News

3394 Articles

Paper Keyboard Is Self-Powered

September 9, 2020 by 12 Comments

Building a keyboard isn’t a big project these days. Controller chips and boards are readily available, switches are easy to find, and a 3D printer can do a lot of what used to be the hard parts. But engineers at Purdue have printed a self-powered Bluetooth keyboard on an ordinary sheet of paper. You can see videos of the keyboards at work below.

The keyboards work by coating paper with a highly fluorinated coating that repels water, oil, and dust. Special inks print triboelectric circuits so that pressing your finger on a particular part of the paper generates electricity. We were skeptical that the Bluetooth part is self-powered, although maybe it is possible if you have some very low-power electronics or you manage the power generated very carefully.

Continue reading “Paper Keyboard Is Self-Powered”

Cousteau’s Proteus Will Be The ISS Of The Seas

September 7, 2020 by 32 Comments

The Earth’s oceans are a vast frontier that brims with possibilities for the future of medicine, ocean conservation, and food production. They remain largely unexplored because of the physical limits of scuba diving. Humans can only dive for a few hours each day, and every minute spent breathing compressed air at depth must be paid for with a slower ascent to the surface. Otherwise, divers could develop decompression sickness from nitrogen expanding in the bloodstream.

An illustration of the Conshelf 3 habitat. Image via Medium

In the 1960s, world-famous oceanographer Jacques Cousteau built a series of small underwater habitats to extend the time that he and other researchers were able to work. These sea labs were tethered to a support ship with a cable that provided air and power.

Cousteau’s first sea lab, Conshelf 1 (Continental Shelf Station) held two people and was stationed 33 feet deep off the coast of Marseilles, France. Conshelf 2 sheltered six people and spent a total of six weeks under the Red Sea at two different depths.

Conshelf 3 was Cousteau’s most ambitious habitat design, because it was nearly self-sufficient compared to the first two. It accommodated six divers for three weeks at a time and sat 336 feet deep off the coast of France, near Nice. Conshelf 3 was built in partnership with a French petrochemical company to study the viability of stationing humans for underwater oil drilling (before we had robots for that), and included a mock oil rig on the nearby ocean floor for exercises.

Several underwater habitats have come and gone in the years since the Conshelf series, but each has been built for a specific research project or group of tasks. There’s never really been a permanent habitat established for general research into the biochemistry of the ocean.

Continue reading “Cousteau’s Proteus Will Be The ISS Of The Seas”

This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More

September 4, 2020 by 5 Comments

Honeypots are an entertaining way to learn about new attacks. A simulated vulnerable system is exposed to the internet, inviting anyone to try to break into it. Rather than actually compromising a deployed device, and attacker just gives away information about how they would attack the real thing. A honeypot run by 360Netlab found something interesting back in April: an RCE attack against QNAP NAS devices. The vulnerability is found in the logout endpoint, which takes external values without properly sanitizing them. These values are used as part of an snprintf statement, and then executed with a system() call. Because there isn’t any sanitization, special characters like semicolons can be injected into the final command to be run, resulting in a trivial RCE.

QNAP has released new firmware that fixes the issue by replacing the system() call with execv(). This change means that the shell isn’t part of the execution process, and the command injection loses its bite. Version 4.3.3 was the first firmware release to contain this fix, so if you run a QNAP device, be sure to go check the firmware version. While this vulnerability was being used in the wild, there doesn’t seem to have been a widespread campaign exploiting it.

Continue reading “This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More”

World’s Only Flying Twin Mustang Goes On Sale

September 3, 2020 by 18 Comments

Given the incredible success of the P-51 Mustang during the Second World War, it’s perhaps no surprise that the United States entertained the idea of combining two of the iconic fighters on the same wing to create a long-range fighter that could escort bombers into Japan. But the war ended before the F-82 “Twin Mustang” became operational, and the advent of jet fighters ultimately made the idea obsolete. Just five examples of this unique piece of history are known to exist, and the only one in airworthy condition can now be yours.

Assuming you’ve got $12 million laying around, anyway. Even for a flyable WWII fighter, that’s a record setting price tag. But on the other hand, you’d certainly be getting your money’s worth. It took over a decade for legendary restoration expert [Tom Reilly] and his team to piece the plane, which is actually a prototype XP-82 variant, together from junkyard finds. Even then, many of the parts necessary to get this one-of-a-kind aircraft back in the sky simply no longer existed. The team had to turn to modern techniques like CNC machining and additive manufacturing to produce the necessary components, in some cases literally mirroring the design in software so it could be produced in left and right hand versions.

Recovering half of the Twin Mustang in 2008.

We first covered this incredible restoration project back in 2018, before the reborn XP-82 had actually taken its first flight. Since then the plane has gone on to delight crowds with the sound of two counter-rotating Merlin V-12 engines and win several awards at the Oshkosh airshow. The listing for the aircraft indicates it only has 25 hours on the clock, but given its rarity, we can’t blame [Tom] and his crew for keeping the joyrides to a minimum.

As important as it is to make sure these incredible pieces of engineering aren’t lost to history, the recent crash of the B-17G Nine-O-Nine was a heartbreaking reminder that there’s an inherent element of risk to flying these 70+ year old aircraft. A world-class restoration and newly manufactured parts doesn’t remove the possibility of human error or freak weather. While we’d love to see and hear this beauty taxiing around our local airport, it’s a warbird that should probably stay safely in the roost. Hopefully the $12 million price tag will insure whoever takes ownership of the world’s only flying F-82 treats it with the respect it’s due.

COVID-tracing Framework Privacy Busted By Bluetooth

September 3, 2020 by 60 Comments

[Serge Vaudenay] and [Martin Vuagnoux] released a video yesterday documenting a privacy-breaking flaw in the Apple/Google COVID-tracing framework, and they’re calling the attack “Little Thumb” after a French children’s story in which a child drops pebbles to be able to retrace his steps. But unlike Hänsel and Gretl with the breadcrumbs, the goal of a privacy preserving framework is to prevent periodic waypoints from allowing you to follow anyone’s phone around. (Video embedded below.)

The Apple/Google framework is, in theory, quite sound. For instance, the system broadcasts hashed, rolling IDs that prevent tracing an individual phone for more than fifteen minutes. And since Bluetooth LE has a unique numeric address for each phone, like a MAC address in other networks, they even thought of changing the Bluetooth address in lock-step to foil would-be trackers. And there’s no difference between theory and practice, in theory.

In practice, [Serge] and [Martin] found that a slight difference in timing between changing the Bluetooth BD_ADDR and changing the COVID-tracing framework’s rolling proximity IDs can create what they are calling “pebbles”: an overlap where the rolling ID has updated but the Bluetooth ID hasn’t yet. Logging these allows one to associate rolling IDs over time. A large network of Bluetooth listeners could then trace people’s movements and possibly attach identities to chains of rolling IDs, breaking one of the framework’s privacy guarantees.

This timing issue only affects some phones, about half of the set that they tested. And of course, it’s only creating a problem for privacy within Bluetooth LE range. But for a system that’s otherwise so well thought out in principle, it’s a flaw that needs fixing.

Why didn’t the researchers submit a patch? They can’t. The Apple/Google code is mostly closed-source, in contrast to the open-source nature of most of the apps that are running on it. This remains troubling, precisely because the difference between the solid theory and the real practice lies exactly in those lines of uninspectable code, and leaves all apps that build upon them vulnerable without any recourse other than “trust us”. We encourage Apple and Google to make the entirety of their COVID framework code open. Bugs would then get found and fixed, faster.

Continue reading “COVID-tracing Framework Privacy Busted By Bluetooth”

“A Guy In A Jet Pack” Reported Flying Next To Aircraft Near LAX

September 1, 2020 by 63 Comments

In case you needed more confirmation that we’re living in the future, a flight on approach to Los Angeles International Airport on Sunday night reported “a guy in a jet pack” flying within about 300 yards of them. A second pilot confirmed the sighting. It’s worth watching the video after the break just to hear the recordings of the conversation between air traffic control and the pilots.

The sighting was reported at about 3,000 feet which is an incredible height for any of the jet packs powerful enough to carry humans we’ve seen. The current state of the art limits jet pack tech to very short flight times and it’s hard to image doing anything more than getting to that altitude and back to the ground safely. Without further evidence it’s impossible to say, which has been an ongoing problem with sightings of unidentified flying objects near airports.

While superheros (or idiots pretending to be superheros) flying at altitude over the skies of LA sounds far fetched, the RC super hero hack we saw nine years ago now comes to mind. At 300 yards, that human-shaped drone might pass for an actual person rather than a dummy. This is of course pure speculation and we don’t want to give the responsible members for the RC aircraft community a bad name. It could have just as easily been trash, balloons, aliens, or Mothra. Or perhaps the pilot was correct and it was “some guy” flying past at 3,000 feet. That’s not impossible.

We anxiously await the results of the FAA’s investigation on this one.

Continue reading ““A Guy In A Jet Pack” Reported Flying Next To Aircraft Near LAX”

What’s The Deal With Rolling Blackouts In California’s Power Grid?

August 31, 2020 by 148 Comments

A heat wave spreading across a large portion of the west coast of the United States is not surprising for this time of year, but the frequency and severity of these heat waves have been getting worse in recent years as the side effects from climate change become more obvious. In response to this, the grid operators in California have instituted limited rolling blackouts as electricity demand ramps up.

This isn’t California’s first run-in with elective blackouts, either. The electrical grid in California is particularly prone to issues like this, both from engineering issues and from other less obvious problems as well.

Continue reading “What’s The Deal With Rolling Blackouts In California’s Power Grid?”