News

3631 Articles

Bluetooth Vulnerability: Arbitrary Code Execution On The ESP32, Among Others

September 23, 2021 by 21 Comments

Bluetooth has become widely popular since its introduction in 1999. However, it’s also had its fair share of security problems over the years. Just recently, a research group from the Singapore University of Technology and Design found a serious vulnerability in a large variety of Bluetooth devices. Having now been disclosed, it is known as the BrakTooth vulnerability.

Full details are not yet available; the research team is waiting until October to publicly release proof-of-concept code in order to give time for companies to patch their devices. The basic idea however, is in the name. “Brak” is the Norweigan word for “crash,” with “tooth” referring to Bluetooth itself. The attack involves repeatedly attempting to crash devices to force them into undesired operation.

The Espressif ESP32 is perhaps one of the worst affected. Found in all manner of IoT devices, the ESP32 can be fooled into executing arbitrary code via this vulnerability, which can do everything from clearing the devices RAM to flipping GPIO pins. In smart home applications or other security-critical situations, this could have dire consequences.

Other chipsets are affected to varying degrees, including parts from manufacturers like Texas Instruments and Cypress Semiconductor. Some parts are vulnerable to denial of service, while audio devices may be frozen up or shut down by the attack. The group claims over 1400 products could be affected by the bug.

Firmware patches are being rolled out, and researcher [Matheus E. Garbelini] has released code to build a sniffer device for the vulnerability on GitHub. If you’re involved with the design or manufacture of Bluetooth hardware, it might pay to start doing some homework on this one! Concerned vendors can apply for proof-of-concept test code here.

Firmware Find Hints At Subscription Plan For ReMarkable Tablet

September 22, 2021 by 68 Comments

We’ve been keeping a close eye on the development of electronic paper tablets such as the reMarkable for a while now. These large-format devices would be a great way to view schematics and datasheets, and with the right software, could easily become an invaluable digital sidekick. Unfortunately, a troubling discovery made in a beta version of the reMarkable firmware is a strong indication the $400 USD device may be heading down a path that many in this community wouldn’t feel comfortable with.

While trying to get a reMarkable tablet running firmware version 2.10.0.295 synced up to self-hosted server using rmfakecloud, Reddit user [dobum] was presented with a very unusual prompt. The tablet displayed several subscription levels, as well as brief description of what each one unlocked. It explained that standard users would get “basic functions only”, while the highest tier subscription would unlock an “expanding universe of powerful tools” for the e-paper tablet. In addition, only recently used documents would be synced with the cloud unless you had a paid subscription.

Continue reading “Firmware Find Hints At Subscription Plan For ReMarkable Tablet”

Tracking Maximum Power Point For Solar Efficiency

September 19, 2021 by 45 Comments

In days of yore when solar panels weren’t dirt cheap, many people (and even large energy companies) used solar trackers to ensure their panels were always physically pointed at the sun to make sure they harvested every watt of energy possible. Since the price of panels has plummeted, though, it’s not economical to install complex machines to track the sun anymore. But all solar farms still track something else, called the Maximum Power Point (MPP), which ensures that even stationary panels are optimized for power production.

While small MPP trackers (MPPT) are available in solar charge controllers in the $200 range that are quite capable for small off-grid setups, [ASCAS] aka [TechBuilder] decided to roll out an open source version with a much lower price tag since most of the costs of these units are in R&D rather than in the actual components themselves. To that end, the methods that he uses for his MPPT are essentially the same as any commercial unit, known as synchronous buck conversion. This uses a specially configured switch-mode power supply (SMPS) in order to match the power output of the panels to the best power point for any given set of conditions extremely rapidly. It even works on many different battery configurations and chemistries, all configurable in software.

This build is incredibly extensive and goes deep into electrical theory and design choices. One design choice of note is the use of an ESP32 over an Arduino due to the higher resolution available when doing analog to digital conversion. There’s even a lengthy lecture on inductor core designs, and of course everything on this project is open source. We have also seen the ESP32 put to work with MPPT before, although in a slightly less refined but still intriguing way.

Thanks to [Sofia] for the tip!

Continue reading “Tracking Maximum Power Point For Solar Efficiency”

Putting An Afterburner On An Electric Ducted Fan

September 17, 2021 by 30 Comments

Afterburners are commonly agreed to be the coolest feature of military fighter aircraft. Injecting raw fuel into the exhaust stream of a jet engine, afterburners are responsible for that red-hot flaming exhaust and the key to many aircraft achieving supersonic flight. [Integza] wanted to see if the same concept could be applied to an electric ducted fan, and set out to find out.

Of course, building an afterburner for an EDF does add a lot of complication. A flame tube was installed downstream of the EDF, fitted with a brass tube drilled carefully to act as a fuel injector. The flame tube was also fitted with an automotive glow plug in order to ignite the fuel, which was lighter refill gas straight from a can. The whole assembly is wrapped up inside a clear acrylic tube that allows one to easily see what’s happening inside with the combustion.

Results were mixed. While the fuel did combust, but in a rather intermittent fashion. In proper operation, an afterburner would run with smooth, continuous, roaring combustion. Additionally, no thrust measurements were taken and the assembly barely shook the desk.

Thus, if anything, the video serves more as a guide of how to burn a lot of lighter gas with the help of an electric fan. The concept does has merit, and we’ve seen past attempts, too, but we’d love to see a proper set up with thrust readings with and without the afterburner to see that it’s actually creating some useful thrust. Video after the break.  Continue reading “Putting An Afterburner On An Electric Ducted Fan”

This Week In Security: Office 0-day, ForcedEntry, ProtonMail, And OMIGOD

September 17, 2021 by 10 Comments

A particularly nasty 0-day was discovered in the wild, CVE-2021-40444, a flaw in how Microsoft’s MSHTML engine handled Office documents. Not all of the details are clear yet, but the result is that opening a office document can trigger a remote code execution. It gets worse, though, because the exploit can work when simply previewing a file in Explorer, making this a potential 0-click exploit. So far the attack has been used against specific targets, but a POC has been published.

It appears that there are multiple tricks that should be discrete CVEs behind the exploit. First, a simple invocation of mshtml:http in an Office document triggers the download and processing of that URL via the Trident engine, AKA our old friend IE. The real juicy problem is that in Trident, an iframe can be constructed with a .cpl URI pointing at an inf or dll file, and that gets executed without any prompt. This is demonstrated here by [Will Dormann]. A patch was included with this month’s roundup of fixes for Patch Tuesday, so make sure to update. Continue reading “This Week In Security: Office 0-day, ForcedEntry, ProtonMail, And OMIGOD”

Farewell Sir Clive Sinclair; Inspired A Generation Of Engineers

September 16, 2021 by 74 Comments

It is with sadness that we note the passing of the British writer, engineer, home computer pioneer, and entrepreneur, Sir Clive Sinclair, who died this morning at the age of 81 after a long illness. He is perhaps best known among Hackaday readers for his ZX series of home computers from the 1980s, but over a lifetime in the technology industry there are few corners of consumer electronics that he did not touch in some way.

Sinclair’s first career in the 1950s was as a technical journalist and writer, before founding the electronics company Sinclair Radionics in the 1960s. His output in those early years was a mixture of miniature transistor radios and Hi-Fi components, setting the tone for decades of further tiny devices including an early LED digital watch at the beginning of the 1970s, miniature CRT TVs in the ’70s and ’80s, and another tiny in-ear FM radio which went on sale in the ’90s.

Continue reading “Farewell Sir Clive Sinclair; Inspired A Generation Of Engineers”

Angry antibodies

Monoclonal Antibodies: The Guided Missiles Of Medicine

September 15, 2021 by 11 Comments

Whenever anyone mentions the word “antibodies” these days, it’s sure to grab your attention. Thoughts generally flow to the human immune system and the role it plays in the ongoing COVID-19 pandemic, and to how our bodies fight off disease in general. The immune system is complex in the extreme, but pretty much everyone knows that antibodies are part of it and that they’re vital to the ability of the body to recognize and neutralize invaders like bacteria and viruses.

But as important as antibodies are to long-term immunity and the avoidance of disease, that’s far from all they’re good for. The incredible specificity of antibodies to their target antigens makes them powerful tools for biological research and clinical diagnostics, like rapid COVID-19 testing. The specificity of antibodies has also opened up therapeutic modalities that were once the stuff of science-fiction, where custom-built antibodies act like a guided missile to directly attack not only a specific protein in the body, but sometimes even a specific part of a protein.

Making these therapies work, though, requires special antibodies: monoclonal antibodies. These are very much in the news recently, not only as a possible treatment for COVID-19 but also to treat everything from rheumatoid arthritis to the very worst forms of cancer. But what exactly are monoclonal antibodies, how are they made, and how do they work?

Continue reading “Monoclonal Antibodies: The Guided Missiles Of Medicine”