News

3649 Articles

This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith

November 19, 2021 by 21 Comments

Intel has announced CVE-2021-0146, a vulnerability in certain processors based on the Atom architecture, and the Trusted Platform Module (TPM) is at the center of the problem. The goal of the system around the TPM is to maintain system integrity even in the case of physical access by an attacker, so the hard drive is encrypted using a key stored in a secure chip on the motherboard. The TPM chip holds this encryption key and provides it during the boot process. When combined with secure boot, this is a surprisingly effective way to prevent tampering or data access even in the case of physical access. It’s effective, at least, when nothing goes wrong.

Earlier this year, we covered a story where the encryption key could be sniffed directly from the motherboard, by tapping the traces connecting the TPM to the CPU. It was pointed out that TPM 2.0 can encrypt the disk encryption key on the traces, making this attack impossible.

The entire Trusted Compute Model is based on the premise that the CPU itself is trustworthy. This brings us back to Intel’s announcement that a debug mode could be enabled via physical access. In this debug mode, the CPU master key can be extracted, leading to complete compromise. The drive encryption key can be recovered, and unsigned firmware can be loaded to the Management Engine. This means data in the TPM enclave and the TPM-stored encryption key can be compromised. Updated firmware is rolling out through motherboard vendors to address the problem. Continue reading “This Week In Security: Intel Atoms Spill Secrets, ICMP Poisons DNS, And The Blacksmith”

Russian Anti-Satellite Weapon Test Draws Widespread Condemnation

November 17, 2021 by 44 Comments

On the morning of November 15, a Russian missile destroyed a satellite in orbit above Earth.  The successful test of the anti-satellite weapon has infuriated many in the space industry, put astronauts and cosmonauts alike at risk, and caught the attention of virtually every public and private space organisation on the planet.

It’s yet another chapter in the controversial history of military anti-satellite operations, and one with important implications for future space missions. Let’s examine what happened, and explore the greater context of the operation.

Continue reading “Russian Anti-Satellite Weapon Test Draws Widespread Condemnation”

This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack

November 12, 2021 by 33 Comments

Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names.

const { timeout,ㅤ} = req.query;
Is actually:
const { timeout,\u3164} = req.query;

The extra comma might give you a clue that something is up, but unless you’re very familiar with a language, you might dismiss it as a syntax quirk and move on. Using the same trick again allows the hidden malicious code to be included on a list of commands to run, making a hard-to-spot backdoor.

The second trick is to use “confusable” characters like ǃ, U+01C3. It looks like a normal exclamation mark, so you wouldn’t bat an eye at if(environmentǃ=ENV_PROD){, but in this case, environmentǃ is a new variable. Anything in this development-only block of code is actually always enabled — imagine the chaos that could cause.

Neither of these are ground-breaking vulnerabilities, but they are definitely techniques to be wary of. The authors suggest that a project could mitigate these Unicode techniques by simply restricting their source code to containing only ASCII characters. It’s not a good solution, but it’s a solution. Continue reading “This Week In Security: Unicode Strikes, NPM Again, And First Steps To PS5 Crack”

South Korean KSLV-2 Nuri Rocket Almost Orbits

November 8, 2021 by 4 Comments

There was a bit of excitement recently at the Naro Space Center on Outer Naro Island, just off the southern coast of the Korea Peninsula. The domestically developed South Korean Nuri rocket departed on its inaugural flight from launch pad LB-2 at 5pm in the afternoon on Thursday, 21 Oct. The previous launch in the KSLV-2 program from this facility was in 2018, when a single-stage Test Launch Vehicle was successfully flown and proved out the basic vehicle and its KRE-075 engines.

This final version of the three-stage Nuri rocket, formally known as Korean Space Launch Vehicle-II (KSLV-2), is 47.2 m long and 3.5 m in diameter. The first stage is powered by a cluster of four KRE-075 sea-level engines having 3 MN of thrust. The second stage is a single KRE-075 vacuum engine with 788 kN thrust, and the final stage is a KRE-007 vacuum engine with 69 kN thrust (all these engines are fueled by Jet-A / LOX). In this maiden flight, the first two stages performed as expected, but something went wrong when the third stage shut off prematurely and failed to gain enough velocity to put the 1400 kg dummy satellite into orbit.

A committee formed to investigate the flight failure convened this week, and issued a statement after a preliminary review of the collected telemetry data. So far, all indications point to a drop in oxidizer tank pressure in the third stage. This could be the result of a leak in the tank itself or the associated plumbing. They will also investigate whether a sensor or other failure in the tank pressurization control system could be at fault. A second launch is currently scheduled for May of next year. Check out [Scott Manley]’s video below the break, where he discusses the launch itself and some history of South Korea’s space program.

Continue reading “South Korean KSLV-2 Nuri Rocket Almost Orbits”

Solar Cells, Half Off

November 6, 2021 by 34 Comments

A company named Leap Photovoltaic claims they have a technology to create solar panels without silicon wafers which would cut production costs in half. According to [FastCompany] the cells are still silicon-based, but do not require creating wafers as a separate step or — as is more common — acquiring them as a raw material.

The process is likened to 3D printing as silicon powder is deposited on a substrate. The design claims to use only a tenth of the silicon in a conventional cell and requires fewer resources to produce, too.

Continue reading “Solar Cells, Half Off”

Separating Ideas From Words

November 6, 2021 by 11 Comments

We covered Malamud’s General Index this week, and Mike and I were talking about it on the podcast as well. It’s the boldest attempt we’ve seen so far to open up scientific knowledge for everyone, and not just the wealthiest companies and institutions. The trick is how to do that without running afoul of copyright law, because the results of research are locked inside their literary manifestations — the journal articles.

The Index itself is composed of one-to-five-word snippets of 107,233,728 scientific articles. So if you’re looking for everything the world knows about “tincture of iodine”, you can find all the papers that mention it, and then important keywords from the corpus and metadata like the ISBN of the article. It’s like the searchable card catalog of, well, everything. And it’s freely downloadable if you’ve got a couple terabytes of storage to spare. That alone is incredible.

What I think is most remarkable is this makes good on figuring out how to separate scientific ideas from their prison — the words in which they’re written — which are subject to copyright. Indeed, if you look into US copyright law, it’s very explicit about not wanting to harm the free sharing of ideas.

“In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.”

But this has always been paradoxical. How do you restrict dissemination of the papers without restricting dissemination of the embodied ideas or results? In the olden days, you could tell others about the results, but that just doesn’t scale. Until today, only the richest companies and institutions had access to this bird’s eye view of scientific research — similar datasets gleaned from Google’s book-scanning program have trained their AIs and seeded their search machines, but they only give you a useless and limited peek.

Of course, if you want to read the entirety of particular papers under copyright, you still have to pay for them. And that’s partly the point, because the General Index is not meant to destroy copyrights, but give you access to the underlying knowledge despite the real world constraints on implementing copyright law, and we think that stands to be revolutionary.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

This Week In Security: The Battle Against Ransomware, Unicode, Discourse, And Shrootless

November 5, 2021 by 20 Comments

We talk about ransomware gangs quite a bit, but there’s another shadowy, loose collection of actors in that arena. Emsisoft sheds a bit of light on the network of researchers and law enforcement that are working behind the scenes to frustrate ransomware campaigns.

Darkside is an interesting case study. This is the group that made worldwide headlines by hitting the Colonial Pipeline, shutting it down for six days. What you might not realize is that the Darkside ransomware software had a weakness in its encryption algorithms, from mid December 2020 through January 12, 2021. Interestingly, Bitdefender released a decryptor on January 11. I haven’t found confirmation, but the timing seems to indicate that the release of the decryptor triggered Darkside to look for and fix the flaw in their encryption. (Alternatively, it’s possible that it was released in response the fix, and time zones are skewing the dates.)

Emsisoft is very careful not to tip their hand when they’ve found a vulnerability in a ransomware. Instead, they have a network of law enforcement and security professionals that they share information with. This came in handy again when the Darkside group was spun back up, under the name BlackMatter.

Not long after the campaign was started again, a similar vulnerability was reintroduced in the encryption code. The ransomware’s hidden site, used for negotiating payment for decryption, seems to have had a vulnerability that Emsisoft was able to use to keep track of victims. Since they had a working decryptor, they were able to reach out directly, and provide victims with decryption tools.

This changed when the link to BlackMatter’s portal leaked on Twitter. It seems like many people hold ransomware gangs in less-than-high regard, and took the opportunity to inform BlackMatter of this fact, using that portal. In response, BlackMatter took down that portal site, cutting off Emsisoft’s line of information. Since then, the encryption vulnerability has been fixed, Emisoft can’t listen in on BlackMatter anymore, and they released the story to encourage BlackMatter victims to contact them. They also suggest that ransomware victims always contact law enforcement to report the incident, as there may be a decryptor that isn’t public yet. Continue reading “This Week In Security: The Battle Against Ransomware, Unicode, Discourse, And Shrootless”