This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by Jonathan Bennett 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day” →

KiCad Community Shines At First Ever KiCon

April 30, 2019 by Mike Szczys 22 Comments

Last weekend was KiCon, a gathering of hardware developers from all over the world who use KiCad open source EDA software. This included many of the software engineers who drive development, people who use KiCad in their business, and those who simply love it for being a professional quality tool available for anyone to use.

From hardware show-and-tell, to the lineup of talks, and the social events each evening, there was so much packed into two (plus) days. Join me after the break for a whirlwind tour of the people and the hardware found at 2019 KiCon.

Continue reading “KiCad Community Shines At First Ever KiCon” →

Ask Hackaday: Is USB Robust Enough?

April 29, 2019 by Mike Szczys 60 Comments

Earlier this month a single person pleaded guilty to taking down some computer labs at a college in New York. This was not done by hacking into them remotely, but by plugging a USB Killer in one machine at a time. This malicious act caused around $58,000 in damage to 66 machines, using a device designed to overload the data pins on the USB ports with high-voltage. Similar damage could have been done with a ball-peen hammer (albeit much less discreetly), and we’re not here to debate the merits of the USB Killer devices. If you destroy property you don’t own you should be held accountable.

But the event did bring an interesting question to mind. How robust are USB ports? The USB Killer — which we’ve covered off and on through the years — is billed as a “surge testing” device and operates by injecting -200 volts DC on the data lines of the USB connection. Many USB ports are not protected against this and the result is permanent damage to the computer hardware. Is protection for these levels of abuse necessary or would it needlessly add cost to our machines?

A chip like the TPD4S014 has ESD protection on the data lines that is rated up to +/- 1500 volts, clamping to ground to dissipate the energy. It’s a solution that should protect against repeated spikes on the data lines, as well as short circuits on the power lines and over/undervoltage situations.

The ADuM4160 is an interesting step up from this. It’s designed to provide isolation between a USB host and the device connected to it. Rather than relying on clamping, this chip implements isolation through air core transformers. Certainly this would be overkill to install in every product, but for those of use building and testing USB devices this would save you from “Oops, wrong USB cable” moments at the work bench.

Speaking of accidents at the bench, there is certainly a demand for USB isolation outside of what’s built into our computers. Earlier this year we saw a fantastic take on a properly-designed USB power strip. Among the goals were current limiting, undervoltage protection, and a proper power disconnect switch for each port. The very need to design your own reminds us that consumer manufacturers are often lazy in their USB design. “Use a USB hub” is bad advice for protection at the workbench since quality of design varies so wildly.

We would be interested in hearing from anyone who has insight on standards applying to equipment continuing to survive over current or over voltage events and remain functional. There are standards like UL-60950 that should apply to USB. But that standard includes language about failing safe for the operator, not necessarily remaining functional:

After abnormal operation or a single fault (see 1.4.14), the equipment shall remain safe for an OPERATOR in the meaning of this standard, but it is not required that the equipment should still be in full working order. It is permitted to use fusible links, THERMAL CUT-OUTS, overcurrent protection devices and the like to provide adequate protection.

So, we’re here to ask you, the readers of Hackaday. Are our USB devices robust enough? Do you have a go-to USB protection chip, part, or other circuit you like to use? Have you ever accidentally killed a USB host device (if so, how)? Do you have special equipment that you depend on when developing projects involving USB? Let us know what you think in the comments below.

AI At The Edge Hack Chat

April 29, 2019 by Dan Maloney 4 Comments

Join us Wednesday at noon Pacific time for the AI at the Edge Hack Chat with John Welsh from NVIDIA!

Machine learning was once the business of big iron like IBM’s Watson or the nearly limitless computing power of the cloud. But the power in AI is moving away from data centers to the edge, where IoT devices are doing things once unheard of. Embedded systems capable of running modern AI workloads are now cheap enough for almost any hacker to afford, opening the door to applications and capabilities that were once only science fiction dreams.

John Welsh is a Developer Technology Engineer with NVIDIA, a leading company in the Edge computing space. He’ll be dropping by the Hack Chat to discuss NVIDIA’s Edge offerings, like the Jetson Nano we recently reviewed. Join us as we discuss NVIDIA’s complete Jetson embedded AI product line up, getting started with Edge AI, and where Edge AI is headed.

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, May 1 at noon Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

Hackaday Links: April 28, 2019

April 28, 2019 by Brian Benchoff 19 Comments

Lego is releasing a series of Braille bricks. As near as we can tell, these Braille bricks are standard 2 x 4 bricks, with studs corresponding to Braille letters on the top. There are also screen/pad printed legends on top. I don’t mean to be a downer, but why, exactly, is this being created now? Did it really take fifty years for someone to say, ‘hey, if you don’t put some studs on top of a brick, it becomes Braille?’ How is this not already a thing? This isn’t me being facetious — how did it take so long for this to be invented?

KiCon is this weekend, so here’s a tip for everyone in Chicago right now: get a hot dog. Don’t put ketchup on it, or else someone will shoot you.

KiCon and Moogfest in one weekend? Yes, and that means new toys. The Matriarch is Moog’s latest synthy boi and the apparent successor to last year’s Moog Grandmother. The Matriarch is a four-note paraphonic synth that is semi-modular; no, you don’t need patch cables to make noises, but there are ninety-odd patch points for modular fun. It’s two grand, which is getting up there in the synth game. If only Radio Shack were still around and sold Moog synths…

We’re all aware that Russia launches rockets out of Baikonur cosmodrome, and the first stages eventually make their way onto the steppes of Kazakhstan. The locals, few there are, end up recycling these rockets, scrapping them, and sometimes taking space tourists and photojournalist out to the crash site of these boosters. Russia has other spaceports, and now we’re getting pictures of booster crashes from the frozen north. These rockets came from the Plesetsk cosmodrome and fell in the boreal forests near Arkhangelsk where hunters discovered them. Yes, these boosters are carcinogenic, but that’s what you do when a few tons of aluminum and titanium fall in your backyard.

No spoilers, but oh man the after-credits scene in Endgame was hilarious.

Parametric Amplifiers And Varactors

April 26, 2019 by Al Williams 9 Comments

It is hard to imagine a time without active amplification. However, if you go back far enough, radio communications started in an era where generating RF required something like a spark gap and reception was only possible if the signal was strong enough at the antenna — like with a crystal radio. It would be a few years before tubes allowed both transmitted and receiving signals to be electronically amplified and longer still before transistors that would work at radio frequency appeared. However, even active devices have had their limitations and the parametric oscillator and amplifier are ways around some of those problems.

These were more popular in the 1970s when it was harder to get transistors that would work at very high frequencies. They are still useful when you need very low noise amplification. In addition, the same effect is used in optical devices and you can even observe the effect in mechanical devices.

What Is It Exactly?

The phrase parametric means that the amplification or oscillation occurs because of the change in a parameter of the system. A simple example would be a variable capacitor. We know the charge in a capacitor is equal to the capacitance times the voltage across the unit. That also implies that, if charge is known, we can know the voltage by dividing the charge by the capacitance. To put it in numerical terms, if a 0.1 farad capacitor has 12V across it, the charge is 1.2 coulombs. Suppose our input signal is 12V and we let the capacitor charge up to that value. Then we twist the capacitor’s knob to give it a value of 0.05 farad. The charge can’t change, so now we have 24 volts across the capacitor. That’s an amplification of 2 times. These values, of course, are not practical. Nor is it practical to twist a capacitor knob constantly to amplify. However, it is a good analog of how a parametric amplifier works.

Continue reading “Parametric Amplifiers And Varactors” →

Hackaday Podcast 016: 3D Printing With Steel, Molding With Expanded Foam, QUIP-Package Parts, And Aged Solder

April 26, 2019 by Mike Szczys 3 Comments

Join Editors Elliot Williams and Mike Szczys to recap the week in hardware hacking. This episode looks at microfluidics using Shrinky Dinks, expanding foam to build airplane wings, the insidious effect of time on component solder points, and Airsoft BBs used in 3D printing. Finishing out the episode we have an interview with two brothers who started up a successful business in the Shenzhen electronics markets.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)