Hackaday Podcast 052: Shorting Components, Printing Typewriter Balls, Taking Minimal Time Lapse, And Building A Makerspace Movie Prop

Hackaday editors Elliot Williams and Mike Szczys recap a great week in hardware hacking. There’s perfection in the air as clever 3D-printing turns a button and LED matrix into an aesthetically awesome home automation display. Take a crash course in RF modulation types to use on your next project. Did you know the DB-9 connector is actually a DE-9? Building your own underwater ROV tether isn’t as simple as it sounds. And Elliot found a treasure trove of zero-ohm jumpers in chip packages — what the heck are these things for?

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 052: Shorting Components, Printing Typewriter Balls, Taking Minimal Time Lapse, And Building A Makerspace Movie Prop”

This Week In Security: OpenSMTPD, Kali Release, Scareware, Intel, And Unintended Consequences

If you run an OpenBSD server, or have OpenSMTPD running on a server, go update it right now. Version 6.6.2, released January 28th, fixes an exploit that can be launched locally or remotely, simply by connecting to the SMTP service. This was found by Qualys, who waited till the update was released to publish their findings.

It’s a simple logic flaw in the code that checks incoming messages. If an incoming message has either an invalid sender’s username, or invalid domain, the message is sent into error handling logic. That logic checks if the domain is an empty string, in which case, the mail is processed as a local message, sent to the localhost domain. Because the various parts of OpenSMTPD operate by executing commands, this logic flaw allows an attacker to inject unexpected symbols into those commands. The text of the email serves as the script to run, giving an attacker plenty of room to totally own a system as a result.

Browser Locker

“Your browser has been locked to prevent damage from a virus. Please call our Windows help desk immediately to prevent further damage.” Sound familiar? I can’t tell you how many calls I’ve gotten from freaked-out customers, who stumbled upon a scare-ware site that locked their browser. This sort of scam is called a browlock, and one particular campaign was pervasive enough to catch the attention of the researchers at Malwarebytes (Note, the picture at the top of their article says “404 error”, a reference to a technique used by the scam. Keep reading, the content should be below that.).

“WOOF”, Malwarebyte’s nickname for this campaign, was unusual both in its sophistication and the chutzpah of those running it. Browsers were hit via ads right on the MSN homepage and other popular sites. Several techniques were used to get the malicious ads onto legitimate sites. The most interesting part of the campaign is the techniques used to only deliver the scareware payload to target computers, and avoid detection by automated scanners.

It seems that around the time Malwarebytes published their report, the central command and control infrastructure behind WOOF was taken down. It’s unclear if this was a coincidence, or was a result of the scrutiny they were under from the security community. Hopefully WOOF is gone for good, and won’t simply show up at a different IP address in a few days.

Kali Linux

Kali Linux, the distribution focused on security and penetration testing, just shipped a shiny new release. A notable new addition to the Kali lineup is a rootless version of their Android app. Running an unrooted Android, and interested in having access to some security tools on the go? Kali now has your back.

Not all the tools will work without root, particularly those that require raw sockets, and sending malformed packets. It’s still a potentially useful tool to put into your toolbox.

Cacheout, VRD, and Intel iGPU Leaks

Intel can’t catch a break, with three separate problems to talk about. First up is cacheout, or more properly, CVE-2020-0549, also known as L1DES. It’s a familiar song and dance, just a slightly different way to get there. On a context switch, data in the Level 1 cache isn’t entirely cleared, and known side-channel attacks can be used to read that data from unprivileged execution.

VRD, Vector Register Sampling, is another Intel problem just announced. So far, it seems to be a less exploitable problem, and microcode updates are expected soon to fix the issue.

The third issue is a bit different. Instead of the CPU, this is a data leak via the integrated GPU. You may be familiar with the most basic form of this problem. Some video games will flash garbage on the screen for a few moments while loading. In some cases, rather than just garbage, images, video stills, and other graphics can appear. Why? GPUs don’t necessarily have the same strict separation of contexts that we expect from CPUs. A group of researchers realized that the old assumptions no longer apply, as nearly every application is video accelerated to some degree. They published a proof of concept, linked above, that demonstrates the flaw. Before any details were released, Phoronix covered the potential performance hit this would cause on Linux, and it’s not great.

Unintended Legal Consequences

Remember the ransomware attack that crippled Baltimore, MD? Apparently the Maryland legislature decided to step in and put an end to ransomware, by passing yet another law to make it illegal. I trust you’ll forgive my cynicism, but the law in question is a slow-moving disaster. Among other things, it could potentially make the public disclosure of vulnerabilities a crime, all while doing absolutely nothing to actually make a difference.

GE Medical Equipment Scores 10/10

While scoring a 10 out of 10 is impressive, it’s not something to be proud of, when we’re talking about a CVE score, where it’s the most critical rating. GE Healthcare, subsidiary of General Electric, managed five separate 10.0 CVEs in healthcare equipment that they manufacture, and an 8.5 for a sixth. Among the jewels are statements like:

In the case of the affected devices, the configuration also contains a private key. …. The same private key is universally shared across an entire line of devices in the CARESCAPE and GE Healthcare family of products.

The rest of the vulnerabilities are just as crazy. Hard-coded SMB passwords, a network KVM that has no credential checking, and ancient VNC versions. We’ve known for quite some time that some medical equipment is grossly insecure. It will apparently take a security themed repeat of the Therac-25 incident before changes take place.

Odds’n’ends

The Windows 7 saga continues, as Microsoft’s “last” update for the venerable OS broke many users’ desktop backgrounds. Microsoft plans to release a fix.

Firefox purged almost 200 extensions from their official portal over the last few weeks. It was found that over 100 extensions by 2Ring was secretly pulling and running code from a central server.

The Citrix problems we discussed last week has finally been addressed, and patches released, but not soon enough to prevent the installation of future-proof backdoors on devices in the wild. There are already plenty of reports of compromised devices. Apparently the exploitation has been so widespread, that Citrix has developed a scanning tool to check for the indicators of compromise (IoCs) on your devices. Apply patch, check for backdoors.

Retrotechtacular: Teasmade

We’re used to our domestic appliances being completely automated in 2020, but not so long ago they were much simpler affairs. Not everything required a human to run it though, an unexpected piece of electromechanical automation could be found in British bedrooms. This is the story of the Goblin Teasmade, an alarm clock with a little bit extra.

Continue reading “Retrotechtacular: Teasmade”

DDR-5? DDR-4, We Hardly Knew Ye

This month’s CES saw the introduction of max speed DDR5 memory from SK Hynix. Micron and other vendors are also reportedly sampling similar devices. You can’t get them through normal channels yet, but since you also can’t get motherboards that take them, that’s not a big problem. We hear Intel’s Xeon Sapphire Rapids will be among the first boards to take advantage of the new technology. But that begs the question: what is it?

SDRAM Basics

Broadly speaking, there are two primary contenders for a system that needs RAM memory: static and dynamic. There are newer technologies like FeRAM and MRAM, but the classic choice is between static and dynamic. Static RAM is really just a bunch of flip flops, one for each bit. That’s easy because you set it and forget it. Then later you read it. It can also be very fast. The problem is a flip flop usually takes at least four transistors, and often as many as six, so there’s only so many of them you can pack into a certain area. Power consumption is often high, too, although modern devices can do pretty well.

Continue reading “DDR-5? DDR-4, We Hardly Knew Ye”

RF Modulation: Crash Course For Hackers

When you’re looking to add some wireless functionality to a project, there are no shortage of options. You really don’t need to know much of the technical details to make use of the more well-documented modules, especially if you just need to get something working quickly. On the other hand, maybe you’ve gotten to the point where you want to know how these things actually work, or maybe you’re curious about that cheap RF module on AliExpress. Especially in the frequency bands below 1 GHz, you might find yourself interfacing with a module at really low level, where you might be tuning modulation parameters. The following overview should give you enough of an understanding about the basics of RF modulation to select the appropriate hardware for your next project.

Three of the most common digital modulation schemes you’ll see in specifications are Frequency Shift Keying (FSK), Amplitude Shift Keying (ASK), and LoRa (Long Range). To wrap my mechanically inclined brain around some concepts, I found that thinking of RF modulation in terms of pitches produced by a musical instrument made it more intuitive.

And lots of pretty graphs don’t hurt either. Signals from two different RF dev boards were captured and turned into waterfall and FFT plots using a $20 RTL-SDR dongle. Although not needed for wireless experimentation, the RTL-SDR is an extremely handy debugging tool, even to just check if a module is actually transmitting. Continue reading “RF Modulation: Crash Course For Hackers”

Open-Source Medical Devices Hack Chat

Join us on Wednesday, January 29 at noon Pacific for the Open-Source Medical Devices Hack Chat with Tarek Loubani!

In most of the developed world, when people go to see a doctor, they’re used to seeing the latest instruments and devices used. Most exam rooms have fancy blood pressure cuffs, trays of shiny stainless steel instruments, and a comfortable exam table covered by a fresh piece of crisp, white paper. Exams and procedures are conducted in clean, quiet places, with results recorded on a dedicated PC or tablet.

Such genteel medical experiences are far from universal, though. Many clinics around the world are located in whatever building is available, if they’re indoors at all. Supplies may be in chronically short supply, and to the extent that the practitioners have the instruments they need to care for patients, they’ll likely be older, lower-quality versions.

Tarek Loubani is well-versed in the practice of medicine under conditions like these, as well as far worse situations. As an emergency physician and researcher in Canada, he’s accustomed to well-appointed facilities and ample supplies. But he’s also involved in humanitarian relief, taking his medical skills and limited supplies to places like Gaza. He has seen first-hand how lack of the correct tools can lead to poor outcomes for patients, and chose to fight back by designing a range of medical devices and instruments that can be 3D-printed. His Glia Project has free plans for a high-quality stethoscope that can be built for a couple of dollars, otoscopes and pulse oximeters, and a range of surgical tooling to make the practice of medicine under austere conditions a little easier. Continue reading “Open-Source Medical Devices Hack Chat”

CRISPR Could Fry All Cancer Using Newly Found T-Cell

One of the human body’s greatest features is its natural antivirus protection. If your immune system is working normally, it produces legions of T-cells that go around looking for abnormalities like cancer cells just to gang up and destroy them. They do this by grabbing on to little protein fragments called antigens that live on the surface of the bad cells and tattle on their whereabouts to the immune system. Once the T-cells have a stranglehold on these antigens, they can release toxins that destroy the bad cell, while minimizing collateral damage to healthy cells.

CAR T-cell therapy process via National Cancer Institute

This rather neat human trick doesn’t always work, however. Cancer cells sometimes mask themselves as healthy cells, or they otherwise thwart T-cell attacks by growing so many antigens on their surface that the T-cells have no place to grab onto.

Medical science has come up with a fairly new method of outfoxing these crafty cancer cells called CAR T-cell therapy. Basically, they withdraw blood from the patient, extract the T-cells, and replace the blood. The T-cells are sent off to a CRISPR lab, where they get injected with a modified, inactive virus that introduces a new gene which causes the T-cells to sprout a little hook on their surface.

This hook, which they’ve dubbed the chimeric antigen receptor (CAR), allows the T-cell to chemically see through the cancer cells’ various disguises and attack them. The lab multiplies these super soldiers and sends them back to the treatment facility, where they are injected into the patient’s front lines.

Continue reading “CRISPR Could Fry All Cancer Using Newly Found T-Cell”