News

3577 Articles

This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree

April 16, 2021 by 11 Comments

Our first story this week comes courtesy of the Pwn2own contest. For anyone not familiar with it, this event is held twice a year, and features live demonstrations of exploits against up-to-date software. The one exception to this is when a researcher does a coordinated release with the vendor, and the update containing the fix drops just before the event. This time, the event was held virtually, and the attempts are all available on Youtube. There were 23 attacks attempted, and only two were outright failures. There were 5 partial successes and 16 full successes.

One of the interesting demonstrations was a zero-click RCE against Zoom. This was a trio of vulnerabilities chained into a single attack. The only caveat is that the attack must come from an accepted contact. Pwn2Own gives each exploit attempt twenty minutes total, and up to three attempts, each of which can last up to five minutes. Most complex exploits have an element of randomness, and exploits known to work sometimes don’t work every time. The Zoom demonstration didn’t work the first time, and the demonstration team took enough time to reset, they only had enough time for one more try.

BleedingTooth

We first covered BleedingTooth almost exactly six months ago. The details were sparse then, but enough time has gone by to get the full report. BleedingTooth is actually a trio of vulnerabilities, discovered by [Andy Nguyen]. The first is BadVibes, CVE-2020-24490. It’s a lack of a length check in the handling of incoming Bluetooth advertisement packets. This leads to a buffer overflow. The catch here is that the vulnerability is only possible over Bluetooth 5. Continue reading “This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree”

DOOM On A Bootloader Is The Ultimate Cheat Code

April 16, 2021 by 14 Comments

Porting DOOM to run on hardware never meant to run it is a tradition as old as time. Getting it to run on embedded devices, ancient computers, virtual computers, and antique video game consoles are all classic hacks, but what DOOM ports have been waiting for is something with universal applicability that don’t need a bespoke solution for each piece of hardware. Something like DOOM running within a bootloader.

The bootloader that [Ahmad] works with is called Barebox and is focused on embedded systems, often those running Linux. This is the perfect environment for direct hardware access, since the bootloader doubles as a bare metal hardware bring-up toolkit. Now that DOOM runs on this bootloader, it effectively can run anywhere from embedded devices to laptops with minimal work, and although running it in a bootloader takes away a lot of the hard work that would normally need to be done during a port, it may still need some tweaking for specific hardware not otherwise supported.

For those already running Barebox, the bareDOOM code can be found on [Ahmad]’s GitHub page. For those not running Barebox, it does have a number of benefits compared to other bootloaders, even apart from its new ability to play classic FPS games. For those who prefer a more custom DOOM setup, though, we are always fans of DOOM running within an NES cartridge.

Photo: AntonioMDA, CC BY-SA 4.0 via Wikimedia Commons

SV Seeker Is Recycling Batteries

April 14, 2021 by 38 Comments

SV Seeker is a home-made boat currently being built by [Doug Jackson] just north of Tulsa, Oklahoma. It’s a bit different than what you might imagine as a typical DIY boat, though. You see, Seeker is a 75 ft steel boat, intended to work as a research vessel. Doug and his crew proudly refer to Seeker as “The boat the internet built”, and he’s our kind of people. We’ve covered them before, the first time way back in 2013. Doug’s Youtube channel does double duty, both teaching the rest of us all the skills he’s learned while building, and also serving as the eventual user and repair manual for the boat.
Continue reading “SV Seeker Is Recycling Batteries”

Treatment Triggers Teeth To Thrive

April 13, 2021 by 38 Comments

We humans like to think we’re pretty advanced, but we can’t regrow missing teeth in adulthood like sharks, alligators, and crocodiles. Once those pearly whites are gone, they’re gone for good, and we don’t even have a way to regenerate the protective enamel. However, this may not always be the case, because scientists at Kyoto University and University of Fukui in Japan have discovered a monoclonal antibody treatment that triggers tooth regeneration in laboratory mice.

Image by Katsu Takahashi/Kyoto University via Medical Express

Monoclonal antibodies are lab-fabbed molecules that act as substitute antibodies to enhance the body’s natural defenses against diseases like cancer and arthritis. These antibodies are also used to develop vaccines and treat COVID-19. In the case of cancer, monoclonal antibodies bind to antigens on cancer cells, effectively flagging them for removal, but they also do much more, such as deliver chemo and radioimmunotherapies.

By blocking the gene USAG-1, the scientists saw an increase in Bone Morphogenic Protein (BMP), which is a molecule that dictates the number of teeth a given creature will have in the first place. Because of this increase in BMP, the mice were able to regrow teeth. This proposition was a challenging one — BMP affects other aspects of development, and the early attempts did more harm than good by causing birth defects. The good news is that the treatment also worked in ferrets, whose teeth are much closer to human dentition than mice. Before moving on to human trials, the scientists will test it out on pigs and dogs. If you were given a second shot at a set of teeth, would you treat them better than the first, or even worse because you can just grow new ones again?

Speaking of pigs, it seems that pig-to-human organ transplants are on track for 2021.

Space Shuttle Program: 40th Anniversary Of The First Launch Of Columbia

April 12, 2021 by 19 Comments

For those who grew up watching the endless coverage of the Apollo program in the 60s and 70s, the sight of OV-102, better known as the Space Shuttle Columbia, perched on pad 39A at the Kennedy Space Center was somewhat disconcerting. Compared to the sleek lines of a Saturn V rocket, the spacecraft on display on April 12, 1981, seemed an ungainly beast. It looked like an airplane that had been tacked onto a grain silo, with a couple of roman candles attached to it for good measure. Everything about it seemed the opposite of what we’d come to expect from spaceflight, but as the seconds ticked away to liftoff 40 years ago this day, we still had hope that this strange contraption wouldn’t disappoint.

At first, as the main engines ignited, it seemed that Columbia would indeed disappoint. The liquid hydrogen exhaust plume seemed anemic, at least compared to the gout of incandescent kerosene that had belched out from every rocket I’d ever seen launched. But then those magnificent — and as it later turned out, deadly dangerous — solid rocket boosters came to life, and Columbia fairly leaped off the launchpad. Americans were on their way to space again after a six-year absence, and I remember cheering astronauts John Young and Bob Crippen on as I watched the coverage with my dad that early Sunday morning.

Continue reading “Space Shuttle Program: 40th Anniversary Of The First Launch Of Columbia”

This Week In Security: The Facebook Leak, The YouTube Leak, And File Type Confusion

April 9, 2021 by 21 Comments

Facebook had a problem, way back in the simpler times that was 2019. Something like 533 million accounts had the cell phone number associated with the account leaked. It’s making security news this week, because that database has now been released for free in its entirety. The dataset consists of Facebook ID, cell number, name, location, birthday, bio, and email address. Facebook has pointed out that the data was not a hack or breach, but was simply scraped prior to a vulnerability being fixed in 2019.

The vulnerability was in Facebook’s contact import service, also known as the “Find Friends” feature. The short explanation is that anyone could punch a random phone number in, and get a bit of information about the FB account that claimed that number. The problem was that some interfaces to that service didn’t have appropriate rate limiting features. Combine that with Facebook’s constant urging that everyone link a cell number to their account, and the default privacy setting that lets anyone locate you by your cell number, and the data scraping was all but inevitable. The actual technique used may have been to spoof that requests were coming from the official Facebook app.

[Troy Hunt]’s Have i been pwned service has integrated this breach, and now allows searching by phone number, so go check to see if you’re one of the exposed. If you are, keep the leaked data in mind every time an email or phone call comes from someone you don’t know. Continue reading “This Week In Security: The Facebook Leak, The YouTube Leak, And File Type Confusion”

Fun While It Lasted, Falcon 9 Telemetry Now Encrypted

April 7, 2021 by 56 Comments

A few weeks back we brought word that Reddit users [derekcz] and [Xerbot] had managed to receive the 2232.5 MHz telemetry downlink from a Falcon 9 upper stage and pull out some interesting plain-text strings. With further software fiddling, the vehicle’s video streams were decoded, resulting in some absolutely breathtaking shots of the rocket and its payload from low Earth orbit.

Unfortunately, it looks like those heady days are now over, as [derekcz] reports the downlink from the latest Falcon 9 mission was nothing but intelligible noise. Since the hardware and software haven’t changed on his side, the only logical conclusion is that SpaceX wasn’t too happy about radio amateurs listening in on their rocket and decided to employ some form of encryption.

Since this data has apparently been broadcast out in the clear for nearly a decade before anyone on the ground noticed, it’s easy to see this as an overreaction. After all, what’s the harm in a few geeks with hacked together antennas getting a peek at a stack of Starlink satellites? [derekcz] even mused that allowing hobbyists to capture these space views might earn the company some positive buzz, something Elon Musk never seems to get enough of.

Some of the images [derekcz] was able to capture from the Falcon 9

On the other hand, we know that SpaceX is actively pursuing more lucrative national security launch contracts for both the Falcon 9 and Falcon Heavy. For these sensitive government payloads, the normal on-screen telemetry data and space views are omitted from the company’s official live streams. It seems likely the Pentagon would be very interested in finding out how civilians were able to obtain this information, and a guarantee from SpaceX that the link would be encrypted for all future flights could have helped smooth things over.

At the end of the post [derekcz] echos a sentiment we’ve been hearing from other amateur radio operators  recently, which is that pretty soon space may be off-limits for us civilians. As older weather satellites begin to fail and get replaced with newer and inevitably more complex models, the days of picking up satellite images with an RTL-SDR and a few lines of Python are likely numbered.