News

3396 Articles

Using Smartphone Cameras To Make Sure Drivers Are Looking At The Road

May 3, 2020 by 25 Comments

Most of us are probably quite aware of the damage that a car can inflict when driven by a distracted driver. In an ideal world, people who are driving a car would not allow something like their phone to distract them from their primary task of being the primary navigation system for the 1+ metric ton vehicle which they are controlling.

Many smartphone apps as well as in-car infotainment systems have added features over the years that try to prevent a driver from using them, but they run into the issue that it’s hard to distinguish between passenger and driver. As it turns out, asking the human driver whether they are the driver doesn’t always get the expected result. This is where [Rushil Khurana] and his team at Carnegie Mellon University (CMU) have come up with a more fool-proof approach.

In their paper (PDF), they cover the algorithm and software implementation that uses the smartphone’s own front (selfie) and back cameras to determine from the car’s interior which side of the car the user is sitting in, and deducing from that whether the user is sitting in the driver’s seat or not.  From there it is a fairly safe assumption to make that if the user is sitting in the driver’s seat, and the car is moving, that this user should not be looking at the phone’s screen.

In a test involving 16 different cars and 33 users, they achieved an overall accuracy of 94% with the phone held in the hand, and 92.2% while docked. This is more reliable than the other approaches covered in the paper, and as a benefit does not require any extra hardware. Who knows, upcoming smartphones may include a feature like this, so that apps can easily determine what feature set should be made available to a driver, if any.

Continue reading “Using Smartphone Cameras To Make Sure Drivers Are Looking At The Road”

FDA Approves Ventilator Designed By NASA’s Jet Propulsion Laboratory

May 1, 2020 by 28 Comments

Yesterday NASA’s Jet Propulsion Laboratory announced that their ventilator design has received Emergency Use Authorization from the US Food and Drug Administration. This paves the way for the design to be manufactured for use in the treatment of COVID-19 patients.

JPL, which is tightly partnered with the California Institute of Technology, designed the ventilator for rapid manufacturing to meet the current need for respiratory tools made scarce by the pandemic. The design process took only 37 days and was submitted for FDA approval around April 23rd. They call it VITAL — Ventilator Intervention Technology Accessible Locally — a nod to NASA’s proclivity for acronyms.

Continue reading “FDA Approves Ventilator Designed By NASA’s Jet Propulsion Laboratory”

This Week In Security: Firewall 0-day, Apple’s Response, And An Android Bluetooth Bug

May 1, 2020 by 8 Comments

Sophos firewall appliances are actively being attacked by a 0-day exploit chain that originates with a SQL injection. That injection is a nasty one, as it can be launched from the WAN user portal. The observed attack used that vulnerability to inject a shell command into the device database, where it would eventually be run automatically. If you have an affected Sophos device, go check that the hotfix was automatically installed.

While the vulnerability was a bad one, Sophos’ response here is laudable. They publicly disclosed the attack less than 24 hours after they were notified of it’s existence in the wild, and began rolling a fix out within three days. Additionally, Sophos engineers did a really detailed write-up (linked above) giving us all the details of the attack. The hotfix that closes the vulnerability also attempts to clean up the infection, although there are some additional manual steps that are suggested if your device was compromised. Continue reading “This Week In Security: Firewall 0-day, Apple’s Response, And An Android Bluetooth Bug”

ICANN Board Withhold Consent For .ORG Deal

May 1, 2020 by 10 Comments

Over the past few months there has been a battle waging in the world of domain names; the overseeing body ICANN had hatched a plan to transfer the entire .org registry to a private company, to significant opposition from .org domain holders, concerned citizens, and the Electronic Frontier Foundation. Part of the process before the deadline for handover on the 4th of May was a due dilligence process during which the ICANN board would review submissions related to the deal, and after completing that task the board have witheld their consent for it to go ahead. As you might expect the EFF are declaring a victory, but they also make the point that one of the reasons the ICANN board rejected the deal was a potential risk of a debt liability for the organisation.

It’s tempting to frame this as a rare victory for the Little Guy in the face of The Man, but the reality is probably more nuanced. When the deal was hatched the world had not yet come to terms with the COVID-19 pandemic, meaning that the thought of a post-virus economic slump would not yet have been on their minds. It’s thus not unexpected that the ICANN board would think about the financial aspects of it as well as the many objections, because in a time of economic pain the possibility of it going sour would be significantly increased. The future of the .org and other registries should remain a concern to internet users, because after all, this is not the first time such a thing has happened.

The United States Air Force Would Like You To Hack Into Their Satellite

April 30, 2020 by 16 Comments

The Air Force is again holding its annual “Space Security Challenge” where they invite you to hack into a satellite to test their cybersecurity measures. There are actually two events. In the first one, $150,000 is up for grabs in ten prizes and the final event offers a $100,000 purse divided among the three top participants (first place takes $50,000).

Before you get too excited, you or your team has to first qualify online. The qualification event will be over two days starting May 22. The qualifying event is set up a bit like the TV show Jeopardy. There is a board with categories. When a team solves a challenge in a category it receives a flag that is worth points as well as getting to unlock the next challenge. Once a challenge is unlocked however, any team could potentially work on it. There are more rules, but that’s the gist of it. At the end of the event, the judges will contact the top 10 teams who will then each have to submit a technical paper.

Continue reading “The United States Air Force Would Like You To Hack Into Their Satellite”

Giving Surfaces Their Own Antiviral Coating To Fight Infection

April 30, 2020 by 15 Comments

The use of disinfectants is not a new thing, but a major disadvantage with most common disinfectants is that they are only effective in the short term. After applying bleach, alcohol or other disinfectant to the surface, the disinfectant’s effect quickly fades as the liquid evaporates. Ideally the disinfectant would remain on the surface, ready to disinfect when needed.

According to researchers at the Hong Kong University of Science and Technology (HKUST), the solution may lie in a heat-sensitive coating that releases disinfectant when it’s needed. This Multilevel Antimicrobial Polymer (MAP-1) can remain effective for as long as 90 days, depending on how often the surface is touched or otherwise used.

MAP-1 consists out of polymer strands of a material that prevents viruses and bacteria from attaching to its surface, while disrupting its outside surface. Effectively this has the potential to inactivate (kill) most viruses and harmful bacteria that come into contact with it.

MAP-1 is currently being deployed in Hong Kong, where public places such as schools, malls and sport facilities have had the coating applied. It costs between US $2,600 and US $50,000 to treat an area, which is not cheap, but would be cheaper than shutting down such a facility for regular surface disinfecting.

Although it still has to be determined that MAP-1 is as effective as hoped, it is another example of an antimicrobial surface, a material that is designed to be as incompatible with sustaining viruses and bacteria as possible. In the past copper and its alloys have been commonly used for this purpose, but a polymer coating is obviously more versatile. From the point of view of today’s pandemic, making surfaces incapable of hosting viruses definitely can be regarded as highly necessary.

(Pictured: a MAP-1 coating on a surface, courtesy of HKUST)

GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC

April 24, 2020 by 31 Comments

Another week, another exploit against an air-gapped computer. And this time, the attack is particularly clever and pernicious: turning a GPU into a radio transmitter.

The first part of [Mikhail Davidov] and [Baron Oldenburg]’s article is a review of some of the basics of exploring the RF emissions of computers using software-defined radio (SDR) dongles. Most readers can safely skip ahead a bit to section 9, which gets into the process they used to sniff for potentially compromising RF leaks from an air-gapped test computer. After finding a few weak signals in the gigahertz range and dismissing them as attack vectors due to their limited penetration potential, they settled in on the GPU card, a Radeon Pro WX3100, and specifically on the power management features of its ATI chipset.

With a GPU benchmarking program running, they switched the graphics card shader clock between its two lowest power settings, which produced a strong signal on the SDR waterfall at 428 MHz. They were able to receive this signal up to 50 feet (15 meters) away, perhaps to the annoyance of nearby hams as this is plunk in the middle of the 70-cm band. This is theoretically enough to exfiltrate data, but at a painfully low bitrate. So they improved the exploit by forcing the CPU driver to vary the shader clock frequency in one megahertz steps, allowing them to implement higher throughput encoding schemes. You can hear the change in signal caused by different graphics being displayed in the video below; one doesn’t need much imagination to see how malware could leverage this to exfiltrate pretty much anything on the computer.

It’s a fascinating hack, and hats off to [Davidov] and [Oldenburg] for revealing this weakness. We’ll have to throw this on the pile with all the other side-channel attacks [Samy Kamkar] covered in his 2019 Supercon talk.

Continue reading “GPU Turned Into Radio Transmitter To Defeat Air-Gapped PC”