This Week In Security: AirBorne, EvilNotify, And Revoked RDP

May 2, 2025 by Jonathan Bennett 2 Comments

This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and laptops, the iOS and iPadOS mobile devices, and many IoT devices that use the Apple SDK to provide AirPlay support. It’s a group of 16 CVEs based on 23 total reported issues, with the ramifications ranging from an authentication bypass, to local file reads, all the way to Remote Code Execution (RCE).

AirPlay is a WiFi based peer-to-peer protocol, used to share or stream media between devices. It uses port 7000, and a custom protocol that has elements of both HTTP and RTSP. This scheme makes heavy use of property lists (“plists”) for transferring serialized information. And as we well know, serialization and data parsing interfaces are great places to look for vulnerabilities. Oligo provides an example, where a plist is expected to contain a dictionary object, but was actually constructed with a simple string. De-serializing that plist results in a malformed dictionary, and attempting to access it will crash the process.

Another demo is using AirPlay to achieve an arbitrary memory write against a MacOS device. Because it’s such a powerful primative, this can be used for zero-click exploitation, though the actual demo uses the music app, and launches with a user click. Prior to the patch, this affected any MacOS device with AirPlay enabled, and set to either “Anyone on the same network” or “Everyone”. Because of the zero-click nature, this could be made into a wormable exploit. Continue reading “This Week In Security: AirBorne, EvilNotify, And Revoked RDP” →

Researchers Create A Brain Implant For Near-Real-Time Speech Synthesis

May 1, 2025 by Lewin Day 17 Comments

Brain-to-speech interfaces have been promising to help paralyzed individuals communicate for years. Unfortunately, many systems have had significant latency that has left them lacking somewhat in the practicality stakes.

A team of researchers across UC Berkeley and UC San Francisco has been working on the problem and made significant strides forward in capability. A new system developed by the team offers near-real-time speech—capturing brain signals and synthesizing intelligible audio faster than ever before.

Continue reading “Researchers Create A Brain Implant For Near-Real-Time Speech Synthesis” →

FLOSS Weekly Episode 831: Let’s Have Lunch

April 30, 2025 by Jonathan Bennett No comments

This week, Jonathan Bennett and Dan Lynch chat with Peter van Dijk about PowerDNS! Is the problem always DNS? How did PowerDNS start? And just how big can PowerDNS scale? Watch to find out!

Continue reading “FLOSS Weekly Episode 831: Let’s Have Lunch” →

Supercon 2024: Photonics/Optical Stack For Smart-Glasses

April 30, 2025 by Lewin Day 6 Comments

Smart glasses are a complicated technology to work with. The smart part is usually straightforward enough—microprocessors and software are perfectly well understood and easy to integrate into even very compact packages. It’s the glasses part that often proves challenging—figuring out the right optics to create a workable visual interface that sits mere millimeters from the eye.

Dev Kennedy is no stranger to this world. He came to the 2024 Hackaday Supercon to give a talk and educate us all on photonics, optical stacks, and the technology at play in the world of smart glasses.

Continue reading “Supercon 2024: Photonics/Optical Stack For Smart-Glasses” →

Illustrated Kristina with an IBM Model M keyboard floating between her hands.

Keebin’ With Kristina: The One With The Protractor Keyboard

April 29, 2025 by Kristina Panos 9 Comments

Don’t you love it when the title track is the first one on the album? I had to single out this adjustable keyboard called the Protractor, because look at it! The whole thing moves, you know. Go look at the gallery.

The Protractor, an adjustable monoblock split keyboard with sliding angles. — Image by [BFB_Workshop] via reddit

If you use a true split, even if you never leave the house, you know the pain of losing the good angle and/or separation you had going on for whatever reason. Not only does this monoblock split solve that simply by being a monoblock split, you can always find the right angle you had via the built-in angle finder.

[BFB_Workshop] used a nice!nano v2, but you could use any ZMK-supported board with the same dimensions. This 5 x 12 has 60 Gateron KS-33 switches, which it was made for, and has custom keycaps. You can, of course, see all the nice, neat ribbon cable wiring through the clear PLA, which is a really great touch.

This bad boy is flat enough that you can use the table as your palm rest. To me, that doesn’t sound so comfortable, but then again, I like key wells and such. I’d still love to try a Protractor, because it looks quite interesting to type on. If you want to build one, the files and instructions are available on Printables.

Continue reading “Keebin’ With Kristina: The One With The Protractor Keyboard” →

Supercon 2024: Sketching With Machines

April 28, 2025 by Lewin Day 2 Comments

When it comes to our machines, we generally have very prescribed and ordered ways of working with them. We know how to tune our CNC mill for the minimum chatter when its chewing through aluminium. We know how to get our FDM printer to lay perfect, neat layers to minimize the defects in our 3D prints.

That’s not what Blair Subbaraman came down to talk about at the 2024 Hackaday Supercon, though. Instead, Blair’s talk covered the magic that happens when you work outside the built-in assumptions and get creative. It’s all about sketching with machines.

Continue reading “Supercon 2024: Sketching With Machines” →

Hackaday Links: April 27, 2025

April 27, 2025 by Dan Maloney 14 Comments

Looks like the Simpsons had it right again, now that an Australian radio station has been caught using an AI-generated DJ for their midday slot. Station CADA, a Sydney-based broadcaster that’s part of the Australian Radio Network, revealed that “Workdays with Thy” isn’t actually hosted by a person; rather, “Thy” is a generative AI text-to-speech system that has been on the air since November. An actual employee of the ARN finance department was used for Thy’s voice model and her headshot, which adds a bit to the creepy factor.

Continue reading “Hackaday Links: April 27, 2025” →