System”, and it’s been a hot area of development for some time now. Continue reading “Electric Cars Sound Off, Starting July 1st”

An Evening With Space Shuttle Atlantis

June 18, 2019 by 26 Comments

When I got the call asking if I’d be willing to fly down to Kennedy Space Center and cover an event, I agreed immediately. Then about a week later, I remembered to call back and ask what I was supposed to be doing. Not that it mattered, I’d gladly write a few thousand words about the National Crocheting Championships if they started holding them at KSC. I hadn’t been there in years, since before the Space Shuttle program had ended, and I was eager to see the exhibit created for the fourth member of the Shuttle fleet, Atlantis.

So you can imagine my reaction when I learned that the event Hackaday wanted me to cover, the Cornell Cup Finals, would culminate in a private viewing of the Atlantis exhibit after normal park hours. After which, the winners of the competition would be announced during a dinner held under the orbiter itself. It promised to be a memorable evening for the students, a well deserved reward for the incredible work they put in during the competition.

Thinking back on it now, the organizers of the Cornell Cup and the staff at Kennedy Space Center should truly be commended. It was an incredible night, and everyone I spoke to felt humbled by the unique experience. There was a real, palpable, energy about it that you simply can’t manufacture. Of course, nobody sitting under Atlantis that night was more excited than the students. Though I may have come in as a close second.

I’ll admit it was somewhat bittersweet to see such an incredible piece of engineering turned into a museum piece; it looked as if Atlantis could blast off for another mission at any moment. But there’s no denying that the exhibit does a fantastic job of celebrating the history and accomplishments of the Space Shuttle program. NASA officially considers the surviving Shuttle orbiters to be on a “Mission of Inspiration”, so rather than being mothballed in a hangar somewhere in the desert, they are out on display where the public can get up close and personal with one of humanities greatest achievements. Judging by the response I saw, the mission is going quite well indeed.

If you have the means to do so, you should absolutely make the trip to Cape Canaveral to see Atlantis and all the other fascinating pieces of space history housed at KSC. There’s absolutely no substitute for seeing the real thing, but if you can’t quite make the trip to Florida, hopefully this account courtesy of your humble scribe will serve to give you a taste of what the exhibit has to offer.

Continue reading “An Evening With Space Shuttle Atlantis”