News

3651 Articles

The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!”

May 15, 2019 by 91 Comments

Hack long enough and hard enough, and it’s a pretty safe bet that you’ll eventually cause unintentional RF emissions. Most of us will likely have our regulatory transgression go unnoticed. But for one unlucky hacker in Ohio, a simple project ended up with a knock at the door by local authorities and pointed questions to determine why key fobs and garage door remotes in his neighborhood and beyond had suddenly been rendered useless, and why his house seemed to be at the center of the disturbance.

Few of us want this level of scrutiny for our projects, so let’s take a more in-depth look at the Great Ohio Key Fob Mystery, along with a look at the Federal Communications Commission regulations that govern what you can and cannot do on the airwaves. As it turns out, it’s easy to break the law, and it’s easy to get caught.

Continue reading “The Great Ohio Key Fob Mystery, Or “Honey, I Jammed The Neighborhood!””

This Week In Security: Backdoors In Cisco Switches, PGP Spoofing In Emails, Git Ransomware

May 13, 2019 by 7 Comments

Some switches in Cisco’s 9000 series are susceptible to a remote vulnerability, numbered CVE-2019-1804 . It’s a bit odd to call it a vulnerability, actually, because the software is operating as intended. Cisco shipped out these switches with the same private key hardcoded in software for all root SSH logins. Anyone with the key can log in as root on any of these switches.

Cisco makes a strange claim in their advisory, that this is only exploitable over IPv6. This seems very odd, as there is nothing about SSH or the key authentication process that is IPv6 specific. This suggests that there is possibly another blunder, that they accidentally left the SSH port open to the world on IPv6. Another possibility is that they are assuming that all these switches are safely behind NAT routers, and therefore inaccessible through IPv4. One of the advantages/disadvantages of IPv6 is that there is no NAT, and all the network devices are accessible from the outside network. (Accessible in the sense that a route exists. Firewalling is still possible, of course.)

It’s staggering how many devices, even high end commercial devices, are shipped with unintentional yet effective backdoors, just like this one. Continue reading “This Week In Security: Backdoors In Cisco Switches, PGP Spoofing In Emails, Git Ransomware”

Color-Tunable LEDs Open Up Possibilities Of Configurable Semiconductors

May 6, 2019 by 26 Comments

The invention of the blue LED was groundbreaking enough to warrant a Nobel prize. For the last decade, researchers have been trying to take the technology to the next level by controlling the color of emission while the device is in operation. In a new research paper, by the guys over Osaka University, Lehigh University, the University of Amsterdam and West Chester University have presented a GaN LEDs that can be tuned to emit different colors from the same substrate.

GaN or Gallium nitride is a wide band-gap semiconductor that has been employed in the manufacturing of FETs that are known to have higher power density due to its high thermal capacity while increasing efficiency. In the the case of the tunable LED, the key has been the doping with Europium for creating energy bands. When an electron jumps from a higher band to a lower band, it emits energy in the form of light and the wavelength or color depends on the gap of energy jumped as per Plank-Einstein equation.

By controlling the current density and duty cycle, the energy jumps can be controller thereby controlling the color being emitted. This is important since it opens up the possibility of control of LEDs post production. External controllers could be used with the same substrates i.e. same LEDs to make a lamp of different intensity as well as color without needing different doping for R,G and B emissions. The reduction in cost as well as size could be phenomenal and could pave the way for similar semiconductor research.

We have covered the details of the LED in the past along with some fundamentals on the control techniques. We are hoping for some high speed color accurate displays in the future that don’t break the bank on our next gaming build.

Thanks for the tip [Qes]

A Hydrogen Fuel Cell Drone

May 6, 2019 by 37 Comments

When we think about hydrogen and flying machines, it’s quite common to imagine Zeppelins, weather balloons and similar uses of hydrogen in lighter-than-air craft to lift stuff of the ground. But with smaller and more efficient fuel cells, hydrogen is gaining its place in the drone field. Project RACHEL is a hydrogen powered drone project that involves multiple companies and has now surpassed the 60 minutes of flight milestone.

The initial target of the project was to achieve 60 minutes of continuous flight while carrying a 5 kg payload. The Lithium Polymer battery-powered UAVs flown by BATCAM allow around 12 minutes of useable flight. The recent test of the purpose-built fuel cell powered UAV saw it fly for an uninterrupted 70 minutes carrying a 5 kg payload.  This was achieved on a UAV with below 20 kg maximum take-off mass, using a 6-litre cylinder containing hydrogen gas compressed to 300 bar.

While this is not world record for drones and it’s not exactly clear if there will be a commercial product nor the price tag, it is still an impressive feat for a fuel cell powered flying device. You can watch the footage of one of their tests bellow:

Continue reading “A Hydrogen Fuel Cell Drone”

Twenty Five Years Since The End Of Commodore

May 2, 2019 by 81 Comments

This week marks the twenty-five year anniversary of the demise of Commodore International. This weekend, pour one out for our lost homies.

Commodore began life as a corporate entity in 1954 headed by Jack Tramiel. Tramiel, a Holocaust survivor, moved to New York after the war where he became a taxi driver. This job led him to create a typewriter repair shop in Bronx. Wanting a ‘military-style’ name for his business, and the names ‘Admiral’ and ‘General’ already taken, and ‘Lieutenant’ simply being a bad name, Tramiel chose the rank of Commodore.

Later, a deal was inked with a Czechoslovakian typewriter manufacture to assemble typewriters for the North American market, and Commodore Business Machines was born. Of course, no one cares about this pre-history of Commodore, for the same reason that very few people care about a company that makes filing cabinets. On the electronics side of the business, Commodore made digital calculators. In 1975, Commodore bought MOS, Inc., manufacturers of those calculator chips. This purchase of MOS brought Chuck Peddle to Commodore as the Head of Engineering. The calculators turned into computers, and the Commodore we know and love was born.

Continue reading “Twenty Five Years Since The End Of Commodore”

Drone Registration Tax Sought By UK’s CAA

May 1, 2019 by 54 Comments

As the UK’s aviation regulator, the Civil Aviation Authority is tasked with “making aviation better for those who choose to fly and those who do not”. Their latest plan to further this mission comes in the form of a drone registration tax. The proposal, which is open to online responses until 7 June, seeks to pass on the cost of a drone registration system to those who register themselves.

Proposals for a drone registration scheme have been in the works for a while now, and if enacted it would go into effect on 1 November. Owners of craft weighing more than 250 g (0.55 lbs) would have to fork out £16.50 ($21.50) per year, ostensibly to pay for the administration of the scheme. The CAA are basing this rate on as many as 170,000 people registering. In the US, the FAA has a drone registration program in place that requires registration based on the same 250 g weight guideline, but only charges $5 (£3.82) for a 3-year license, about thirteen times less than the CAA proposal.

Long-time readers will be familiar with our ongoing coverage of the sometimes-farcical saga of drone sightings in British skies. Airports have been closed (and implausible excuses have been concocted), but one thing remains constant: no tangible proof of any drone has yet been produced. Faced with a problem it doesn’t fully understand, the British Government is looking to this registration program.

It goes without saying that people misusing drones and endangering public safety should be brought to justice as swiftly as possible. But our concern is that the scale of the problem has been vastly over-represented, and that this scheme will do little to address either the problem of bogus drone sightings or the very real problem of criminal misuse of drones for example to smuggle contraband into prisons. It’s difficult to think this measure will have an effect on the number of incidents blamed on drones, and the high cost included in the proposal is a troubling burden for enthusiasts who operate responsibly.

This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day

May 1, 2019 by 33 Comments

Ah, Facebook. Only you could mess up email verification this badly, and still get a million people to hand over their email address passwords. Yes, you read that right, Facebook’s email verification scheme was to ask users for their email address and email account password. During the verification, Facebook automatically downloaded the account’s contact list, with no warning and no way to opt out.

The amount of terrible here is mind-boggling, but perhaps we need a new security rule-of-thumb for these kind of situations. Don’t ever give an online service the password to a different service. In order to make use of a password in this case, it’s necessary to handle it in plain-text. It’s not certain how long Facebook stored these passwords, but they also recently disclosed that they have been storing millions of Facebook and Instagram passwords in plain-text internally.

This isn’t the first time Facebook has been called out for serious privacy shenanigans, either: In early 2018 it was revealed that the Facebook Android app had been uploading phone call records without informing users. Mark Zuckerberg has recently outlined his plan to give Facebook a new focus on privacy. Time will tell whether any real change will occur.

Cyber Can Mean Anything

Have you noticed that “cyber” has become a meaningless buzz-word, particularly when used by the usual suspects? The Department of Energy released a report that contained a vague but interesting sounding description of an event: “Cyber event that causes interruptions of electrical system operations.” This was noticed by news outlets, and people have been speculating ever since. What is frustrating about this is the wide range of meaning covered by the term “cyber event”. Was it an actual attack? Was Trinity shutting down the power stations, or did an intern trip over a power cord?
Continue reading “This Week In Security: Facebook Hacked Your Email, Cyber On The Power Grid, And A Nasty Zero-day”