The Zombie Rises Again: Drone Registration Is Back

It’s a trope of horror movies that demonic foes always return. No sooner has the bad guy been dissolved in a withering hail of holy water in the denoeument of the first movie, than some foolish child in a white dress at the start of the next is queuing up to re-animate it with a careless drop of blood or something. If parents in later installments of popular movie franchises would only keep an eye on their darn kids, it would save everybody a whole lot of time!

The relevant passage can be found in section 1092(d) of the National Defense Authorization Act, on page 329 of the mammoth PDF containing the full text, and reads as follows:

(d) RESTORATION OF RULES FOR REGISTRATION AND MARKING OF UNMANNED AIRCRAFT
.—The rules adopted by the Administrator
of the Federal Aviation Administration in the matter of registration
and marking requirements for small unmanned aircraft (FAA-2015-
7396; published on December 16, 2015) that were vacated by the
United States Court of Appeals for the District of Columbia Circuit
in Taylor v. Huerta (No. 15-1495; decided on May 19, 2017) shall
be restored to effect on the date of enactment of this Act.

This appears to reverse the earlier decision of the court, but does not specify whether there has been any modification to the requirements to prevent their being struck down once more by the same angle of attack. In particular, it doesn’t change any of the language in the FAA Modernization Act of 2012, which specifically prevents the Agency from regulating hobby model aircraft, and was the basis of Taylor v. Huerta. Maybe they are just hoping that hobby flyers get fatigued?

We took a look at the registration system before it was struck down, and found its rules to be unusually simple to understand when compared to other aviation rulings, even if it seemed to have little basis in empirical evidence. It bears a resemblance to similar measures in other parts of the world, with its 250 g weight limit for unregistered machines. It will be interesting both from a legal standpoint to see whether any fresh challenges to this zombie law emerge in the courts, and from a technical standpoint to see what advances emerge from Shenzhen as the manufacturers pour all their expertise into a 250 g class of aircraft.

Thanks [ArduinoEnigma] for the tip.

Bluetooth Gun Safe Cracked By Researchers

Believe it or not, there are quite a few people out there who have purchased gun safes that can be remotely unlocked by Bluetooth. Now we can understand why somebody might think this was a good idea: the convenience of being able to hit a button on your phone and have your weapon available in the heat of the moment is arguably a big selling point for people who are purchasing something like this for home defense. But those with a more technical mind will likely wonder if the inherent risks of having your firearm (or other valuables) protected by a protocol that often relies on security by obscurity outweighs the convenience of not needing to enter in a combination on the keypad.

Well, you can wonder no more, as researchers at [Two Six Labs] have recently published a detailed document on how they managed to remotely unlock the Vaultek VT20i with nothing more exotic than an Ubertooth. In the end, even the Ubertooth wasn’t actually required, as this particular device turned out to be riddled with security issues.

[Two Six Labs] has not publicly released the complete source code of the software demonstrated in their YouTube video for very obvious reasons, but the page on their site does go into fantastic detail on how they uncovered the multiple vulnerabilities that allowed them to write it. Even if you’re not the kind of person who would ever need a gun safe, the information contained in their documentation about analyzing Bluetooth communications is fascinating reading.

It was discovered that the PIN for the safe was actually being transmitted by the accompanying smartphone application in plain-text, which would be bad enough normally. But after further analysis, it became clear that the safe wasn’t even bothering to check the PIN code anyway.

Scripting app interactions with ADB and Python

For extra style points, [Two Six Labs] also show a way to brute force the PIN using the Vaultek Android application by writing a Python script that punches in codes sequentially until it hits on the right one; the developers didn’t even bother to put in limits on failed attempts.

For a device that is ostensibly designed to contain a deadly weapon, the security flaws the team at [Two Six Labs] discovered are absolutely inexcusable. But there is a positive outcome, as the manufacturer has vowed to update the vulnerable safes and make a better effort in the future to more rigorously design and test their Bluetooth implementation. This is the goal of responsible disclosure, and we’re encouraged to see the manufacturer doing the right thing

The security concerns of Bluetooth controlled locks are well known, so it’s a bit disappointing that devices like this are still slipping through the cracks. We suggest you remain skeptical of any security device utilizing Bluetooth until the industry starts taking things a little more seriously.

Continue reading “Bluetooth Gun Safe Cracked By Researchers”

Make Christmas Commercial Again with this Tiny TV Ornament

Readers of a certain age will remember a time when the Christmas season in the US officially kicked off after Thanksgiving. That was when advertisers began saturation bombing the communal mind with holiday-themed TV commercials night and day. Broadcast TV no longer holds sway like it did back then, and advertisers now start their onslaught in September, but you can put a little retro-commercialism back to Christmas with this 90s Christmas commercial-playing ornament for your tree.

The idea came to [SeanHodgins] after stumbling upon a collection of Christmas commercials from the 1990s on YouTube. With his content identified, he set about building a tree-worthy display from a Pi Zero W and a TFT LCD display. An audio amp and tiny speaker from an old tablet and a LiPo battery and charger form the guts of [Sean]’s TV, which were stuffed into a 3D-printed TV case, appropriately modeled after the TV from The Simpsons. The small fresnel lens that mimics the curved screens of yore is a nice touch. The software has some neat tricks, such as an HTTP server that accepts the slug of a YouTube video, fetches the MP4, and automatically plays it. We prefer our Christmas tree ornaments a little quieter, so a volume control would have been nice, but aside from that this looks like a ton of fun.

This isn’t [Sean]’s first foray into tricked-out ornaments, of course; readers might recall his IoT cheer-measuring Christmas ornaments from last season.

Continue reading “Make Christmas Commercial Again with this Tiny TV Ornament”

What You Need To Know About The Intel Management Engine

Over the last decade, Intel has been including a tiny little microcontroller inside their CPUs. This microcontroller is connected to everything, and can shuttle data between your hard drive and your network adapter. It’s always on, even when the rest of your computer is off, and with the right software, you can wake it up over a network connection. Parts of this spy chip were included in the silicon at the behest of the NSA. In short, if you were designing a piece of hardware to spy on everyone using an Intel-branded computer, you would come up with something like the Intel Managment Engine.

Last week, researchers [Mark Ermolov] and [Maxim Goryachy] presented an exploit at BlackHat Europe allowing for arbitrary code execution on the Intel ME platform. This is only a local attack, one that requires physical access to a machine. The cat is out of the bag, though, and this is the exploit we’ve all been expecting. This is the exploit that forces Intel and OEMs to consider the security implications of the Intel Management Engine. What does this actually mean?

Continue reading “What You Need To Know About The Intel Management Engine”

Grabbing Better Images From A Newer Russian Satellite

The Soviet Union took the world by surprise when it sent its Sputnik satellite into low earth orbit way back in 1957. The event triggered a space race between the Soviets and the United States and ushered in technologies that would go on to touch the lives of every human on earth. Today, several nations have a space program. And one of the more useful things to put in orbit are weather satellites.

In 2014, the Russians launched their Meteor N M-2 weather satellite into a polar orbit. The part that were most interested in is the fact that it transmits images at 137.1 MHz using the standard LRPT protocol. However, the newer Meteor N M-2 transmits images at twelve times the resolution of US NOAA satellites. No typo there –  that’s twelve (12!) times. Have we got your attention now?

We shouldn’t have to tell you to jump on over to [phasenoise’s] blog which gives you everything you need to start grabbing some of these awesome images.

Now, before you get your jumper wires in a bunch – we are well aware that receiving satellite images is nothing new.

Thanks to [Roy Tremblay] for the tip!

 

 

Meet the Modern Meat Man’s Modified Meat-Safe

Charcuterie is delicious — but is it hackable? When talking about the salty preserved meats, one might be more inclined to indulge in the concept of bacon before pondering a way to integrate an electrical monitoring system into the process. However, [Danzetto] decided to do both when he did not have anywhere to cure his meats. He made his own fully automatic meat curing chamber lovingly called the curebOS with the aid of a raspberry pi. It is basically a beefed up mini fridge with all of the bells and whistles.

This baby has everything.  Sitting on top is a control system containing the Pi. There are 5 relays used for the lights, circulating fan, ventilating fans, refrigerator, and humidifier all powered by a 5 amp supply — minus the fridge. Down below that is the 3D printed cover with a damper for one of the many ventilation fans that regulate the internal temperature.  To the right is a touchscreen for viewing and potentially controlling the system if necessary. The control program was written in Python for viewing the different trends. And below that, of course, is a viewing window. On the inside are temperature and humidity probes that can be monitored from the front screen. These readings help determine when to activate the compressor, any of the fans, or the humidifier for optimal settings. For a final touch, there are also some LEDs placed above the hanging meat to cast a glowing effect upon the prized possessions.

Continue reading “Meet the Modern Meat Man’s Modified Meat-Safe”

Just in Time for the Holidays: Give The Gift of Cray

The name Cray, as in [Seymour Cray] is synonymous with supercomputing. If you hurry, you can bid on a Cray J90/J916 on eBay. You might want to think about where to put it though. It is mounted on a trailer, requires 480V, and the shipping is $3,000!

First introduced in 1994, the J90 was an “entry level” machine. This particular machine supported up to 16 CPUs (each CPU was actually two chips) running at a blazing 100 MHz. The memory system was more impressive, achieving 48 GB/s.

The Cray T90 computer was much faster (and more expensive) but none of these computers had the performance of a typical PC’s graphics card these days. Even your phone may have more raw computing power, depending on how you choose to measure. Don’t fear, though. Cray Research still makes supercomputers that can eat your phone for lunch.

Still, at the time, this was big iron. The I/O system used SPARC processors that would have been entire workstations in that era. The eBay listing says it might need a little work — we weren’t clear if the seller meant in general or just the cooling system, but you can assume this is a fixer-upper. Apparently, the Retro-Computing Society of Rhode Island restored a similar beast so it can be done.

If your holiday budget doesn’t have room for a real supercomputer, here’s one that is 1/10 the size and much less expensive. Or, you could just pretend.