Why Stealing A Car With Flipper Zero Is A Silly Idea

In another regular installment of politicians making ridiculous statements about technology, Canada’s Minister of Innovation, Science and Industry, [François-Philippe Champagne], suggested banning Flipper Zero and similar devices from sale in the country, while accusing them of being used for ‘stealing cars’ and similar. This didn’t sit right with [Peter Fairlie] who put together a comprehensive overview video of how car thieves really steal cars. Perhaps unsurprisingly, the main method is CAN bus injection, for which a Flipper Zero is actually a terribly clumsy device. Rather you’d use a custom piece of kit that automates the process.

You can also find these devices being sold all over the internet as so-called ‘Emergency Start’ devices for sale all over the internet, all of which use weaknesses in the car’s CAN bus network. The common problem appears to be that with these days even the lights on the car being part of the CAN network, an attacker can gain access for injection purposes. This way no key fob is needed, and the ignition system can be triggered with the usual safeties and lockouts being circumvented.

Ultimately, although the Flipper Zero is a rather cutesy toy, it doesn’t do anything that cannot be done cheaper and more effectively by anyone with a bit of CAN bus knowledge and a disregard for the law.

Thanks to [Stephen Walters] for the tip.

Continue reading “Why Stealing A Car With Flipper Zero Is A Silly Idea”

Apple Pushes Back On Right To Repair Bill Due To Parts Pairing

After previously supporting one in California, Apple has made an about-face and is now pushing back against a “Right to Repair” bill (Senate Bill 1596) currently under consideration in Oregon. The reason for this appears to be due to this new bill making parts pairing illegal, as reported by [404media] and [PCMag].

The practice of parts pairing is becoming ever more prevalent with Apple devices, which links specific parts of a system such as cameras, displays, batteries, and fingerprint sensors to the mainboard. During the open hearing on the newly proposed Oregonian bill, Apple’s [John Perry] insisted that this parts pairing is done for user security, safety and privacy.

Even in we take that claim at face value, the fact remains that with parts pairing in place, only authorized Apple repair centers can routinely replace components — while user repairs are limited to specific devices with limited part availability. Even in the latter case the user still has to contact Apple to have them reauthorize the replaced part. This is becoming an issue with Apple’s MacBooks as well, where the lid angle sensor requires calibration using a proprietary tool.

During the same hearing, the director of an Oregon nonprofit organization noted that of the 15,000 iPhones which they had donated to them last year, only 300 could be refurbished due to parts pairing. The remainder of otherwise perfectly fine phones are discarded for recycling, which is terrible for everyone but Apple. Whether the parts pairing element of the bill survives it to the final form remains to be seen, but if it passes it’d set the trend for future bills in other states as well as amendments to existing ones.

Thanks to [paulvdh] for the tip.

Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough

Defending an area against incoming missiles is a difficult task. Missiles are incredibly fast and present a small target. Assuming you know they’re coming, you have to be able to track them accurately if you’re to have any hope of stopping them. Then, you need some kind of wonderous missile of your own that’s fast enough and maneuverable enough to take them out.

It’s a task that at times can seem overwhelmingly impossible. And yet, the devastating consequences of a potential nuclear attack are so great that the US military had a red hot go anyway. In the 1970s, America’s best attempt to thwart incoming Soviet ICBMs led to the development of the Sprint ABM—a missile made up entirely of improbable numbers.

Continue reading “Sprint: The Mach 10 Magic Missile That Wasn’t Magic Enough”

Understanding Deep Learning: Free MIT Press EBook For Instructors And Students

The recently published book Understanding Deep Learning by [Simon J. D. Prince] is notable not only for focusing primarily on the concepts behind Deep Learning — which should make it highly accessible to most — but also in that it can be either purchased as a hardcover from MIT Press or downloaded for free from the Understanding Deep Learning website. If you intend to use it for coursework, a separate instructor answer booklet and other resources can be purchased, but student resources like Python notebooks are also freely available. In the book’s preface, the author invites readers to send feedback whenever they find an issue.

Continue reading “Understanding Deep Learning: Free MIT Press EBook For Instructors And Students”

Canada Bans Flipper Zero Over What It Imagines It Does

Canada’s intent to ban the Flipper Zero wireless tool over car thefts is, on the one hand, an everyday example of poorly researched government action. But it may also be a not-so-subtle peek into the harm misinformation online can cause by leading to said government action.

The Government of Canada recently hosted a national summit on combatting vehicle theft, and Minister of Innovation, Science and Industry François-Philippe Champagne proudly declared immediate actions being taken to ban devices used to steal vehicles by wirelessly bypassing keyless entry, the Flipper Zero being specifically named as one such device.

And yet, defeating a rolling code keyless entry system is a trick a device like the Flipper Zero simply cannot pull off. (What cars have such a system? Any car made in roughly the last thirty years, for a start.)

Continue reading “Canada Bans Flipper Zero Over What It Imagines It Does”

NIF’s Laser Fusion Experiment’s Energy Gain Passes Peer Review

Back in December of 2022, a team of researchers at the USA’s National Ignition Facility (NIF) announced that they had exceeded ‘scientific breakeven’ with their laser-based inertial confinement fusion (ICF) system. Their work has now been peer-reviewed and passed scrutiny, confirming that the energy put into fusing a small amount of deuterium-tritium fuel resulted in a net gain (Q) of 1.5.

Laser Bay 2, one of NIF's two laser bays
Laser Bay 2 at the NIF.

The key take-away here of course remains that ICF is not a viable method of producing energy, as we detailed back in 2021 when we covered the 1.3 MJ yield announcement, and again in 2022 following the subject of this now completed peer review.  The sheer amount of energy required to produce the laser energy targeting the fuel capsule and loss therein, as well as the energy required to manufacture each of these fuel capsules (Hohlraum) and sustaining a cycle make it a highly impractical proposition for anything except weapons research.

Despite this, it’s good to see that the NIF’s ICF research is bearing fruit, even if for energy production we should look towards magnetic confinement fusion (MCF), which includes the many tokamaks active today like Japan’s JT-60SE, as well as stellarators like Germany’s Wendelstein 7-X and other efforts to make MCF a major clean-energy source for the future.

This Week In Security: Broken Shims, LassPass, And Toothbrushes?

Linux has a shim problem. Which naturally leads to a reasonable question: What’s a shim, and why do we need it? The answer: Making Linux work wit Secure Boot, and an unintended quirk of the GPLv3.

Secure Boot is the verification scheme in modern machines that guarantees that only a trusted OS can boot. When Secure Boot was first introduced, many Linux fans suggested it was little more than an attempt to keep Linux distros off of consumer’s machines. That fear seems to have been unwarranted, as Microsoft has dutifully kept the Linux Shim signed, so we can all run Linux distros on our Secure Boot machines.

So the shim. It’s essentially a first-stage bootloader, that can boot a signed GRUB2 or other target. You might ask, why can’t we just ask Microsoft to sign GRUB2 directly? And that’s where the GPLv3 comes in. That license has an “anti-tivoization” section, which specifies “Installation Information” as part of what must be provided as part of GPLv3 compliance. And Microsoft’s legal team understands that requirement to apply to even this signing process. And it would totally defeat the point of Secure Boot to release the keys, so no GPLv3 code gets signed. Instead, we get the shim.

Now that we understand the shim, let’s cover how it’s broken. The most serious vulnerability is a buffer overflow in the HTTP file transfer code. The buffer is allocated based on the size in the HTTP header, but a malicious HTTP server can set that value incorrectly, and the shim code would happily write the real HTTP contents past the end of that buffer, leading to arbitrary code execution. You might ask, why in the world does the shim have HTTP code in it at all? The simple answer is to support UEFI HTTP Boot, a replacement for PXE boot.

The good news is that this vulnerability can only be triggered when using HTTP boot, and only by connecting to a malicious server or via a man-in-the-middle attack. With this in mind, it’s odd that this vulnerability is rated a 9.8. Specifically, it seems incorrect that this bug is rated low complexity, or a general network attack vector. In Red Hat’s own write-up of the vulnerability, they argue that the exploitation is high complexity, and is only possible from an adjacent network. There were a handful of lesser vulnerabilities found, and these were all fixed with shim 15.8. Continue reading “This Week In Security: Broken Shims, LassPass, And Toothbrushes?”