Identifying Malware By Sniffing Its EM Signature

January 19, 2022 by Tom Nardi 17 Comments

The phrase “extraordinary claims require extraordinary evidence” is most often attributed to Carl Sagan, specifically from his television series Cosmos. Sagan was probably not the first person to put forward such a hypothesis, and the show certainly didn’t claim he was. But that’s the power of TV for you; the term has since come to be known as the “Sagan Standard” and is a handy aphorism that nicely encapsulates the importance of skepticism and critical thinking when dealing with unproven theories.

It also happens to be the first phrase that came to mind when we heard about Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification, a paper presented during the 2021 Annual Computer Security Applications Conference (ACSAC). As described in the mainstream press, the paper detailed a method by which researchers were able to detect viruses and malware running on an Internet of Things (IoT) device simply by listening to the electromagnetic waves being emanated from it. One needed only to pass a probe over a troubled gadget, and the technique could identify what ailed it with near 100% accuracy.

Those certainly sound like extraordinary claims to us. But what about the evidence? Well, it turns out that digging a bit deeper into the story uncovered plenty of it. Not only has the paper been made available for free thanks to the sponsors of the ACSAC, but the team behind it has released all of code and documentation necessary to recreate their findings on GitHub.

Unfortunately we seem to have temporarily misplaced the $10,000 1 GHz Picoscope 6407 USB oscilloscope that their software is written to support, so we’re unable to recreate the experiment in full. If you happen to come across it, please drop us a line. But in the meantime we can still walk through the process and try to separate fact from fiction in classic Sagan style.

Continue reading “Identifying Malware By Sniffing Its EM Signature” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Tri-lingual Typewriter

January 18, 2022 by Kristina Panos 5 Comments

Isn’t it just fantastic when a project finally does what you wanted it to do in the first place? [Simon Merrett] isn’t willing to compromise when it comes to the Aerodox. His original vision for the keyboard was a wireless, ergonomic split that could easily switch between a couple of PCs. Whereas some people are more into making layout after layout, [Simon] keeps pushing forward with this same design, which is sort of a mashup between the ErgoDox and the Redox, which is itself a wireless version of the ErgoDox.

The Aerodox has three nRF51822 modules — one for the halves to communicate, one for the control half to send key presses, and a third on the receiver side. [Simon] was using two AA cells to power each one, and was having trouble with the range back to the PC.

The NRFs want 3.3 V, but will allegedly settle for 2 V when times are hard. [Simon] added a boost converter to give each a solid 3.3 V, and the Aerodox became reliable enough to be [Simon]’s daily driver. But let’s go back to the as-yet-unrealized potential part.

Continue reading “Keebin’ With Kristina: The One With The Tri-lingual Typewriter” →

Electromyography Hack Chat

January 17, 2022 by Dan Maloney No comments

Join us on Wednesday, January 19 at noon Pacific as we kick off the 2022 Hack Chat season with the Electromyography Hack Chat with hut!

It’s one of the simplest acts most people can perform, but just wiggling your finger is a vastly complex process under the hood. Once you consciously decide to move your digit, a cascade of electrochemical reactions courses from the brain down the spinal cord and along nerves to reach the muscles fibers of the forearm, where still more reactions occur to stimulate the muscle fibers and cause them to contract, setting that finger to wiggling.

The electrical activity going on inside you while you’re moving your muscles is actually strong enough to make it to the skin, and is detectable using electromyography, or EMG. But just because a signal exists doesn’t mean it’s trivial to make use of. Teasing a usable signal from one muscle group amidst the noise from everything else going on in a human body can be a chore, but not an insurmountable one, even for the home gamer.

To make EMG a little easier, our host for this Hack Chat, hut, has been hard at work on PsyLink, a line of prototype EMG interfaces that can be used to detect muscle movements and use them to control whatever you want. In this Hack Chat, we’ll dive into EMG in general and PsyLink in particular, and find out how to put our muscles to work for something other than wiggling our fingers.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 19 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Continue reading “Electromyography Hack Chat” →

Hackaday Links: January 16, 2022

January 16, 2022 by Dan Maloney 21 Comments

As winter well and truly grips the northern hemisphere, it’s time once again to dunk on Tesla for leaving some owners out in the cold — literally. It seems that some Model 3 and Model Y owners are finding their ride’s heat pump isn’t exactly up to the task of, you know, pumping heat. That this seems to be happening mostly in the northeastern US and southern Canada, where a polar vortex is once again dominating the weather and driving temperatures down into the -30 °C (-22 °F) range, perhaps speaks more to the laws of thermodynamics than it does to the engineering of the Tesla climate control system. After all, if there’s not much heat outside the car, it’s hard to pump it inside. But then again, these are expensive machines, some of which have had extensive repairs to address this exact same issue when it cropped up last year. It seems to us that owners have a legitimate gripe with Tesla about this, and they may be getting some help from the Feds, who are taking an interest in the situation from a safety standpoint. After all, no heat likely means fogged up windows, and that’s hardly conducive to a safe trip. But hey, that’s what self-driving is for, right?

Much has been made of the dearth of engineering cameras on the James Webb Space Telescope, and the fact that we’ve been relying on animations to illustrate the dozens of deployments needed to unfurl the observatory and make it ready for its mission. Putting aside the fact that adding extra cameras to the spacecraft makes little sense since the interesting stuff was all happening on the side where the sun doesn’t shine, we did get treated to what was billed as “humanity’s last look at Webb” thanks to an engineering camera on the Ariane 5 rocket. But not so fast — an astrophotographer named Ethan Gone managed to spot the JWST as it transited to L2 the day after launch. Granted, the blip of light isn’t as spectacular as the Ariane shots, and it took a heck of a lot of astrophotography gear to do it, but it’s still thrilling to watch Webb moving gracefully through Orion.

Continue reading “Hackaday Links: January 16, 2022” →

Hacking Is Hacking

January 15, 2022 by Elliot Williams 5 Comments

Tom Nardi and I had a good laugh this week on the Podcast when he compared the ECU hacks that enabled turning a VW with steering assist into a self-driver to a hack last week that modified a water cooler to fill a particular cup. But it’s actually no joke — some of the very same techniques are used in both efforts, although the outcome of one is life-and-death, and the other is just some spilled ice-cold water.

This reminded me of Travis Goodspeed’s now-classic talk “In Praise of Junk Hacking” from way back in 2016. For background, this was a time when IoT devices and their security were in their relative infancy, and some members of the security community were throwing shade on the dissection of “mere” commercial crap. (Looked back on from today, where every other member of a Botnet is an IP camera, that argument didn’t age well.)

Travis’ response was that hacking on junk lets us focus on the process — the hack itself — rather than getting distracted by the outcome. Emotions run high when a security flaw affects millions of individuals, but when it’s a Tamagotchi or a pocket calculator, well, it doesn’t really matter, so you focus on the actual techniques. And as Travis points out, many of these techniques learned on junk will be useful when it counts. He learned about methods to defeat address-space randomization, for instance, from an old hack on the TI-85 calculator, which garbage-collected the variables that needed to be overwritten.

So I had junk hacking in the back of my mind when I was re-watching Hash Salehi’s great talk on his work reverse engineering smart meters. Funnily enough, he started off his reverse engineering journey eleven years ago with work on a robot vacuum cleaner’s LIDAR module. Junk hacking, for sure, but the same techniques taught him to work on devices that are significantly more serious. And in the craziest of Hackaday synergies, he even hat-tipped Travis’ talk in his video! Hacking is hacking!

3D Printering: Getting Started With Universal Bed Leveling

January 14, 2022 by Al Williams 10 Comments

Last time we talked about how Marlin has several bed leveling mechanisms including unified bed leveling or UBL. UBL tries to be all things to all people and has provisions to create dense meshes that model your bed and provides ways for you to adjust and edit those meshes.

We talked about how to get your printer ready for UBL last time, but not how to use it while printing. For that, you’ll need to create at least one mesh and activate it in your startup code. You will also want to correctly set your Z height to make everything work well. Continue reading “3D Printering: Getting Started With Universal Bed Leveling” →

Hackaday Podcast 151: The Hackiest VR Glove, Plotting Boba Fett With Shoelaces, ECU Hacking, And Where Does Ammonia Come From?

January 14, 2022 by Tom Nardi No comments

Hackaday Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi are back again to talk about all the weird and wonderful stories from our corner of the tech world. Canon had to temporarily give up on chipping their ink cartridges due to part shortages, and that’s just too perfect to ignore. There’s also some good news for the International Space Station as the White House signals they’re ready to support the orbiting outpost until 2030.

We’ll also look at an extremely promising project to deliver haptic feedback for VR, programming bare-metal x86 with the Arduino IDE, and the incredible reverse engineering involved in adding a DIY autonomous driving system to a 2010 Volkswagen Golf. Finally we’ll find out why most of the human life on this planet depends on a process that many people have never heard of, and learn about the long history of making cars heavier than they need to be.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download