News

3651 Articles

Antenna Tuning For GHz Frequencies

August 3, 2019 by 9 Comments

Antenna tuning at HF frequencies is something that radio amateurs learn as part of their licence exam, and then hone over their time operating. A few basic instruments and an LC network antenna tuner in a box are all that is required, and everything from a bit of wet string to ten thousand dollars worth of commercial antenna can be loaded up and used to work the world. When a move is made into the gigahertz range though it becomes a little more difficult. The same principles apply, but the variables of antenna design are much harder to get right and a par of wire snippers and an antenna tuner is no longer enough. With a plethora of GHz-range electronic devices surrounding us there has been more than one engineer sucked into a well of doom by imagining that their antenna design would be an easy task.

An article from Baseapp then makes for very interesting reading. Titled “Antenna tuning for beginners“, it approaches the subject from the perspective of miniature GHz antennas for IoT devices and the like. We’re taken through the basics and have a look at different types of antennas and connectors, before being introduced to a Vector Network Analyser, or VNA. Here is where some of the Black Art of high frequency RF design is laid bare, with everything explained through a series of use cases.

Though many of you will at some time or other work with these frequencies it’s very likely that few of you will do this kind of design exercise. It’s hard work, and there are so many ready-made RF modules upon which an engineer has already done the difficult part for you. But it does no harm to know something about it, so it’s very much worth taking a look at this piece.

It’s an area we’ve ventured into before, at a Superconference a few years ago [Michael Ossmann] gave us a fundamental introduction to RF design.

This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t

July 26, 2019 by 18 Comments

Selfblow (Don’t google that at work, by the way) is a clever exploit by [Balázs Triszka] that affects every Nvidia Tegra device using the nvtboot bootloader — just about all of them except the Nintendo Switch. It’s CVE 2019-5680, and rated at an 8.2 according to Nvidia, but that high CVE rating isn’t entirely reflective of the reality of the situation. Taking advantage of the vulnerability means writing to the boot device, which requires root access, as well as a kernel flag set to expose the boot partitions to userspace. This vulnerability was discovered as part of an effort by [Balázs] and other LineageOS developers to build an open source bootloader for Nvidia Tegra devices.

The Tegra boot process is a bit different, having several stages and a dedicated Boot and Power Management CPU (BPMP). A zero-stage ROM loads nvtboot to memory and starts it executing on the BPMP. One of the tasks of nvtboot is to verify the signature of the next bootloader step, nvtboot-cpu. The file size and memory location are embedded in the nvtboot-cpu header. There are two problems here that together make this vulnerability possible. The first is that the bootloader binary is loaded to its final memory location before the signature verification is performed. The code is written to validate the bootloader signature before starting it executing on the primary CPU, so all is well, right? Continue reading “This Week In Security: Selfblow, Encryption Backdoors, Killer Apps, And The VLC Apocalypse That Wasn’t”

Brain-Computer Interfaces: Separating Fact From Fiction On Musk’s Brain Implant Claims

July 24, 2019 by 81 Comments

When it comes to something as futuristic-sounding as brain-computer interfaces (BCI), our collective minds tend to zip straight to scenes from countless movies, comics, and other works of science-fiction (including more dystopian scenarios). Our mind’s eye fills with everything from the Borg and neural interfaces of Star Trek, to the neural recording devices with parent-controlled blocking features from Black Mirror, and of course the enslavement of the human race by machines in The Matrix.

And now there’s this Elon Musk guy, proclaiming that he’ll be wiring up people’s brains to computers starting next year, as part of this other company of his: Neuralink. Here the promises and imaginings are truly straight from the realm of sci-fi, ranging from ‘reading and writing’ to the brain, curing brain diseases and merging human minds with artificial intelligence. How much of this is just investor speak? Please join us as we take a look at BCIs, neuroprosthetics and what we can expect of these technologies in the coming years.

Continue reading “Brain-Computer Interfaces: Separating Fact From Fiction On Musk’s Brain Implant Claims”

The South American Power Outage That Plunged 48 Million Into Blackout

July 22, 2019 by 44 Comments

A massive power outage in South America last month left most of Argentina, Uruguay, and Paraguay in the dark and may also have impacted small portions of Chile and Brazil. It’s estimated that 48 million people were affected and as of this writing there has still been no official explanation of how a blackout of this magnitude occurred.

While blackouts of some form or another are virtually guaranteed on any power grid, whether it’s from weather events, accidental damage to power lines and equipment, lightning, or equipment malfunctioning, every grid will eventually see small outages from time to time. The scope of this one, however, was much larger than it should have been, but isn’t completely out of the realm of possibility for systems that are this complex.

Initial reports on June 17th cite vague, nondescript possible causes but seem to focus on transmission lines connecting population centers with the hydroelectric power plant at Yacyretá Dam on the border of Argentina and Paraguay, as well as some ongoing issues with the power grid itself. Problems with the transmission line system caused this power generation facility to become separated from the rest of the grid, which seems to have cascaded to a massive power failure. One positive note was that the power was restored in less than a day, suggesting at least that the cause of the blackout was not physical damage to the grid. (Presumably major physical damage would take longer to repair.) Officials also downplayed the possibility of cyber attack, which is in line with the short length of time that the blackout lasted as well, although not completely out of the realm of possibility.

This incident is exceptionally interesting from a technical point-of-view as well. Once we rule out physical damage and cyber attack, what remains is a complete failure of the grid’s largely automatic protective system. This automation can be a force for good, where grid outages can be restored quickly in most cases, but it can also be a weakness when the automation is poorly understood, implemented, or maintained. A closer look at some protective devices and strategies is warranted, and will give us greater insight into this problem and grid issues in general. Join me after the break for a look at some of the grid equipment that is involved in this system.

Continue reading “The South American Power Outage That Plunged 48 Million Into Blackout”

5G Power Usage Is Making Phones Overheat In Warm Weather

July 21, 2019 by 52 Comments

As reported by ExtremeTech, the brand new 5G network is running into a major snag with mobile devices as Qualcomm 5G modems literally cannot handle the heat. After just a few minutes of use they’re going into thermal shutdown and falling back to measly 4G data rates. Reports by both PCMag and the Wall Street Journal (paywall) suggest that 5G-enabled phones consistently see problems when used in environments where temperatures hit or exceed 29.5 °C (85.1 °F).

The apparent cause is the increased power draw required by current 5G modems which make heavy use of beam forming and other advanced technologies to increase reception and perform processing on the received data. Unlike 4G and older technologies, 5G needs to have multiple antennas (three or more) to keep a signal, especially when you grab your shiny new smartphone with your millimeter-wave blocking hands.

The spin-off from all of this seems to be that perhaps 5G technology isn’t ready for prime-time, or that perhaps our phones need to have bigger batteries and liquid cooling to keep the 5G modem in it happy. Anyone up for modding a liquid cooling loop and (tiny) radiator into their phone?

Inside The Mysterious Global Navigation Outage You Probably Didn’t Notice

July 19, 2019 by 19 Comments

The entire world has come to depend on satellite navigation systems in the forty or so years since the first Global Positioning System satellites took to orbit. Modern economies have been built on the presumption that people and assets can be located to within a meter or better anywhere on, above, or even slightly under the surface of the planet. For years, GPS was the only way to do that, but billions have been sunk into fielding other global navigation systems, achieving a measure of independence from GPS and to putting in place some badly needed redundancy in case of outages, like that suffered by the European Union’s Galileo system recently.

The problem with Galileo, the high-accuracy public access location system that’s optimized for higher latitudes, seems to be resolved as of this writing. The EU has been tight-lipped about the outage, however, leaving investigation into its root cause to a few clever hackers armed with SDRs and comprehensive knowledge of exactly how a constellation of satellites can use the principles of both general and special relativity to point you to your nearest Starbucks.

Continue reading “Inside The Mysterious Global Navigation Outage You Probably Didn’t Notice”

This Week In Security: Ransomware Keys, IOS Woes, And More

July 19, 2019 by 12 Comments

Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to breach the command and control servers where the master keys were stored. It’s yet to be known whether this breach was the cause for the retirement, or was a result of it.

Apple’s Secure Enclave is Broken?

A Youtube video and Reddit thread show a way to bypass the iPhone’s TouchID and FaceID, allowing anyone to access the list of saved passwords. The technique for breaking into that data? Tap the menu option repeatedly, and cancel the security prompts. Given enough rapid tries, the OS gives up on the validation and simply shows the passwords!

The iPhone has an onboard security chip, the Secure Enclave, that is designed to make this sort of problem nearly impossible. The design specification dictates that data like passwords are encrypted, and the only way to decrypt is to use the Enclave. The purpose is to mitigate the impact of programming bugs like this one. It seems that the issue is limited to the iOS 13 Beta releases, and you’d expect bugs in beta, but a bug like this casts some doubt on the effectiveness of Apple’s Security Enclave.

URL Scheme Hijacking

Our next topic is also iOS related, though it’s possible the same issue could effect Android phones: URL scheme problems. The researchers at Trend Micro took a look at how iOS handles conflicting app URLs. Outside of the normal http: and https: URLs, applications can register custom URL schemes in order to simplify inter-process communication. The simplest example is something like an email address and the mailto: scheme. Even on a desktop, using one of these links will open a different application to handle that request. What could go wrong?

One weakness in using URL schemes like this is that not all apps properly validate what launched the request, and iOS allows multiple apps to use the same URL scheme. In the example given, a malicious app could register the same URL handler as the target, and effectively launch a man-in-the-middle attack.

Bluekeep, and Patching Systems

It has been five weeks since Bluekeep, the Remote Desktop Protocol vulnerability, was revealed. Approximately 20% of the vulnerable systems exposed to the internet have been patched. Bitsight has been running scans of the remaining vulnerable machines, and estimates about 800,000 remaining vulnerable systems. You may remember this particularl vulnerability was considered so problematic that even the NSA released a statement encouraging patching. So far, there hasn’t been a worm targeting the vulnerability, but it’s assumed that at least some actors have been using this vulnerability in attacks.