The crown jewels of the Earth’s mountain ranges, the Himalayas, are unsurpassed in their beauty, their height, and their deadly attraction to adventurers, both professional and amateur. The gem of the Himalayas is, of course, Mount Everest, known as Sagarmatha to the Nepalis and Chomolungma to the Tibetans. At 8,848 meters (29,029 ft) — or more; it’s a geologically young mountain that’s still being thrust upward by tectonic activity — it’s a place so forbidding that as far as we know the summit was never visited until 1953, despite at least 30 years of previous attempts, many of which resulted in death.
The conquest of Everest remains a bucket list challenge for many adventurers, and despite advances in technology that have made the peak accessible to more people — or perhaps because of that — more than 300 corpses litter the mountain, testament to what can happen when you take the power of Mother Nature for granted.
To get better data on the goings-on at the Roof of the World, an expedition recently sought to install five weather stations across various points on the route up Mount Everest, including one at its very peak. The plan was challenging, both from a mountaineering perspective and in terms of the engineering required to build something that would be able to withstand some of the worst conditions on the planet, and to send valuable data back reliably. It didn’t all go exactly to plan, but it’s still a great story about the intersection of science and engineering.
To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.
There are several scenarios where interference can occur, the main ones are:
Two radio systems occupy neighboring frequencies and carrier leakage occurs
The harmonics of one transmitter fall on frequencies used by another system
Two radio systems share the same frequencies
To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.
Spectra
Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.
Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.
Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.
For most of us, electronic technology comes in the form of solid state devices. Transistors, integrated circuits, microcontrollers. But for the first sixty years or so of the field existing, these devices either hadn’t been invented yet or were at too early a stage in their development to be either cost-effective, or of much use. Instead a very different type of electronic component ruled the roost, the vaccum tube.
A set of electrodes in an evacuated glass envelope whose electrical properties depended on the modulation of the flow of electrons through them, these were ubiquitous in consumer electronics up until the 1960s, and clung on in a few mass-market applications even as far as the mid 1970s. As cheaper and more versatile semiconductors superseded them they faded from electronic parts catalogues, and the industry that had once produced them in such numbers disappeared in favour of plants producing the new devices. Consumer products no longer contained them, and entire generations of engineers grew up never having worked with them at all. If you were building a tube amplifier in the early 1990s, you were a significant outlier. Continue reading “Just Who Makes Tubes These Days?”→
How cool would it be if there was a material that couldn’t be cut or drilled into? You could make the baddest bike lock, the toughest-toed work boots, or the most secure door. Really, the list of possibilities just goes on and on.
Proteus chews through an angle grinder disc in seconds.
The material is made of aluminium foam that’s embedded with a bunch of small ceramic spheres. It works by inducing retaliatory vibrations into the cutting tools, which turns the tools’ force back on themselves and quickly dulls their edges.
The creators have named the material Proteus after the elusive and shape-shifting prophet of Greek mythology who would only share his visions of the future with those who could get their arms around him and keep him still. It sounds like this material could give Proteus a run for his money.
The ceramic spheres themselves aren’t indestructible, but they’re not supposed to be. Abrading the spheres only makes Proteus stronger. As the cutting tool contacts them, they’re crushed into dust that fills the voids in the aluminium foam, strengthening the material’s destructive vibratory effect. The physical inspiration for Proteus comes from protective hierarchical structures in nature, like the impact-resistant rind of grapefruit and the tendency of abalone shells to resist fracture under the impact of shark teeth.
How It’s Made
Proteus recipe in pictures.
At this point, Proteus is a proof of concept. Adjustments would likely have to be made before it can be produced at any type of scale. Even so, the recipe seems pretty straightforward. First, an aluminium alloy powder is mixed with a foaming agent. Then the mixture is cold compacted in a compressor and extruded in dense rods. The rods are cut down to size and then arranged along with the ceramic spheres in a layered grid, like a metallurgical lasagna.
The grid is spot-welded into a steel box and then put into a furnace for 15-20 minutes. Inside the furnace, the foaming agent releases hydrogen gas, which introduces voids into the aluminium foam and gives it a cellular structure.
Effects of cutting into a cylinder of Proteus with an angle grinder.
According to their paper, the researchers tried to penetrate the material with an angle grinder, a water jet cutter, and a drill. Of these, the drill has the best chance of getting through because the small point of contact can find gaps more easily, so it’s less likely to hit a ceramic sphere. The researchers also made cylindrical samples without steel cladding which they used to test the compressive strength and prove Proteus’ utility as a structural material for beams and columns. It didn’t fare well initially, but became less compressible as the foam matrix collapsed.
The creation process lends some leeway for customization, because the porosity of the aluminium foam can be varied by changing the bake time. As for the drill bit problem, tightening up security is as easy as adjusting the size and/or density of the ceramic spheres.
In the video after the break, you can watch a chunk of Proteus eat up an angle grinder disc in under a minute. Some may argue about the tool wielder’s technique, but we think there’s something to be said for any material that can destroy a cutting disc that fast. They don’t claim that Proteus is completely impenetrable, but it does look impressive. We wish they would have tried more cutting tools like a gas torch, or experimented with other destructive techniques, like plastic explosives, but we suppose that research budgets only go so far.
In space, so the Alien tagline goes, nobody can hear you scream. One of the most memorable pieces of movie promotion ever, it refers to the effect of the vacuum of space on the things human senses require an atmosphere to experience. It’s a lesson that Joss Whedon used to great effect with theĀ Serenity‘s silent engine light-ups in Firefly, while Star Wars ignored it completely to give us improbable weapon noises in space battles.
Sound may not pass through the vacuum of space, but that’s not to say there are not things other than light for the senses. The Apollo astronauts reported that moon dust released a smell they described as akin to burnt gunpowder once it was exposed to the atmosphere inside their lander, and by now you may have heard that there is a Kickstarter that aims to recreate the smell as a fragrance. Will it replace the cloying wall of Axe or Lynx Africa body spray that pervades high-school boys’ changing rooms, or is it a mere novelty?
If you’ve ever had a particularly nasty fracture, your doctor may have prescribed the use of an electronic bone growth stimulator. These wearable devices produce a pulsed electromagnetic field (PEMF) around the bone, which has been shown to speed up the natural healing process in a statistically significant number of patients. That’s not to say there isn’t a debate about how effective they actually are, but studies haven’t shown any downsides to the therapy, so it’s worth trying at least.
Image from SpinalStim manual.
When you receive one of these devices, it will be programmed to only operate for a certain amount of time or number of sessions. Once you’ve “used up” the bone stimulator, it’s functionally worthless. As you might imagine, there’s no technical reason this has to be the case. The cynic would say the only reason these devices have an expiration date on them is because the manufacturer wants to keep them from hitting the second hand market, but such a debate is perhaps outside the scope of these pages.
The Orthofix SpinalStim you’re seeing here was given to me by a friend after their doctor said the therapy could be cut short. This provided a somewhat rare opportunity to observe the device before it deactivated itself, which I’d hoped would let me take a closer look at how it actually operated.
As you’ll soon see, things unfortunately didn’t work out that way. But that doesn’t mean the effort was fruitless, and there may yet be hope for hacking these devices should anyone feel like taking up the challenge.
When you’re a kid, one of the surest signs of summer is hearing the happy sound of the ice cream truck crawling through the neighborhood. You don’t worry about how that magical truck is keeping the ice cream cold, only that it rolls down your street, and that the stars align and your parents give you money for a giant ice cream-cookie sandwich with the edge rolled in tiny chocolate chips.
In the early days of mobile refrigeration, ice cream trucks and other food delivery vehicles relied first on ice, and then dry ice to keep perishables cold. Someone eventually invented an electric cooling system, but those had to be recharged periodically at power stations. There was also a short-lived mechanical system, but it was highly susceptible to road vibrations.
Until Frederick McKinley Jones came along, mobile refrigeration was fledgling, and sources of perishable food were extremely localized and limited. In the early 1940s, Frederick patented the first practical automated refrigeration system for trucks, and it revolutionized the shipping and storage of food and medicine.
