News

3665 Articles

WikiLeaks Unveils Treasure Trove Of CIA Documents

March 8, 2017 by 121 Comments

The latest from WikiLeaks is the largest collection of documents ever released from the CIA. The release, called ‘Vault 7: CIA Hacking Tools Revealed’, is the CIA’s hacking arsenal.

While Vault 7 is only the first part in a series of leaks of documents from the CIA, this leak is itself massive. The documents, available on the WikiLeaks site and available as a torrent, detail the extent of the CIA’s hacking program.

Of note, the CIA has developed numerous 0-day exploits for iOS and Android devices. The ‘Weeping Angel’ exploit for Samsung smart TVs,  “places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on.” This Fake-Off mode enables a microphone in the TV, records communications in the room, and sends these recordings to a CIA server. Additionally, the CIA has also developed tools to take over vehicle control systems. The purpose of such tools is speculative but could be used to send a moving car off the road.

It is not an exaggeration to say this is the most significant leak from a government agency since Snowden, and possibly since the Pentagon Papers. This is the documentation for the CIA’s cyberwarfare program, and there are more leaks to come. It will be a while until interested parties — Hackaday included — can make sense of this leak, but until then WikiLeaks has published a directory of this release.

Header image source (CC BY 2.0)

Nvidia Announces Jetson TX2 High Performance Embedded Module

March 7, 2017 by 36 Comments

The last year has been great for Nvidia hardware. Nvidia released a graphics card using the Pascal architecture, 1080s are heating up server rooms the world over, and now Nvidia is making yet another move at high-performance, low-power computing. Today, Nvidia announced the Jetson TX2, a credit-card sized module that brings deep learning to the embedded world.

The Jetson TX2 is the follow up to the Jetson TX1. We took a look at it when it was released at the end of 2015, and the feelings were positive with a few caveats. The TX1 is still a very fast, very capable, very low power ARM device that runs Linux. It’s low power, too. The case Nvidia was trying to make for the TX1 wasn’t well communicated, though. This is ultimately a device you attach several cameras to and run OpenCV. This is a machine learning module. Now it appears Nvidia has the sales pitch for their embedded platform down.

Continue reading “Nvidia Announces Jetson TX2 High Performance Embedded Module”

Another Day, Another “IoT” Backdoor

March 6, 2017 by 48 Comments

As if you needed any reason other than “just for the heck of it” to hack into a gadget that you own, it looks like nearly all of the GSM-to-IP bridge devices make by DBLTek have a remotely accessible “secret” backdoor account built in. We got sent the link via Slashdot which in turn linked to this story on Techradar. Both include the scare-words “Chinese” and “IoT”, although the devices seem to be aimed at small businesses, but everything’s “IoT” these days, right?

What is scary, however, is that the backdoor isn’t just a sloppy debug account left in, but rather only accessible through an elaborate and custom login protocol. Worse still, when the company was contacted about the backdoor account, they “fixed” the problem not by removing the account, but by making the “secret” login procedure a few steps more complicated. Which is to say, they haven’t fixed the problem at all.

This issue was picked up by security firm Trustwave, but they can’t check out every device on the market all the time. We may be preaching to the choir here, but if you’re ever wondering why it’s important to be able to break into stuff that you own, here’s another reminder.

Solid State Battery From The Man Who Brought Us Lithium Ion

March 5, 2017 by 98 Comments

Who is [John Goodenough]? He’s 94, so he’s been around long enough that you ought to know him. He was one of the co-inventors of the lithium-ion battery. Think about how much that battery has changed electronics. [Goodenough] along with [Maria Helena Braga] may have come up with that battery’s successor: the solid state battery. There’s a paper available that is free, but requires registration. If you don’t want to register, you can read the news release from the University of Texas with no trouble.

Keywords used to describe the new battery are low-cost, noncombustible, long cycle life, high energy density, and fast charge and discharge rates. The pair is also claiming three times the energy density of a current lithium-ion battery. They also claim that the batteries recharge in minutes instead of hours. You can see a video from [Transport Evolved] that discusses the invention, below.

Continue reading “Solid State Battery From The Man Who Brought Us Lithium Ion”

$10 Raspberry Pi Zero W Adds WiFi And Bluetooth

February 28, 2017 by 168 Comments

The Raspberry Pi was born on February 29th which means we’re only three years away from its second birthday, and a new hardware release from the Pi Foundation is becoming somewhat of a tradition. This year is no different: a new Raspberry Pi has been announced. The Raspberry Pi Zero W is the latest iteration of the Pi foundation’s tiny and extremely inexpensive single board computer. It’s a Raspberry Pi Zero with WiFi and Bluetooth.

The specs of the new Pi Zero W are nearly identical to the previous incarnation of the non-W Zero. It sports a 1GHz single-core processor, 512 MB of RAM, features Mini HDMI and USB OTG ports, uses a micro USB port for power, features the now-standard 40-pin header with four additional pins for composite video and a reset button. This board, like the second hardware revision of the Pi Zero, also features a CSI camera connector.

Of course, the big feature is the addition of WiFi and Bluetooth. The Pi Zero W adds the wireless functionality from the Raspberry Pi 3B. That’s 802.11n and Bluetooth 4.0.

The Pi Zero’s claim to fame was, of course, the price. The original Pi Zero was at first a bit of hardware glued to the cover of the MagPi magazine, later to sell for just $5 USD. The Raspberry Pi Zero W is priced at just $10.

Continue reading “$10 Raspberry Pi Zero W Adds WiFi And Bluetooth”

Is Your Child A Hacker?

February 27, 2017 by 109 Comments

Parents in Liverpool, UK, are being prepared to spot the signs that their children might be hackers. The Liverpool Echo reports on the launch of a “Hackers To Heroes” scheme targeting youngsters at risk of donning a black hat, and has an expert on hand, one [Vince Warrington], to come up with a handy cut-out-and-keep list. Because you never know when you’re going to need one, and he’s helped the Government so should know what he’s talking about.

Of course, they’re talking about “Hacker” (cybercriminal) while for us the word has much more positive connotations. And it’s yet another piece of ill-informed media scaremongering about technology that probably fits like so many others in the “People are having fun. Something Must Be Done About It!” category. But it’s still something that will probably result in hassle for a few youngsters with an interest in technology, and that’s not encouraging.

The full list is reproduced below, if you’re a parent it seems you will need to watch your children if:

  1. They spend most of their free time alone with their computer
  2. They have few real friends, but talk extensively to online friends about computers
  3. Teachers say the child has a keen interest in computers, almost to the exclusion of all other subjects
  4. They’re online so much it affects their sleeping habits
  5. They use the language of hacking, with terms such as ‘DdoS’ (pronounced D-dos), Dossing, pwnd, Doxing, Bots, Botnets, Cracking, Hash (refers to a type of encryption rather than cannabis), Keylogger, Lulz, Phishing, Spoof or Spoofing. Members of the Anonymous Hackivist group refer to their attacks as ‘Ops’
  6. They refer to themselves and their friends as hackers or script kiddies
  7. They have multiple social media profiles on one platform
  8. They have multiple email addresses
  9. They have an odd sounding nickname (famous ones include MafiaBoy and CyberZeist)
  10. Their computer has a web browser called ToR (The Onion Router) which is used to access hacking forums on the dark web
  11. Monitoring tools you’ve put on the computer might suddenly stop working
  12. They can connect to the wifi of nearby houses (especially concerning if they have no legitimate reason to have the password)
  13. They claim to be making money from online computer games (many hackers get started by trying to break computer games in order to exploit flaws in the game. They will then sell these ‘cheats’ online).
  14. They might know more than they should about parents and siblings, not being able to resist hacking your email or social media
  15. Your internet connection slows or goes off, as their hacker rivals try to take them down
  16. Some circumstantial evidence suggests children with Autism and Asperger’s could be more vulnerable to becoming hackers.

Reading the list, we can’t help wondering how many Hackaday readers would recognise as perfectly normal behaviours from their own formative years. And some of them look ripe for misinterpretation, for example your internet connection slowing down does not automatically mean that little [Jimmy] is selling a billion compromised social media accounts on the Dark Web.

Particularly concerning though is the final association of computer crime with children who are autistic or have Asperger’s Syndrome. Picking on a minority as a scapegoat for a public moral panic is reprehensible, and is not responsible journalism.

Still, you have to laugh. They remembered to include a stock photo of a hacker using a keyboard, but they’ve completely missed the telltale sign of a real hacker, which is of course wr1t1n9 11k3 r341 1337 h4xxx0rzzz.

Via The Register.

Liverpool skyline, G-Man (Public domain) via Wikimedia Commons.

Audi Engineer Exposes Cheat Order

February 27, 2017 by 88 Comments

In an interesting turn of events last week in a German court, evidence has materialized that engineers were ordered to cheat emissions testing when developing automotive parts.

Last Tuesday, Ulrich Weiß brought forward a document that alleges Audi Board of Director members were involved in ordering a cheat for diesel emissions. Weiß was the head of engine development for Audi, suspended in November of 2015 but continued to draw more than half a million dollars in salary before being fired after prior to last week’s court testimony.

Volkswagen Group is the parent company of Audi and this all seems to have happened while the VW diesel emissions testing scandal we’ve covered since 2015 was beginning to come to light. Weiß testified that he was asked to design a method of getting around strict emissions standards in Hong Kong even though Audi knew their diesel engines weren’t capable of doing so legitimately.

According to Weiß, he asked for a signed order. When he received that order he instructed his team to resist following it. We have not seen a copy of the letter, but the German tabloid newspaper Bild reports that the letter claims approval by four Audi board members and was signed by the head of powertrain development at the company.

Hackaday was unable to locate any other sources reporting on the letter other than the Bild article we have linked to (also the source used in the Forbes article above). Sources such as Die Welt reference only “internal papers”. If you know of other reporting on the topic please leave a comment about it below.