Two white Chevy Bolt hatchbacks sit side-by-side, immobilized in the street, their roofs festooned with sensors and an orange cone on their hoods like a snowman's nose pointed toward the sky.

Coning Cars For Fun And Non-Profit

September 15, 2023 by Navarre Bartz 61 Comments

Self-driving cars are being heralded as the wave of the future, but there have been many hiccups along the way. The newest is activists showing how autonomous vehicles are easy to hack with a simple traffic cone.

As we’ve discussed before, self-driving cars aren’t actually that great at driving, and there are a number of conditions that can cause them to fail safe and stop in the middle of the road. Activist group Safe Street Rebel is exploiting this vulnerability by “coning” Waymo and Cruise vehicles in San Francisco. By placing a traffic cone on the vehicle’s hood in the way of the sensors and cameras used to navigate the streets, the vehicles are rendered inoperable. Continue reading “Coning Cars For Fun And Non-Profit” →

This Week In Security: Blastpass, MGM Heist, And Killer Themes

September 15, 2023 by Jonathan Bennett 7 Comments

There’s yet another 0-day exploit chain discovered as part of NSO Group’s Pegasus malware suite. This one is known as BLASTPASS, and it’s a nasty one. There’s no user interaction required, just receiving an iMessage containing a malicious PassKit attachment.

We have two CVEs issued so far. CVE-2023-41064 is a classic buffer overflow in ImageIO, the Apple framework for universal file format read and write. Then CVE-2023-41061 is a problem in the iOS Wallet implementation. Release 16.6.1 of the mobile OS addresses these issues, and updates have rolled out for macOS 11, 12, and 13.

It’s worth noting that Apple’s Lockdown mode does seem to block this particular exploit chain. Citizen Lab suggests that high-risk users of Apple hardware enable Lockdown Mode for that extra measure of security. Continue reading “This Week In Security: Blastpass, MGM Heist, And Killer Themes” →

How Three Letters Brought Down UK Air Traffic Control

September 13, 2023 by Jenny List 51 Comments

The UK bank holiday weekend at the end of August is a national holiday in which it sometimes seems the entire country ups sticks and makes for somewhere with a beach. This year though, many of them couldn’t, because the country’s NATS air traffic system went down and stranded many to grumble in the heat of a crowded terminal. At the time it was blamed on faulty flight data, but news now emerges that the data which brought down an entire country’s air traffic control may have not been faulty at all.

Armed with the official incident report and publicly available flight data, Internet sleuths theorize that the trouble was due to one particular flight: French Bee flight 731 from Los Angeles to Paris. The flight itself was unremarkable, but the data which sent the NATS computers into a tailspin came from two of its waypoints — Devil’s Lake Wisconsin and Deauville Normandy — having the same DVL identifier. Given the vast distance between the two points, the system believed it was looking at a faulty route, and refused to process it. A backup system automatically stepped in to try and reconcile the data, but it made the same determination as the primary software, so the whole system apparently ground to a halt.

It’s important to note that there was nothing wrong with the flight plan entered in by the French Bee pilots, and that early stories blaming faulty data were themselves at fault. However we are guessing that air traffic software developers worldwide are currently scrambling to check their code for this particular bug. We’re fortunate indeed that safety wasn’t compromised and only inconvenience was the major outcome.

Air traffic control doesn’t feature here too often, but we’ve previously looked at a much earlier system.

Header image: John Evans, CC BY-SA 2.0.

Logic Analyzers: Capabilities And Limitations

September 12, 2023 by Arya Voronova 12 Comments

Last time, we’ve used a logic analyzer to investigate the ID_SD and ID_SC pins on a Raspberry Pi, which turned out to be regular I2C, and then we hacked hotplug into the Raspberry Pi camera code with an external MCU. Such an exercise makes logic analyzers look easy, and that’s because they are! If you have a logic analyzer, you’ll find that a whole bunch of hacks become available to you.

In this article, let’s figure out places where you can use a logic analyzer, and places where you can’t. We’ll start with the first limitation of logic analyzers – capture speed. For instance, here’s a cool thing you can buy on Aliexpress – a wristband from TTGO that looks like a usual fitness tracker, but has an ESP32 in it, together with an IMU, an RTC, and an IPS screen! The seller also has an FFC-connectable devboard for programming this wristband over UART, plus vibromotor and heartrate sensor expansion modules.

You can run C, MicroPython, Rust, JavaScript, or whatever else – just remember to bring your own power saving, because the battery is super small. I intended to run MicroPython on it, however, and have stumbled upon a problem – the ST7735-controller display just wouldn’t work with the st7735.py library I found; my image would be misaligned and inverted.

The specifications didn’t provide much other than “ST7735, 80×160”. Recap – the original code uses an Arduino (C++) ST7735 library and works well, and we have a MicroPython ST7735 library that doesn’t. In addition to that, I was having trouble getting a generic Arduino ST7735 library to work, too. Usually, such a problem is caused by the initialization commands being slightly different, and the reason for that is simple – ST7735 is just the name of the controller IC used on the LCD panel.

Each display in existence has specifics that go beyond the controller – the pixels of the panel could be wired up to the controller in a bunch of different ways, with varying offsets and connection types, and the panel might need different LCD charge pump requirements – say, depending on the panel’s properties, you might need to write 0x10 into a certain register of the ST7735, or you will need 0x40. Get one or more of these registers wrong, and you’ll end up with a misaligned image on your display at best, or no output at worst. Continue reading “Logic Analyzers: Capabilities And Limitations” →

An array of 2D barcodes stored on a ceramic medium. Each 2D barcode is 25 micrometers wide.

Cerabyte: One Terabyte Per Square Centimeter

September 8, 2023 by Julian Scheffers 45 Comments

Most of us will at one point have run out of storage and either had to buy a larger driver or delete some of those precious files. This problem can happen to data centers, too, with the ever-increasing amount of data stored on servers across the world. [Cerabyte] aims to fix this, with their ceramic-based media promising 1 TB/cm² of areal density.

To put into perspective just how much better this density is, we can compare it against SSDs and hard drives. At the time of writing, the densest SSD (NAND flash storage) is claimed to be 0.1825 TB/cm² and the densest hard drive is claimed to be 0.1705 TB/cm², which means 5.48 times and 5.87 times more dense respectively. The density improvement doesn’t end there — both an SSD and a single HDD platter might be a couple millimeters tall, while a [Cerabyte] layer claims to be merely 50 atoms tall.

[Cerabyte] aims to create 10 PB (10,000 TB) and later 1 EB (1,000,000 TB) racks with their technology, a feat difficult to achieve with mere hard drives. The ceramic-based media is written to using lasers and read from with a microscope, though throughput is limited to a “mere” 1 GB/s, which means filling that one rack could take as long as 110 days. Despite the relatively slow access times, we think this new storage technology is impressive, assuming [Cerabyte] succeeds.

Do you need so much storage that even [Cerabyte] can’t satisfy your needs? Simply use YouTube as infinite storage!

Will RadioShack Return?

September 8, 2023 by Al Williams 145 Comments

We suspect that if you want to write a blockbuster movie or novel, the wrong approach is to go to a studio or publisher and say, “I have this totally new idea that is like nothing you’ve ever seen before…” Even Star Trek was pitched to the network as “Wagon Train to the stars.” People with big money tend to want to bet on things that have succeeded before, which is why so many movies are either remakes or Star Trek XXII: The Search for 4 PM Dinner Specials. Maybe that’s what the El Salvador-based Unicomer Group had in mind when they bought one of our favorite brands, RadioShack. They are reportedly planning a major comeback for the beleaguered brand both online and in the physical world.

In all fairness, the Shack may be better in our memories than in our realities. It was handy to stop off and pick up a coax connector, even if it cost three times the going rate for one. There was a time when RadioShack offered reasonable parts for projects, and it seems like near the end, they tried to hit that target again, but for many years, you could not find the typical parts for a modern project there anyway. However, Unicomer isn’t just a random group of investors.

Continue reading “Will RadioShack Return?” →

This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack

September 8, 2023 by Jonathan Bennett 8 Comments

There has been a rash of cryptocurrency thefts targeting some unexpected victims. Over $35 million has been drained from just over 150 individuals, and the list reads like a who’s-who of the least likely to fall for the normal crypto scams. There is a pattern that has been noticed, that almost all of them had a seed phrase stored in LastPass this past November when the entire LastPass database was breached.

The bulletproof security of the LastPass system depends in part on the rate limiting of authenticating with the LastPass web service. Additionally, accounts created before security improvements in 2018 may have had master passwords shorter than 12 characters, and the hash iterations on those accounts may have been set distressingly low. Since attackers have had unrestricted access to the database, they’ve been able to run offline attacks against accounts with very low iterations, and apparently that approach has been successful.

Microsoft’s Signing Key

You may remember a story from a couple months ago, where Microsoft found the Chinese threat group, Storm-0558, forging authentication tokens using a stolen signing key. There was a big open question at that point, as to how exactly an outside group managed to access such a signing key.

This week we finally get the answer. A crash log from 2021 unintentionally included the key, and Microsoft’s automated redaction system didn’t catch it. That crash dump was brought into development systems, and an engineer’s account was later accessed by Storm-0558. That key should not have worked for enterprise accounts, but a bug in a Microsoft key validation allowed the consumer systems key to work for enterprise accounts. Those issues have been fixed, but after quite a wild ride. Continue reading “This Week In Security: LastPass Shoe Drops, Keys Lost, And Train Whistles Attack” →