Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars

About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.

On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.

Continue reading “Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars”

Wind Farms In The Night: On-Demand Warning Lights Are Coming

There appears to be no shortage of reasons to hate on wind farms. That’s especially the case if you live close by one, and as studies have shown, their general acceptance indeed grows with their distance. Whatever your favorite flavor of renewable energy might be, that’s at least something it has in common with nuclear or fossil power plants: not in my back yard. The difference is of course that it requires a lot more wind turbines to achieve the same output, therefore affecting a lot more back yards in total — in constantly increasing numbers globally.

Personally, as someone who encounters them occasionally from the distance, I find wind turbines mostly to be an eyesore, particularly in scenic mountainous landscapes. They can add a futuristic vibe to some otherwise boring flatlands. In other words, I can not judge the claims actual residents have on their impact on humans or the environment. So let’s leave opinions and emotions out of it and look at the facts and tech of one issue in particular: light pollution.

This might not be the first issue that comes to mind when thinking about wind farms. But wind turbines are tall enough to require warning lights for air traffic safety, and can be seen for miles, blinking away in the night sky. From a pure efficiency standpoint, this doesn’t seem reasonable, considering how often an aircraft is actually passing by on average. Most of the time, those lights simply blink for nothing, lighting up the countryside. Can we change this?

Continue reading “Wind Farms In The Night: On-Demand Warning Lights Are Coming”

Side-Channel Attacks Hack Chat With Samy Kamkar

Join us on Wednesday, March 25 at noon Pacific for the Side-Channel Attacks Hack Chat with Samy Kamkar!

In the world of computer security, the good news is that a lot of vendors are finally taking security seriously now, with the result that direct attacks are harder to pull off. The bad news is that in a lot of cases, they’re still leaving the side-door wide open. Side-channel attacks come in all sorts of flavors, but they all have something in common: they leak information about the state of a system through an unexpected vector. From monitoring the sounds that the keyboard makes as you type to watching the minute vibrations of a potato chip bag in response to a nearby conversation, side-channel attacks take advantage of these leaks to exfiltrate information.

Side-channel exploits can be the bread and butter of black hat hackers, but understanding them can be useful to those of us who are more interested in protecting systems, or perhaps to inform our reverse engineering efforts. Samy Kamkar knows quite a bit more than a thing or two about side-channel attacks, so much so that he gave a great talk at the 2019 Hackaday Superconference on just that topic. He’ll be dropping by the Hack Chat to “extend and enhance” that talk, and to answer your questions about side-channel exploits, and discuss the reverse engineering potential they offer. Join us and learn more about this fascinating world, where the complexity of systems leads to unintended consequences that could come back to bite you, or perhaps even help you.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 25 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Continue reading “Side-Channel Attacks Hack Chat With Samy Kamkar”

Ask Hackaday: What Should We Be Doing During Coronavirus Lockdown?

There’s a lot of good in the world and that includes you. Humanity has a way of coming together at crucial moments and we have certainly reached that with the outbreak and spread of the novel coronavirus. At this point, most people’s daily lives have been turned upside down. We can all have an impact on how this plays out.

It’s scary, it’s real, but we will get through this. What we need to focus on now is how we can behave that will lead to the best outcomes for the largest number of people. The real question is, how can we help? If you’re stuck at home it’s easy to feel powerless to help but that’s not true. Let’s cover a few examples, then open up the discussion in the comments so we can hear what has been working for you.

Continue reading “Ask Hackaday: What Should We Be Doing During Coronavirus Lockdown?”

Hackaday Links Column Banner

Hackaday Links: March 22, 2020

Within the span of just two months, our world of unimaginable plenty and ready access to goods manufactured across the globe has been transformed into one where the bare essentials of life are hard to find at any price. The people on the frontline of the battle against COVID-19 are suffering supply chain pinches too, often at great risk to their health. Lack of proper personal protective equipment (PPE), especially face masks, is an acute problem, and the shortage will only exacerbate the problem as healthcare workers go down for the count. Factories are gearing up to make more masks, but in the meantime, the maker and hacker community can pitch in. FreeSewing, an open-source repository of sewing patterns, has a pattern for a simple face mask called the Fu that can be made quickly by an experienced threadworker. Efficacy of the masks made with that pattern will vary based on the materials used, obviously; a slightly less ad hoc effort is the 100 Million Mask Challenge, where volunteers are given a pattern and enough lab-tested materials to make 100 face masks. If you know how to sew, getting involved might make a difference.

As people around the world wrap their heads around the new normal of social distancing and the loss of human contact, there’s been an understandable spike in interest in amateur radio. QRZ.com reports that the FCC has recorded an uptick in the number of amateur radio licenses issued since the COVID-19 outbreak, and license test prep site HamRadioPrep.com has been swamped by new users seeking to prepare for taking the test. As we’ve discussed, the barrier for entry to ham radio is normally very low, both in terms of getting your license and getting the minimal equipment needed to get on the air. One hurdle aspiring hams might face is the cancellation of so-called VE testing, where Volunteer Examiners administer the written tests needed for each license class. Finding a face-to-face VE testing session now might be hard, but the VEs are likely to find a way to adapt. After all, hams were social distancing before social distancing was cool.

The list of public events that have been postponed or outright canceled by this pandemic is long indeed, with pretty much everything expected to draw more than a handful of people put into limbo. The hacking world is not immune, of course, with many high-profile events scuttled. But we hackers are a resourceful bunch, and the 10th annual Open Source Hardware Summit managed to go off on schedule as a virtual meeting last week. You can watch the nearly eight-hour livestream while you’re self-isolating. We’re confident that other conferences will go virtual in the near-term too rather than cancel outright.

And finally, if you’re sick of pandemic news and just want some escapist engineering eye candy, you could do worse than checking out what it takes to make a DSLR camera waterproof. We’ve honestly always numbered cameras as among the very least waterproof devices, but it turns out that photojournalists and filmmakers are pretty rough on their gear and expect it to keep working even so. The story here focuses (sorry) on Olympus cameras and lenses, which you’ll note that Takasu-san only ever refers to as “splash-proof”, and the complex system of O-rings and seals needed to keep water away from their innards. For our money, the best part was learning that lenses that have to change their internal volume, like zoom lenses, need to be vented so that air can move in and out. The engineering needed to keep water out of a vented system like that is pretty impressive.

Hackaday Podcast 059: Hydraulic Rockets And Presses, Machine Vision That Bounces And Stares, And Smart Speakers That Listen To You

Hackaday editors Mike Szczys and Elliot Williams undertake a journey through the week of fantastic hacks. Add a new level of complexity to model rockets by launching them from a silo via pneumatic ram before the combustibles even get involved. The eyes of that sculpture are actually following you — and with laser focus! The Game Boy is a pillar of pop culture for a reason, there’s a superb talk that outlines all of the interesting choices that made the electronics so special. We round out the show with a rousing discussion of a space tow truck and a scholarly look at the sporadic wake patter of Alexa et al.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 059: Hydraulic Rockets And Presses, Machine Vision That Bounces And Stares, And Smart Speakers That Listen To You”

This Week In Security: Working From Home Edition

As the world sits back and waits for Coronavirus to pass, the normally frantic pace of security news has slowed just a bit. Google is not exempt, and Chrome 81 has been delayed as a result. Major updates to Chrome and Chrome OS are paused indefinitely, but security updates will continue as normal. In fact, Google has verified that the security related updates will be packaged as minor updates to Chrome 80.

Chinese Viruses Masquerading as Chinese Viruses

Speaking of COVID-19, researchers at Check Point Research stumbled upon a malware campaign that takes advantage of the current health scare. A pair of malicious RTF documents were being sent to various Mongolian targets. Created with a tool called “Royal Road“, these files target a set of older Microsoft Word vulnerabilities.

This particular attack drops its payload in the Microsoft Word startup folder, waiting for the next time Word is launched to run the next stage. This is a clever strategy, as it would temporarily deflect attention from the malicious files. The final payload is a custom RAT (Remote Access Trojan) that can take screenshots, upload and download files, etc.

While the standard disclaimer about the difficulty of attribution does apply, this particular attack seems to be originating from Chinese intelligence agencies. While the Coronavirus angle is new, this campaign seems to stretch back to 2017.
Continue reading “This Week In Security: Working From Home Edition”