Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security

April 19, 2019 by Jonathan Bennett 21 Comments

Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as safe.

Nearly a year later, Kaspersky Labs announced they had confirmed this strange update was indeed a supply chain attack — one that attacks a target by way of another vendor. Another recent example is the backdoor added to CCleaner, when an unknown actor compromised the build system for CCleaner and used that backdoor to target other companies who were using CCleaner. Interestingly, the backdoor in CCleaner has some similarities to the backdoor in the Asus updater. Combined with the knowledge that Asus was one of the companies targeted by this earlier breach, the researchers at Kaspersky Lab suggest that the CCleaner attack might have been the avenue by which Asus was compromised.

Shadowhammer sits quietly on the vast majority of machines it infects. It’s specifically targeted at a pool of about 600 machines, identified by their network card’s MAC address. We’ve not seen any reporting yet on who was on the target list, but Kaspersky is hosting a service to check whether your MAC is on the list.

While we’re still waiting for the full technical paper, researchers gave a nearly 30 minute presentation about Shadowhammer, embedded below the break along with news about Dragonblood, Amazon listening to your conversations, and the NSA delivering on Ghidra source code. See you after the jump!
Continue reading “Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security” →

Teardown: The Guts Of A Digital Sentry

April 18, 2019 by Inderpreet Singh 6 Comments

I have a home alarm system that has me wondering if I can make it better with my maker Kung-fu. Recently we had to replace our system, so I took the time to dissect the main controller, the remote sensors, and all the bits that make a home security system work.

To be precise, the subject of today’s interrogation is a Zicom brand Home Alarm that was quite famous a decade ago. It connects to a wired telephone line, takes inputs from motion, door, and gas sensors, and will make quite a racket if the system is tripped (which sometimes happened accidentally). Even though no circuits were harmed in the making of this post, I assure you that there are some interesting things that will raise an eyebrow or two. Lets take a look.

Continue reading “Teardown: The Guts Of A Digital Sentry” →

What Can You Learn From An Eggbot?

April 17, 2019 by Elliot Williams 32 Comments

An eggbot is probably the easiest introduction to CNC machines that you could possibly hope for, at least in terms of the physical build. But at the same time, an eggbot can let you get your hands dirty with all of the concepts, firmware, and the toolchain that you’d need to take your CNC game to the next level, whatever that’s going to be. So if you’ve been wanting to make any kind of machine where stepper motors move, cut, trace, display, or simply whirl around, you can get a gentle introduction on the cheap with an eggbot.

Did we mention Easter? It’s apparently this weekend. Seasonal projects are the worst for the procrastinator. If you wait until the 31st to start working on your mega-awesome New Year’s Dropping Laser Ball-o-tron 3000, it’s not going to get done by midnight. Or so I’ve heard. And we’re certainly not helping by posting this tutorial so late in the season. Sorry about that. On the other hand, if you start now, you’ll have the world’s most fine-tuned eggbot for 2020. Procrastinate tomorrow!

I had two main goals with this project: getting it done quickly and getting it done easily. That was my best shot at getting it done at all. Secondary goals included making awesome designs, learning some new software toolchains, and doing the whole thing on the cheap. I succeeded on all counts, and that’s why I’m here encouraging you to build one for yourself.

Continue reading “What Can You Learn From An Eggbot?” →

Next Week Is KiCon: Come For The Talks, Stay For The Parties

April 17, 2019 by Mike Szczys 7 Comments

KiCad is the electronic design automation software that lives at the intersection of electronic design and open source software. It’s seen a huge push in development over the last few years which has grown the suite into a mountain of powerful tools. To help better navigate that mountain, the first ever KiCad conference, KiCon, is happening next week in Chicago and Hackaday is hosting one of the afterparties.

The two days of talks take place on April 26th and 27th covering a multitude of topics. KiCad’s project leader, Wayne Stambaugh, will discuss the state of the development effort. You’ll find talks on best practices for using the software as an individual and as a team, how to avoid common mistakes, and when you should actually try to use the auto-router. You can learn about automating your design process with programs that generate footprints, by connecting it through git, and through alternate user interfaces. KiCad has 3D modeling to make sure your boards will fit their intended enclosures and talks will cover generating models in FreeCAD and rendering designs in both Fusion360 and Blender. Dust off your dark arts with RF and microwave design tips as well as simulating KiCad circuits in SPICE. If you can do it in KiCad, you’ll learn about it at KiCon.

Of course there’s a ton of fun to be had as interesting hackers from all over the world come together in the Windy City. Hackaday’s own Anool Mahidharia and Kerry Scharfglass will be presenting talks, and Mike Szczys will be in the audience. We anticipate an excellent “lobby con” where the conversations away from the stages are as interesting as the formal talks. And of course there are afterparties!

Friday 4/26 Pumping Station: One, the popular Chicago hackerspace now celebrating its 10 year anniversary, is hosting an afterparty (details TBA)
Saturday 4/27: Hackaday is hosting an after party at Jefferson Tap from 6-8:30. We’re providing beverages and light food for all who attended the conference.

If you still don’t have a ticket to KiCon, you better get one right now. We’re told that you can count what’s left on two hands. Supplyframe (Hackaday’s parent company) is a sponsor of KiCon, and we have two extra tickets that came with that sponsorship. We like seeing a diverse community at these events and have saved these tickets for people from under-represented groups (such as for example women, LGBT+, and people of color) in the hardware world. Email us directly for the tickets, your information will remain confidential.

We’re looking forward to seeing everyone next week!

Picking The Right Sensors For Home Automation

April 16, 2019 by Maya Posch 22 Comments

Imagine that you’re starting a project where you need to measure temperature and humidity. That sounds easy in the abstract, but choosing a real device out of many involves digging into seemingly infinite details and trade-offs that come with them. If it’s a low-stakes monitoring project, picking the first sensor that comes to mind might suffice. But when the project aims to control an AC system in an office of temperature-sensitive coders, it pays to take a hard look at the source of all information: the sensor.

Continuing a previous article I would like to use that same BMaC project from that article as a way to illustrate how even a couple of greenhorns can figure out how to pick everything from environmental sensors to various actuators, integrating it into a coherent system that in the end actually does what it should.

Continue reading “Picking The Right Sensors For Home Automation” →

2019 Hackaday Prize Hack Chat

April 15, 2019 by Dan Maloney 5 Comments

Join us Wednesday, April 17 at noon Pacific time for the 2019 Hackaday Prize Hack Chat!

The 2019 Hackaday Prize was just announced, and this year the theme is designing for manufacturing. The hacker community has come a long, long way in the last few years in terms of the quality of projects we turn out. Things that were unthinkable just a few short years ago are now reduced to practice, and our benches and breadboards are always stuffed with the latest and greatest components and modules, all teaming up to do wondrous things. But what about the next step? Do you have what it takes to turn that mess o’ wires into a product? What skills do you need to add to your repertoire to make sure you can actually capitalize on your prototype — or more importantly, to get your ideas into someone else’s hands where they can actually do some good? That’s what the Hackaday Prize is all about this year, and we want you taking your projects to the next level!

Majenta Strongheart will be hosting the Hack Chat as we discuss:

The importance of designing for manufacturing;
What tools we have available to turn prototypes into projects;
How the Hackaday Prize is set up this year, and why the theme was selected; and
Why you should participate in the 2019 Hackaday Prize

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the 2019 Hackaday Prize Hack Chat and we’ll put that in the queue for the Hack Chat discussion.

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, April 17, at noon, Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Teardown: Nihon Kenko Magnetic Wave Tester

April 15, 2019 by Tom Nardi 35 Comments

You never know what kind of wonders you’ll find on eBay, especially when you have a bunch of alerts configured to go off when weird electronic devices pop up. You may even find yourself bidding on something despite not being entirely sure what it is. Perhaps you’re a collector of unusual gadgets, or maybe it’s because you’ve committed to doing monthly teardowns for the hacker blog you work for. In any event, you sometimes find yourself in possession of an oddball device that requires closer inspection.

Case in point, this “Magnetic Wave Tester” from everyone’s favorite purveyor of high-end electronics, Nihon Kenko Zoushin Kenkyukai Corporation. The eBay listing said the device came from an estate sale and the seller didn’t know much about it, but with just a visual inspection we can make some educated guesses. When a strong enough magnetic field is present, the top section on the device will presumably blink or light up. As it has no obvious method of sensitivity adjustment or even a display to show specific values, it appears the unit must operate like an electromagnetic canary in a coal mine: if it goes off, assume the worst.

If you’re wondering what the possible use for such a gadget is, you’re not the only one. I wasn’t able to find much information about this device online, but the few mentions I found didn’t exactly fill me with confidence. It seems two groups of people are interested in this type of “Magnetic Wave Tester”: people who believe strong magnetic fields have some homeopathic properties, or those who think it will allow them to converse with ghosts. In both cases, these aren’t the kind of users who want to see a microtesla readout; they want a bright blinking light to show their friends.

So without further ado, let’s align our chakras, consult with the spirits, and see what your money gets you when you purchase a pocket-sized hokum detector.

Continue reading “Teardown: Nihon Kenko Magnetic Wave Tester” →