News

3649 Articles

This Week In Security: NetUSB, HTTP.sys, And 2013’s CVE Is Back

January 21, 2022 by 2 Comments

Let’s imagine a worst case situation for home routers. It would have to start with a port unintentionally opened to the internet, ideally in a popular brand, like Netgear. For fun, let’s say it’s actually a third-party kernel module, that is in multiple router brands. This module would then need a trivial vulnerability, say an integer overflow on the buffer size for incoming packets. This flaw would mean that the incoming data would write past the end of the buffer, overwriting whatever kernel data is there. So far, this exactly describes the NetUSB flaw, CVE-2021-45608.

Because red teams don’t get their every wish, there is a catch. While the overflow is exceptionally easy to pull off, there isn’t much wiggle room on where the data gets written. There’s no remote code execution Proof of Concept (PoC) yet, and [Max Van Amerongen], who discovered the flaw, says it would be difficult but probably not impossible to pull off. All of this said, it’s a good idea to check your router for open ports, particularly non-standard port numbers. If you have a USB port on your router, check for updates.

Windows HTTP.sys Problem

A serious problem has been announced in Windows Server 2019 and Windows 10, with some versions vulnerable in their default configurations. The problem is in how Windows handles HTTP Trailer packets, which contain extra information at the end of normal HTTP transfers. There is a PoC available that demonstrates a crash. It appears that an additional information leak vulnerability would have to be combined with this one to produce a true exploit. This seems to be a different take on CVE-2021-31166, essentially exploiting the same weakness, and working around the incomplete fix. This issue was fixed in the January patch set for Windows, so make sure you’re covered. Continue reading “This Week In Security: NetUSB, HTTP.sys, And 2013’s CVE Is Back”

Congratulations Winners Of The 555 Timer Contest!

January 20, 2022 by 25 Comments

Sometimes the best inspiration is limitation. The 555 timer does “one thing” — compares a voltage to a couple thresholds and outputs a signal accordingly. It’s two comparators, a voltage ladder, and a flip-flop. And yet, it’s the most sold single chip of all time, celebrating its 50th birthday this year! So when Hackaday runs a 555 Timer Contest, hackers of all stripes come out with their best work to show their love for the Little DIP That Could.

The Winners

Far and away the favorite entry was the Giant 555 Timer by [Rudraksha Vegad]. Every one of our judges rated it in the top five, and it took top honors twice. On its face, this is a simple “giant 555 in a box” build, but have a look under the hood. Each sub-module that makes up the 555 — comparators, flip-flop, and amplifier — are made from salvaged discrete parts in actual breadboard fashion, soldered to brass nails hammered into wood. As an end product, it’s a nice piece of woodworking, but as a process of creation, it’s a masterwork in understanding the 555 at its deepest level. We should all make one!

The Menorah555 is a simple design with some very nice tricks up its sleeve. Perhaps the cutest of which is pulling the central candle out and lighting the others with it — a trick that involves a supercapacitor and reed switches. Each of the candle lighting circuits, however, use a 555 timer both for its intended purpose of providing a timed power-on reset pulse, and another 555 is used as a simple flip-flop. It’s a slick design, and a great user interaction.

The Cyclotone Mechanical Punk Console Sequencer is a rotating tower of circuit sculpture and noisemakers. This one looks great, is amazingly well documented in the video series, and uses a billion clever little tricks along the way. The 555’s role? Each of the four levels is the classic Atari Punk Console circuit.

All three of these projects win a $150 shopping spree at Digi-Key. That’s a lot of timers!

Continue reading “Congratulations Winners Of The 555 Timer Contest!”

SGX Deprecation Prevents PC Playback Of 4K Blu-ray Discs

January 18, 2022 by 72 Comments

This week Techspot reported that DRM-laden Ultra HD Blu-ray Discs won’t play anymore on computers using the latest Intel Core processors. You may have skimmed right past it, but the table on page 51 of the latest 12th Generation Intel Core Processor data sheet (184 page PDF) informs us that the Intel Software Guard Extensions (SGX) have been deprecated. These extensions are required for DRM processing on these discs, hence the problem. The SGX extensions were introduced with the sixth generation of Intel Core Skylake processors in 2015, the same year as Ultra HD Blu-ray, aka 4K Blu-ray. But there have been numerous vulnerabilities discovered in the intervening years. Not only Intel, but AMD has had similar issues as we wrote about in October.

This problem only applies to 4K Blu-ray discs with DRM. Presumably any 4K discs without DRM will still play, and of course you can still play the DRM discs on older Intel processors. Do you have a collection of DRM 4K Blu-ray discs, and if so, do you play them via your computer or a stand-alone player?

New Part News: Raspberry Pi Cuts Out The Middleman

January 17, 2022 by 36 Comments

Raspberry Pi has just announced that they’ll be selling their RP2040 microcontroller chips by the reel, directly to you, at a decent discount.

About a year ago, Raspberry Pi released its first piece of custom silicon, the RP2040 microcontroller. They’ve have been selling these chips in bulk to selected customers directly, but have decided to open up the same deals to the general public. If you’re looking for 500 chips or more, you can cut out the middleman and save some serious dough.

Because the RP2040 was a clean-slate design, it uses a relatively modern production process that yields many more processors per silicon wafer, and it has been essentially spared from the chip crisis of 2020-2021. According to CEO Eben Upton, they’ve sold 1.5 million in a year, and have wafers in stock for 20 million more. You do the math, but unless you’re predicting the chip shortage to last in excess of 12 years, they’re looking good.

Thirty Seconds At 100 Megakelvins

January 16, 2022 by 28 Comments

Back in Dec 2020 we wrote about the Korea Superconducting Tokamak Advanced Research (KSTAR) magnetic fusion reactor’s record-breaking feat of heating hydrogen plasma up to 100 megakelvins for 20 seconds. Last month it broke its own record, extending that to 30 seconds. The target of the program is 300 seconds by 2026. There is a bit of competition going, as KSTAR’s Chinese partner in the International Thermonuclear Experimental Reactor (ITER), the Experimental Advanced Superconducting Tokamak (EAST) did a run a week later reaching 70 million degrees for 1056 seconds. It should be noted that KSTAR is reaching these temperatures by heating ions in the plasma, while EAST takes a different approach acting on the electrons.

The news reports seem to be using Celsius and Kelvins interchangeably, but at millions of degrees, that’s probably much smaller than measurement error. These various milestones are but stepping stones along the path to create a demonstration large fusion reactor, the goal of the global ITER mega-project. Currently China, the EU including Switzerland and the UK, India, Japan, Russia, South Korea, and the United States are members of ITER, and Australia, Canada, Kazakhstan, and Thailand are participants. The ITER demonstration reactor is being constructed at the Cadarache facility located 60 km northeast of Marseille, France, and is on track for commissioning phase to begin in 2025, going operational ten years later.

Smart Sutures Become WiSe

January 14, 2022 by 12 Comments

A team at the Wireless Bioelectronics Lab at the National University of Singapore led by [Dr John Ho] announced the results of their new Wireless Sensing (WiSe) smart sutures program last month. Their system consists of a specially prepared patch of polymer gel (the sensor) which is sewn into the wound using a silk suture coated with a conductive polymer. An external reader scans the sensor to monitor the status of the wound.

The concept is not unlike a NFC public transportation card, although with simplified electronics. There is no microcontroller or digital data being transferred. Rather, the sensor behaves like a tuned tank. The gel on the sensor was designed to degrade if the wound becomes infected, changing capacitance of the sensor structure and thus shifting its resonant frequency.

If you’ve ever had the misfortune to experience surgery, no doubt the surgeon and nurses drove home the importance of diligent monitoring of the wound for early signs of infection. These smart sutures allow detection of wound infection even before symptoms can seen or felt. They can be used on internal stitches up to 50 mm inside the body. More details can be read in this paper, and we covered another type of smart sensor back in 2016.

Canon Temporarily Abandons Smart Ink Cartridges

January 13, 2022 by 49 Comments

An unexpected side effect of the global semiconductor shortage came to light this week — Japanese printer manufacturer Canon announced they are temporarily going to provide consumable ink and toner cartridges without microchips. Furthermore, they provided instructions for consumers on how to bypass the printer’s logic, allowing it to function even when it incorrectly thinks the ink or toner is low. Included in the announcement (German), the company stated what most people already knew:

There is no negative impact on print quality when using consumables without electronic components.

It’s well known that many printer companies make their profit on the consumable cartridges rather than the printers themselves. And most printers require consumers to only use factory original cartridges, a policy enforced by embedded security ICs. Use a third-party ink cartridge and your printer will likely refuse to print. There are legitimate concerns about poor quality inks damaging the print heads. But with reports like this 2003 one from the BBC noting that 17% to 38% additional good quality pages can be printed after the consumable is declared “empty”, and that the price per milliliter of inks is seven times the cost of vintage champagne, one can reasonably conclude that these DRM-protected consumables are more about on ensuring profits than protecting the hardware.

For now, this announcement applies to German customers, and covers the Canon imageRunner family of multi-function printers (the complete list is in the company announcement above).