Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity

September 11, 2020 by Jonathan Bennett 7 Comments

Raccoon is the next flashy security flaw with a name, cute logo, and a website (and a PDF). Raccoon is a flaw in TLS version prior to 1.3, and seems to be a clever bit of work, albeit one with limited real-world application. The central problem is that these older versions of TLS, when using Diffie Hellman (DH), drop leading all-zero bytes in the resulting pre-master key. As that key is part of the input for calculating the master session key, a shortened pre-master key results in a slightly faster calculation of the master key. If an attacker can make fine-grained timing measurements, he can determine when the pre-master key is trimmed.

Let’s review Diffie Hellman, briefly. The client and server agree on two numeric values, a base g and modulus p, and each party generates a secret key, a and b. Each party calculates a public key by raising the shared base to their own private key, mod the shared modulus: A = g^a mod p. These public keys are exchanged, and each party raises the received key to their own secret key: A^b. Exponents have a non-obvious quirk, the power rule. A value raised to a power raised to a power is the same as the value raised to the power of the exponents multiplied together. g^a^b is equal to g^(a*b). By going through this mathematical dance, the server and client have arrived at a shared value that only they know, while preserving the secrecy of their private keys. Continue reading “Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity” →

Game Boy Plays Forever

September 11, 2020 by Bryan Cockfield 14 Comments

For those of us old enough to experience it first hand, the original Game Boy was pretty incredible, but did have one major downside: battery consumption. In the 90s rechargeable batteries weren’t common, which led to most of us playing our handhelds beside power outlets. Some modern takes on the classic Game Boy address these concerns with modern hardware, but this group from the Delft University of Technology and Northwestern has created a Game Boy clone that doesn’t need any batteries at all, even though it can play games indefinitely.

This build was a proof-of-concept for something called “intermittent computing” which allows a computer to remain in a state of processing limbo until it gets enough energy to perform the next computation. The Game Boy clone, fully compatible with the original Game Boy hardware, is equipped with many tiny solar panels which can harvest energy and is able to halt itself and store its state in nonvolatile memory if it detects that there isn’t enough energy available to continue. This means that Super Mario Land isn’t exactly playable, but other games that aren’t as action-packed can be enjoyed with very little impact in gameplay.

The researchers note that it’ll be a long time before their energy-aware platform becomes commonplace in devices and replaces batteries, but they do think that internet-connected devices that don’t need to be constantly running or powered up would be a good start. There are already some low-powered options available that can keep their displays active when everything else is off, so hopefully we will see even more energy-efficient options in the near future.

Thanks to [Sascho] for the tip!

Continue reading “Game Boy Plays Forever” →

ISS Ham Radio Repeater

September 10, 2020 by Al Williams 28 Comments

There is a long history of spacecraft carrying ham radio gear, as the Space Shuttle, Mir, and the ISS have all had hams aboard with gear capable of talking to the Earth. However, this month, the ISS started operating an FM repeater that isn’t too dissimilar from a terrestrial repeater. You can see [TechMinds] video on the repeater, below.

The repeater has a 2 meter uplink and a 70 centimeter downlink. While you can use a garden variety dual-band ham transceiver to use the repeater, you’ll probably need a special antenna along with special operating techniques.

Continue reading “ISS Ham Radio Repeater” →

New Zealand To Test Wireless Power Transmission

September 10, 2020 by Al Williams 82 Comments

Nikola Tesla wanted to beam power without wires. NASA talked about building power-generating satellites that would do the same thing. But now New Zealand’s second-largest power utility — Powerco — is working with a start-up company to beam energy to remote locations. There have been several news releases, but possibly the most technical detail is from an interview [Loz Blain] did with the founder of the startup company.

It isn’t really news that you can send radio waves somewhere and convert the signal back into power. Every antenna does that routinely. The question is how efficient is the power transmission and — when the power levels are high — how safe is it? According to [Greg Kushnir], the founder of Emrod, the technology is about 70% efficient and uses ISM frequencies.

Continue reading “New Zealand To Test Wireless Power Transmission” →

Paper Keyboard Is Self-Powered

September 9, 2020 by Al Williams 12 Comments

Building a keyboard isn’t a big project these days. Controller chips and boards are readily available, switches are easy to find, and a 3D printer can do a lot of what used to be the hard parts. But engineers at Purdue have printed a self-powered Bluetooth keyboard on an ordinary sheet of paper. You can see videos of the keyboards at work below.

The keyboards work by coating paper with a highly fluorinated coating that repels water, oil, and dust. Special inks print triboelectric circuits so that pressing your finger on a particular part of the paper generates electricity. We were skeptical that the Bluetooth part is self-powered, although maybe it is possible if you have some very low-power electronics or you manage the power generated very carefully.

Continue reading “Paper Keyboard Is Self-Powered” →

Cousteau’s Proteus Will Be The ISS Of The Seas

September 7, 2020 by Kristina Panos 32 Comments

The Earth’s oceans are a vast frontier that brims with possibilities for the future of medicine, ocean conservation, and food production. They remain largely unexplored because of the physical limits of scuba diving. Humans can only dive for a few hours each day, and every minute spent breathing compressed air at depth must be paid for with a slower ascent to the surface. Otherwise, divers could develop decompression sickness from nitrogen expanding in the bloodstream.

An illustration of the Conshelf 3 habitat. Image via Medium

In the 1960s, world-famous oceanographer Jacques Cousteau built a series of small underwater habitats to extend the time that he and other researchers were able to work. These sea labs were tethered to a support ship with a cable that provided air and power.

Cousteau’s first sea lab, Conshelf 1 (Continental Shelf Station) held two people and was stationed 33 feet deep off the coast of Marseilles, France. Conshelf 2 sheltered six people and spent a total of six weeks under the Red Sea at two different depths.

Conshelf 3 was Cousteau’s most ambitious habitat design, because it was nearly self-sufficient compared to the first two. It accommodated six divers for three weeks at a time and sat 336 feet deep off the coast of France, near Nice. Conshelf 3 was built in partnership with a French petrochemical company to study the viability of stationing humans for underwater oil drilling (before we had robots for that), and included a mock oil rig on the nearby ocean floor for exercises.

Several underwater habitats have come and gone in the years since the Conshelf series, but each has been built for a specific research project or group of tasks. There’s never really been a permanent habitat established for general research into the biochemistry of the ocean.

Continue reading “Cousteau’s Proteus Will Be The ISS Of The Seas” →

This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More

September 4, 2020 by Jonathan Bennett 5 Comments

Honeypots are an entertaining way to learn about new attacks. A simulated vulnerable system is exposed to the internet, inviting anyone to try to break into it. Rather than actually compromising a deployed device, and attacker just gives away information about how they would attack the real thing. A honeypot run by 360Netlab found something interesting back in April: an RCE attack against QNAP NAS devices. The vulnerability is found in the logout endpoint, which takes external values without properly sanitizing them. These values are used as part of an snprintf statement, and then executed with a system() call. Because there isn’t any sanitization, special characters like semicolons can be injected into the final command to be run, resulting in a trivial RCE.

QNAP has released new firmware that fixes the issue by replacing the system() call with execv(). This change means that the shell isn’t part of the execution process, and the command injection loses its bite. Version 4.3.3 was the first firmware release to contain this fix, so if you run a QNAP device, be sure to go check the firmware version. While this vulnerability was being used in the wild, there doesn’t seem to have been a widespread campaign exploiting it.

Continue reading “This Week In Security: Zero Days, Notarized Malware, Jedi Mind Tricks, And More” →