News

3660 Articles

The NSA’s Furby Artificial Intelligence Scare: FOIA Documents Provide Insight

January 25, 2024 by 24 Comments

For those of us who were paying a modicum of attention to the part of the news around 1999 which did not involve the imminent demise of humanity due to the Y2K issue, a certain toy called a ‘Furby’ was making the headlines. In addition to driving parents batty, it also gave everyone’s favorite US three-letter agency a scare, with it being accused of being both a spying tool and equipped with an advanced artificial intelligence chip. Courtesy of a recent Freedom of Information Act (FOIA) request we now have the low-down on what had the NSA all atwitter.

In a Twitter thread (Nitter) user [dakotathekat] announced the release, which finally answered many questions about the NSA’s on-premises ban of Furbys (or Furbees if you’re Swedish). The impression one gets is that this ‘Furby ban’ was primarily instated out of an abundance of caution, as unauthorized recording devices of any kind are strictly forbidden on NSA premises. With nobody at the NSA apparently interested in doing a teardown of a Furby to ascertain its internals, and the careful balance between allowing children’s toys on NSA grounds versus the risk of a ‘Furbygate’, a ban seemed the easy way out. Similarly, the FAA saw fit to also make people turn their Furbys off like all other electronic devices.

The original Furby toys did not have anything more complex inside of them than a 6502-derived MCU and a Ti TSP50C04 IC for speech synthesis duties, with the supposed ‘learning’ process using a hardcoded vocabulary that gradually replaced its default gibberish with English or another target language.

DB Cooper Case Could Close Soon Thanks To Particle Evidence

January 23, 2024 by 47 Comments

It’s one of the strangest unsolved cases, and even though the FBI closed their investigation back in 2016, this may be the year it cracks wide open. On November 24, 1971, Dan Cooper, who would become known as DB Cooper due to a mistake by the media, skyjacked a Boeing 727 — Northwest Orient Airlines Flight 305 — headed from Portland to Seattle.

During the flight, mild-mannered Cooper coolly notified a flight attendant sitting behind him via neatly-handwritten note that he had a bomb in his briefcase. His demands were a sum of $200,000 (about $1.5 M today) and four parachutes once they got to Seattle. Upon landing, Cooper released the passengers and demanded that the plane be refueled and pointed toward Mexico City with him and most of the original crew aboard. But around 30 minutes into the flight, Cooper opened the plane’s aft staircase and vanished, parachuting into the night sky.

In the investigation that followed, the FBI recovered Cooper’s clip-on tie, tie clip, and two of the four parachutes. While it’s unclear why Cooper would have left the tie behind, it has become the biggest source of evidence for identifying him. New evidence shows that a previously unidentified particle on the tie has been identified as “titanium smeared with stainless steel”.

Continue reading “DB Cooper Case Could Close Soon Thanks To Particle Evidence”

Bell Labs Is Leaving The Building

January 22, 2024 by 21 Comments

If you ever had the occasion to visit Bell Labs at Murray Hill, New Jersey, or any of the nearby satellite sites, but you didn’t work there, you were probably envious. For one thing, some of the most brilliant people in the world worked there. Plus, there is the weight of history — Bell Labs had a hand in ten Nobel prizes, five Turing awards, 22 IEEE Medals of Honor, and over 20,000 patents, including several that have literally changed the world. They developed, among other things, the transistor, Unix, and a host of other high-tech inventions. Of course, Bell Labs hasn’t been Bell for a while — Nokia now owns it. And Nokia has plans to move the headquarters lab from its historic Murray Hill campus to nearby New Brunswick. (That’s New Jersey, not Canada.)

If your friends aren’t impressed by Nobels, it is worth mentioning the lab has also won five Emmy awards, a Grammy, and an Academy award. Not bad for a bunch of engineers and scientists. Nokia bought Alcatel-Lucent, who had wound up with Bell Labs after the phone company was split up and AT&T spun off Lucent.

Continue reading “Bell Labs Is Leaving The Building”

Haier Europe Eases Off On Legal Threat And Seeks Dialogue

January 22, 2024 by 42 Comments

After initially sending a cease and desist order to [Andre Basche] – the developer of a Haier hOn plugin for Home Assistant – Haier Europe’s head of Brand and IoT has now penned a much more amicable response, seeking to enter into dialogue in search of a solution for both parties.

This latest development is detailed both in the ongoing GitHub issue, as well as the Takedown FAQ and Timeline document that [Andre] created to keep track of everything that’s going on since we last checked in on the situation. As things stand, there is hope that Haier Europe may relent, especially as the company’s US division has shown no inclinations to join in on the original C&D.

In the confusion following the initial C&D announcement demanding the take-down of [Andre]’s hOn-related repositories, it was not clear to many which Haier was involved. As it turns out, Haier Europe as a separately legal entity apparently decided to go on this course alone, with Haier US distancing themselves from the issue. In that same Reddit thread it’s noted that GE Appliances (part of Haier US) has had a local API available for years. This makes Haier Europe the odd one out, even as they’re attempting some damage control now.

Amidst this whirlwind of developments, we hope that Haier Europe can indeed reach an amicable solution with the community, whether it’s continued API usage, or the development of a local API.

This Week In Security: Gitlab, VMware, And PixeFAIL

January 19, 2024 by 3 Comments

There’s a Gitlab vulnerability that you should probably pay attention to. Tracked as CVE-2023-7028, this issue allows an attacker to specify a secondary email during a the password reset request. Only one email has to match the one on record, but the password reset link gets sent to both emails. Yikes!

What makes this worse is there is already a Proof of Concept (PoC) released, and it’s a trivial flaw. In an HTTP/S post containing the password reset request, just include two email addresses. Thankfully, a fix is already out. Versions 16.7.2, 16.6.4, and 16.5.6 contain this patch, as well as fixes for a flaw that allowed sneaking unauthorized changes into a previously approved merge request, and an issue with Slack and Mattermost where slash commands could be spoofed.

VMware

We don’t want to over-dramatise this vulnerability, but VMware is calling it an emergency. This one affects VMware vRealize and Aria Automation. According to the the CVSS calculator, it’s a low complexity network flaw, but does require at least some privileges. Hopefully more information will come out about this vulnerability, but for now that’s about all we know.

Continue reading “This Week In Security: Gitlab, VMware, And PixeFAIL”

Haier Threatens Legal Action Against Home Assistant Plugin Developer

January 19, 2024 by 109 Comments

Appliance manufacturer Haier has been integrating IoT features into their newer products, and as is so common these days, users are expected to install their “hOn” mobile application to access them. Not satisfied with that limitation, [Andre Basche] reverse engineered the protocol used by the app, and released a Python library and associated Home Assistant plugin to interface with a wide array of Haier appliances, which includes brands like Hoover, Candy, GE Appliances and others.

Unfortunately, it looks like his efforts have gotten him into a bit of legal hot water. In an issue recently opened on the project’s GitHub page, [Andre] explains the circumstances and legal options that have led him to consider pulling the repositories completely — mostly due to the cost of mounting a legal defense to the cease & desist from Haier Europe.

What’s ironic here is that Haier has been part of the Connectivity Standard Alliance (CSA) since 2022, whose goal is to ‘promote universal open IoT standards’, including Matter.

It’s possible that a legal defense will be mounted against this C&D from Haier within the coming days. Yet regardless of the outcome here, it remains problematic that these IoT-enabled Haier appliances are connected to the Haier servers. Ideally they would be controlled locally, which is the goal of projects like [Miguel Ángel López Vicente]’s ESP Haier, that uses an ESP8266 to connect Haier AC units to the local WiFi and e.g. HA instances, all without requiring internet access.

This is sadly just one more example of why building your own off-line smart home can be such an incredible struggle.

Thanks to [Ar3itrary] for the tip.

Crippled Peregrine Lander To Make Fiery Return Home

January 18, 2024 by 9 Comments

Within a few hours of this post going live, Astrobotic’s Peregrine spacecraft is expected to burn up in the Earth’s atmosphere — a disappointing end to a mission that was supposed to put the first US lander on the Moon since the Apollo program ended in 1972.

In their twentieth mission update since Peregrine was carried into space on the inaugural flight of the United Launch Alliance Vulcan Centaur rocket, Astrobotic explains that the craft has been put on a trajectory designed to ensure it breaks up over a remote area of the South Pacific.

Predicted re-renty point for the Peregrine lander.

It was previously hoped the lander, which suffered a severe system malfunction just hours after liftoff, could have at least made a close pass of the Moon in lieu of touching down. But mission controllers felt the more responsible approach was to have Peregrine make a controlled re-entry while they still had the ability to maneuver it. The alternative, allowing the craft to remain in an uncontrolled orbit between the Earth and Moon, could potentially have caused problems for future Artemis missions.

Over the last ten days, ground controllers at Astrobotic have been working to piece together what happened to the doomed lander, while at the same time demonstrating a remarkable level of transparency by keeping the public informed along the way. It’s now believed that the stream of gas being expelled from a rupture in one of the craft’s propellant tanks was acting as a sort of impromptu thruster. This not only made the craft difficult to keep oriented, but also wasted the propellants that were necessary to perform a soft landing on the lunar surface.

Although the craft was eventually brought under control, the damage to the mission had already been done. While this obviously isn’t the ending that Astrobotic was hoping for, we have no doubt that the company collected valuable data during the craft’s flight through space, which took it approximately 390,000 kilometers (242,000 miles) from Earth.

As for us space nerds, we won’t have to wait long before another lunar lander makes its attempt. Japan’s Smart Lander for Investigating Moon (SLIM) should be touching down at around 10 AM Eastern on Friday (YouTube Live Stream), and the Nova-C lander from Intuitive Machines is scheduled to be launched aboard a Falcon 9 rocket sometime next month.