This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt

There are some interesting questions afoot, with the news that the Contec CMS8000 medical monitoring system has a backdoor. And this isn’t the normal debug port accidentally left in the firmware. The CISA PDF has all the details, and it’s weird. The device firmware attempts to mount an NFS share from an IP address owned by an undisclosed university. If that mount command succeeds, binary files would be copied to the local filesystem and executed.

Additionally, the firmware sends patient and sensor data to this same hard-coded IP address. This backdoor also includes a system call to enable the eth0 network before attempting to access the hardcoded IP address, meaning that simply disabling the Ethernet connection in the device options is not sufficient to prevent the backdoor from triggering. This is a stark reminder that in the firmware world, workarounds and mitigations are often inadequate. For instance, you could set the gateway address to a bogus value, but a slightly more sophisticated firmware could trivially enable a bridge or alias approach, completely bypassing those settings. There is no fix at this time, and the guidance is pretty straightforward — unplug the affected devices.

Continue reading “This Week In Security: Medical Backdoors, Strings, And Changes At Let’s Encrypt”

Sleeping arctic fox (Alopex lagopus). (Credit: Rama, Wikimedia)

Investigating Why Animals Sleep: From Memory Sorting To Waste Disposal

What has puzzled researchers and philosophers for many centuries is the ‘why’ of sleep, along with the ‘how’. We human animals know from experience that we need to sleep, and that the longer we go without it, the worse we feel. Chronic sleep-deprivation is known to be even fatal. Yet exactly why do we need sleep? To rest our bodies, and our brains? To sort through a day’s worth of memories? To cleanse our brain of waste products that collect as neurons and supporting cells busily do their thing?

Within the kingdom of Animalia one constant is that its brain-enabled species need to give these brains a regular break and have a good sleep. Although what ‘sleep’ entails here can differ significantly between species, generally it means a period of physical inactivity where the animal’s brain patterns change significantly with slower brainwaves. The occurrence of so-called rapid eye movement (REM) phases is also common, with dreaming quite possibly also being a feature among many animals, though obviously hard to ascertain.

Most recently strong evidence has arisen for sleep being essential to remove waste products, in the form of so-called glymphatic clearance. This is akin to lymphatic waste removal in other tissues, while our brains curiously enough lack a lymphatic system. So is sleeping just to a way to scrub our brains clean of waste?

Continue reading “Investigating Why Animals Sleep: From Memory Sorting To Waste Disposal”

Telling Time Used To Be A Ball

If you watch the New Year’s festivities from New York, you know that they mark midnight with the dropping of a big, gaudy ball. You might assume this was just an arbitrary gimmick, but it turns out dropping balls has a place in the history of timekeeping, especially for ships at sea. The New York ball doesn’t work precisely the same, but it was clearly inspired by an ancient method of indicating the time.

Apparently, even the ancient Greeks used ball dropping to indicate time. But the modern ball got its start with [Captain Robert Wauchope], who installed one at Portsmouth, England, in 1829. The Royal Observatory in Greenwich got one in 1833, which you can see working in the video below.

Continue reading “Telling Time Used To Be A Ball”

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Keyboard Configurator

Have you ever wished you could experiment with different layouts super easily, just by adding or removing a few switches here and there and printing a new case? Well, [heyisjambo] says that it’s more than possible with menura, the modular keyboard system.

A collage of menura keyboards, which are modular via the VIK standard.
So many lovely options! Image by [heyisjambo] via GitHub
[heyisjambo] is happy with 36 keys, but is reduced-count-curious and wanted a way to explore without a lot of wasted time and PCBs.

At the same time, [heyisjambo] wanted to experiment with split vs. uni-body construction, and especially the different shapes that are possible when tweaking the angle and distance between them.

And as if that weren’t enough, there’s support for [Sadek Baroudi]’s VIK standard for interfacing data between PCBs, which calls for an FPC 12-pin, 0.5 mm pitch connector and allows for ultra-cool magnetic connectors. This way, you can easily add things like displays, trackpads, and trackballs in the between the halves.

Thanks for the tip, [calculus]!

Continue reading “Keebin’ With Kristina: The One With The Keyboard Configurator”

Underwater Robotics Hack Chat

Join us on Wednesday, February 5 at noon Pacific for the Underwater Robotics Hack Chat with Tony White!

Almost anywhere you look, there’s a good chance you can see a robot at work. Whether they’re sweeping your floors, delivering a snack, building a car, or even driving one, robots are everywhere on this planet. And since over 70% of this planet is covered in water, it makes sense that robots should be there, too. Getting a robot to work underwater at all is one thing, but getting it to work underwater reliably can be quite a challenge. Water always finds a way to ruin your day, after all, and this reality only worsens when you add a little salt into the mix.

join-hack-chatTony White knows the marine engineering field well, having worked in the space for over a decade. He’s currently an applications engineer at Blue Robotics, where he’s worked on everything from full-size autonomous surface vessels to underwater swarm robots. He’s stopping by the Hack Chat to talk about the harsh engineering realities of underwater automation, so if you’ve ever wanted to take the plunge, you’ll want to come to this Hack Chat for sure.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, February 5 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

 

Hackaday Links Column Banner

Hackaday Links: February 2, 2025

All things considered, it was a very bad week for aviation here in the United States. Three separate crashes, two of which involved US military aircraft, have left over 70 people dead. We’ll spare you the details since there are plenty of other places to get news like that, but we did want to touch on one bright spot in this week’s aviation news: the first successful supersonic flight by a US-made civilian aircraft. There are a lot of caveats to that claim, but it’s clear that Boom Supersonic is on a path to commercializing supersonic air transportation for the first time since the Concorde was retired. Their XB-1 “Baby Boom” test aircraft managed three separate supersonic runs during the January 28 test flight over the Mojave test range. As usual, Scott Manley has excellent coverage of the test flight, including a look at how Boom used a Starlink terminal and an iPhone to stream cockpit video.

Continue reading “Hackaday Links: February 2, 2025”