This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability

January 24, 2020 by Jonathan Bennett 5 Comments

A critical security bug was fixed in Chrome recently, CVE-2020-6378. The CVE report is still marked private, as well as the bug report. All we have is “Use-after-free in speech recognizer”. Are we out of luck, trying to learn more about this vulnerability? If you look closely at the private bug report, you’ll notice it’s in the Chromium bug tracker. Chrome is based primarily on the Chromium project, with a few proprietary features added. Since Chromium is open source, we can go find the code change that fixed this bug, and possibly learn more about it.

Off to the Chromium source, mirrored on Github. We could look at every commit, and eventually find the one we’re looking for, but Chromium commit messages usually include a reference to the bug that is fixed by that commit. So, we can use Github’s search function to find a commit that mentions 1018677. Just like that, we’ve found a single commit and more information.

The shutdown mentioned in the commit message is possibly referring to the browser being closed, but could also refer to the tab doing the speech recognizing, or even the speech system itself. Because multiple parts are being unloaded in parallel, there is a race condition between calling the abort object, and that object being unloaded from memory. This race can result in a classic use-after-free, jumping code execution to a memory location that’s already been freed.

All interesting, but how does this warrant a Critical rating? Enter the Web Speech API. I’m speculating just a bit, but it’s likely that this API uses the speech recognizer code in question. It may even be interacting with the security prompt that triggers the crash. Imagine that an attacking page attempts to use the speech API, and then releases the API object before the user can respond to the prompt. That *might* be the scenario that was discovered, though we’re deep into speculation, now. Continue reading “This Week In Security: Chrome Speech Bug, UDP Fragmentation, And The Big Citrix Vulnerability” →

The Truth Is In There: The Art Of Electronics, The X-Chapters

January 23, 2020 by Ted Yapo 41 Comments

If you’ve been into electronics for any length of time, you’ve almost certainly run across the practical bible in the field, The Art of Electronics, commonly abbreviated AoE. Any fan of the book will certainly want to consider obtaining the latest release, The Art of Electronics: The x-Chapters, which follows the previous third edition of AoE from 2015. This new book features expanded coverage of topics from the previous editions, plus discussions of some interesting but rarely traveled areas of electrical engineering.

For those unfamiliar with it, AoE, first published in 1980, is an unusually useful hybrid of textbook and engineer’s reference, blending just enough theory with liberal doses of practical experience. With its lively tone and informal style, the book has enabled people from many backgrounds to design and implement electronic circuits.

After the initial book, the second edition (AoE2) was published in 1989, and the third (AoE3) in 2015, each one renewing and expanding coverage to keep up with the rapid pace of the field. I started with the second edition and it was very well worn when I purchased a copy of the third, an upgrade I would recommend to anyone still on the fence. While the second and third books looked a lot like the first, this new one is a bit different. It’s at the same time an expanded discussion of many of the topics covered in AoE3 and a self-contained reference manual on a variety of topics in electrical engineering.

I pre-ordered this book the same day I learned it was to be published, and it finally arrived this week. So, having had the book in hand — almost continuously — for a few days, I think I’ve got a decent idea of what it’s all about. Stick around for my take on the latest in this very interesting series of books.

Continue reading “The Truth Is In There: The Art Of Electronics, The X-Chapters” →

P-51 Cockpit Recreated With Help Of Local Makerspace

January 22, 2020 by Dan Maloney 22 Comments

It’s surprisingly easy to misjudge tips that come into the Hackaday tip line. After filtering out the omnipresent spam, a quick scan of tip titles will often form a quick impression that turns out to be completely wrong. Such was the case with a recent tip that seemed from the subject line to be a flight simulator cockpit. The mental picture I had was of a model cockpit hooked to Flight Simulator or some other off-the-shelf flying game, many of which we’ve seen over the years.

I couldn’t have been more wrong about the project that Grant Hobbs undertook. His cockpit simulator turned out to be so much more than what I thought, and after trading a few emails with him to get all the details, I felt like I had to share the series of hacks that led to the short video below and the story about how he somehow managed to build the set despite having no previous experience with the usual tools of the trade.

Continue reading “P-51 Cockpit Recreated With Help Of Local Makerspace” →

Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic

January 21, 2020 by Dan Maloney 49 Comments

Anyone in the know about IoT security is likely to steer clear of a physical security product that’s got some sort of wireless control. The list of exploits for such devices is a long, sad statement on security as an afterthought, if at all. So it’s understandable if you think a Bluetooth-enabled lock is best attacked via its wireless stack.

As it turns out, the Master 5440D Bluetooth Key Safe can be defeated in a few minutes with just a screwdriver. The key safe is the type a realtor or AirBnB host would use to allow access to a property’s keys. [Bosnianbill] embarked on an inspection of the $120 unit, looking for weaknesses. When physical attacks with a hammer and spoofing the solenoids with a magnet didn’t pay off, he decided to strip off the resilient skin that Master so thoughtfully provided to prevent the box from marring the finish of a door or gate. The denuded device thus revealed its awful secret: two Phillips screws, each securing a locking shackle to the cover. Once those are loose, a little prying with a screwdriver is all that’s need to get the keys to the kingdom.

In a follow-up video posted later, [Bill] took a closer look at another key safe and found that Master had made an anemic effort to fix this vulnerability with a squirt of epoxy in each screw head. It’s weak, at best, since a tap with a hammer compresses the gunk enough to get a grip on the screw.

We really thought [Bosnianbill]’s attack would be electronic, like that time [Dave Jones] cracked a safe with an oscilloscope. Who’d have thought a screwdriver would be the best way past the wireless stack?

Continue reading “Fail Of The Week: Padlock Purports To Provide Protection, Proves Pathetic” →

Teardown: BilBot Bluetooth Robot

January 20, 2020 by Tom Nardi 16 Comments

Historically, the subject of our January teardown has been a piece of high-tech holiday lighting from the clearance rack; after all, they can usually be picked up for pocket change once the trucks full of Valentine’s Day merchandise start pulling up around the back of your local Big Box retailer. But this year, we’ve got something a little different.

Today we’re looking at the BilBot Bluetooth robot, which over the holidays was being sold at Five Below for (you guessed it) just $5 USD. These were clearly something the company hoped to sell a lot of, with stacks of the little two-wheeled bots in your choice of white and yellow livery right by the front door. With wireless control from your iOS or Android device, and intriguing features like voice command, I’d be willing to bet they managed to move quite a few of these at such a low price.

For folks like us, it can be hard to wrap our minds around a product like this. It must have a Bluetooth radio, some kind of motor controller, and of course the motors and gears themselves. Yet they can sell it for the price of a budget hamburger and still turn a profit. If you wanted to pick up barebones robotics platform, with just a couple gear motors and some wheels, it would cost more than that. The economies of scale are a hell of a thing.

Which made me wonder, could hackers take advantage of this ultra-cheap robot for our own purposes? It’s pretty much a given that the software for this robot will be terrible, and that whatever control electronics live inside it will be marginal at best. But what if we write those off and just look at the BilBot as a two-wheeled platform to carry our own electronics? It’s certainly worth $5 to find out.

Continue reading “Teardown: BilBot Bluetooth Robot” →

Austere Engineering Hack Chat

January 20, 2020 by Dan Maloney 6 Comments

Join us on Wednesday, January 22 at noon Pacific for the Austere Engineering Hack Chat with Laurel Cummings!

For most of us, building whatever it is that needs building is something that occurs in relative comfort and abundance. Sure, there are cold workshops and understocked parts bins to deal with, but by and large, we’re all working in more or less controlled environments where we can easily get to the tools and materials we need to complete the job.

But not all engineering is done under such controlled conditions. Field operations often occur miles from civilization, and if whatever you need is not in the back of the truck, it might as well not exist. At times like this, the pressure is on to adapt, improvise, and overcome to get the job done, especially if people’s lives and well-being are at stake.

All of this is familiar territory for Laurel Cummings, an electrical engineer and an associate at Building Momentum, a technology development and training concern based in Virginia. Her job is to get out in the field and work with the company’s mainly military and corporate clients and help them deal with the challenges of austere environments, including disaster response efforts.

From a North Carolina beach ravaged by Hurricane Florence to the deserts of Kuwait, Laurel has had to think her way out of more than a few sticky situations. Join us as we discuss what it takes to develop and deploy field-expedient solutions under less-than-ideal situations, learn how to know when good enough is good enough, and maybe even hear a few war stories too.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, January 22 at 12:00 PM Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: January 19, 2020

January 19, 2020 by Dan Maloney 20 Comments

We’ve seen some interesting pitches in personal ads before, but this one takes the cake. Japanese billionaire Yusaku Maezawa is looking for a date to go along with him on his paid trip to the Moon, with the hope of finding a life partner. Maezawa is slated to be SpaceX’s first commercial lunar flyby customer, and will make the trip no earlier than 2023. That should give him plenty of time to go through the 20,000 applications he received from single women 20 and older with bright personalities and positive attitudes. And he should have plenty of time to make an awesome mixtape for the ride.

Imagine snooping through your kid’s garbage can only to find a used syringe lying in there. Most of us would likely be able to tell that the syringe once contained thermal compound or solder paste and be suitably proud of the little chip off the block, but apparently Cooler Master has fielded enough calls from panicked normie parents that they decided to change the design of their applicators. Given the design of the new applicator we doubt that’s really the reason, but it’s a good marketing story, and we can totally see how someone could mistake the old applicator for something illicit.

It looks as though SpaceX could be getting itself into legal trouble with its Starlink launches. Or more correctly, the FCC might, having apparently violated the National Environmental Policy Act, a Nixon-era law that requires government agencies to consider the environmental impact of any projects they approve. The Federal Communications Commission has been using a loophole in the law to claim a “categorical exemption” from these reviews when approving communications projects, particularly space-based projects. It’s not clear whether space is legally considered part of the environment, so the lawyers are hashing that out. If the FCC gets sued and loses, it’s not clear what happens to the existing Starlink satellites or future launches. Stay tuned for details.

Don’t forget that the Open Hardware Summit is coming soon. The 2020 meeting is the 10th anniversary of the confab, to be held on March 13 in New York. Hackaday is, of course, a proud sponsor of the conference, and our own Sophi Kravtiz will be the keynote speaker! Get your tickets soon.

Tired of off-loading data manipulation and analysis tasks to R in your Python programs? Then you’re probably already aware of Pandas, the Python library that converts data into dataframe objects for easier manipulation. Pandas has (have?) been in pre-release for years, but there’s now a legit 1.0.0 release candidate available. Now might be the time for you Python data mungers to get onboard the Pandas Express.

And finally, the Consumer Electronics Show is a yearly gift to anyone in the tech media, providing as it does so many examples of outrageous uses for the latest technology. To wit, we have LuluPet, the world’s first feces-analyzing cat litter box. LuluPet uses a built-in camera along with IR sensors and an “AI chip” to monitor your cat’s dookie and provide an alert if anything looks awry. On the one hand, inspecting cat poop is a job we’d love to outsource, but on the other hand, most cats we know are quick to cover the evidence of their excretions with kitty litter, leaving a clay-encrusted blob rather than the turds with defined borders that would seem to be needed for image recognition to do its job. We’ll reserve judgment on this one until we see a review.