News

3651 Articles

Voyager 1 In Trouble As Engineers Scramble To Debug Issue With Flight Data System

December 12, 2023 by 45 Comments

Recently the team at JPL responsible for communication with the Voyager 1 spacecraft noticed an issue with the data it was returning from the Flight Data System (FDS). Although normally the FDS is supposed to communicate with the other subsystems via the telecommunications unit (TMU), this process seems to have broken down, resulting in no payloads from the scientific instruments or engineering sensors being returned any more, just repeating binary patterns. So far the cause of this breakdown is unknown, and JPL engineers are working through potential causes and fixes.

This situation is not unlike a similar situation on Voyager 2 back in 2010 when the returned data showed a data pattern shift. Here resetting the memory of the FDS resolved the garbled data issue and the engineers could breathe a sigh of relief. This time the fix does not appear so straightforward, as a reset of the FDS on Voyager 1 did not resolve the issue with, forcing the team to consider other causes. What massively complicates the debugging is that each transmission to and from the spacecraft takes approximately 22.5 hours each way, making for an agonizing 45 hour wait to receive the outcome of a command.

We wish the JPL engineers involved all the luck in the world and keep our collective appendages crossed for Voyager 1.

Nanobots Self Replicate

December 9, 2023 by 11 Comments

Hey, what if you could have a factory that makes robots that is run by… robots? This is hardly an original thought, but we are a long way from having an assembly line of C3POs self-replicating. On the other hand, animals — including humans — self-replicate all the time using DNA. Now, scientists are making tiny nanorobots from DNA that can assemble more DNA, including copies of themselves.

Assembling 3D structures with DNA has deep implications. For example, it might be possible to build drugs in situ, delivering powerful toxins only to cancer cells. Another example would be putting DNA factories in diabetes patients to manufacture the insulin they can’t.

Continue reading “Nanobots Self Replicate”

This Week In Security: LogoFail, National DNS Poison, And DNA

December 8, 2023 by 3 Comments

When there’s a vulnerability in a system library, we install updates, and go on with our lives. When there’s a vulnerability in a Java library, jars get rebuilt, and fixed builds slowly roll out. But what happens when there’s a vulnerability in a library used in firmware builds? And to make it even more fun, it’s not just a single vulnerability. All three major firmware vendors have problems when processing malicious images. And LogoFail isn’t limited to x86, either. UEFI Arm devices are vulnerable, too.
Continue reading “This Week In Security: LogoFail, National DNS Poison, And DNA”

The Latest John Deere Repair Lawsuit Now Has The Go-Ahead

December 8, 2023 by 50 Comments

Long time readers will have followed the twists and turns of the John Deere repair saga, in which the agricultural machinery manufacturer has used DRM to restrict the repair of its tractors. It may be hot stuff on the prairies, but it matters to everyone because it’s a key right-to-repair battleground. Now the company’s attempt to throw out the latest class-action lawsuit, this time in Illinois. has failed, paving the way for a meaningful challenge.

This lawsuit is special because has the aim of determining whether or not Deere conspired to drive up the cost of repair and edge out independent mechanics. It comes against a backdrop in which their promised access to repair software which we reported on back in January has failed to materialize, and this is likely to figure as an act of bad faith.

A failing of corporate culture is that the organisation can in its own eyes, never be wrong. In Deere’s case they have accrued plenty of bad publicity in the years they’ve pursued this ill-advised business model, and in case that weren’t enough they’ve alienated their core customers out on the farms to the extent that a second-hand Deere from before the DRM era has more value than its newer counterparts. Deere genuinely do make very good tractors, so for farmers loyal for generations to turn their backs on them is a very significant story indeed. One has to ask, how much bad publicity and how many lawsuits do they have to have before someone at head office in Moline figures out that DRM in tractors (or anything else for that matter) isn’t the great idea they once thought it was? Maybe this one will finally herald the moment when that happens.

Header image: Nheyob / CC BY-SA 4.0

An image of the inside of a vehicle wheel. An outer ring gear is attached to two articulated sets of three small helical gears attached to a central sun gear. A shaft from the right side enters into the sun gear.

A Revolution In Vehicle Drivetrains?

December 6, 2023 by 47 Comments

Power delivery in passenger vehicle drivetrains hasn’t changed much since the introduction of the constant velocity (CV) joint in the 1930s. Most electric vehicles still deliver power via the same system used by internal combustion cars. Hyundai/Kia has now revealed a system they think will provide a new paradigm with their Universal Wheel Drive System (Uni Wheel). [via Electrek]

What appears at first to be a hub motor is in fact a geared wheel that keeps the motor close without the problem of high unsprung weight. Power is fed into a sun gear which can move independently of the wheel allowing the system to maintain a more consistent driveline and avoid power variability over the range of suspension travel like you’d find in a CV joint experiencing high deflection.

We have some concerns about the durability of such a system when compared with the KISS and long development history of CV joints, but we can’t deny that moving the motors of an electric vehicle out to the corners would allow more packaging flexibility for the cargo and passenger areas. We’re also excited to see open source replicas make their way into smaller robotics projects now that the images have been released. If you’ve already made one in CAD, send us a tip at tips@hackaday.com.

Looking for more interesting innovations in electric cars? How about an off-grid camper van? If you think automakers are overcomplicating something that should be simple, read the Minimal Motoring Manifesto.

Continue reading “A Revolution In Vehicle Drivetrains?”

Update On The BLUFFS Bluetooth Vulnerability

December 2, 2023 by 14 Comments

As we first reported in yesterday’s weekly security post, researchers at EURECOM have revealed the details (PDF, references) of a new man-in-the-middle (MITM) attack on Bluetooth 4.2 through 5.4, which has been assigned CVE-2023-24023. Like preceding CVEs, it concerns the session authentication between Bluetooth devices, where the attacker uses spoofed paired or bonded devices to force the use of a much shorter encryption key length.

The name of this newly discovered vulnerability is BLUFFS (Bluetooth Forward and Future Secrecy), where forward and future secrecy are important terms that refer to the protection of secure sessions against compromise in the past (forward, FoS) and future (FuS). The CVE presentation notes that the Bluetooth specification does not cover either FuS or FoS. In total two new architectural vulnerabilities were discovered, both of which attack the security key.

The Bluetooth SIG has released a statement regarding this attack method. Although serious, it would seem that the core issue is that some implementations allow for encryption key lengths below 7 octets:

Continue reading “Update On The BLUFFS Bluetooth Vulnerability”

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints”