The USAF (Almost) Declares War On Illinois Radio Amateurs

Every week the Hackaday editors gather online to discuss the tech stories of the moment, and among the topics this week was the balloons shot down over North America that are thought to be Chinese spying devices. Among the banter came the amusing thought that enterprising trolls on the Pacific rim could launch balloons to keep the fearless defenders of American skies firing off missiles into the beyond.

But humor may have overshadowed by events, because it seems one of the craft they shot down was just that. It wasn’t a troll though, the evidence points to an amateur radio pico balloon — a helium-filled Mylar party balloon with a tiny solar-powered WSPR transmitter as its payload.

The balloon thought to have been shot down was launched by the Northern Illinois Bottlecap Balloon Brigade, a group of radio amateurs who launch small helium-filled Mylar balloons carrying the barest minimum for a solar-powered WSPR beacon. Its callsign was K9YO, and having circumnavigated the globe seven times since its launch on the 10th of October it was last seen off Alaska on February 11th. Its projected course and timing tallies with the craft reported shot down by the US Air Force, so it seems the military used hundreds of thousands of dollars-worth of high-tech weaponry to shoot down a few tens of dollars worth of hobby electronics they could have readily tracked online. We love the smell of napalm in the morning!

Their website has a host of technical information on the balloons and the beacons, providing a fascinating insight into this facet of amateur radio that is well worth a read in itself. The full technical details of the USAF missile system used to shoot them down, sadly remains classified.

This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs

There is vulnerability in many Hyundai and Kia vehicles, where the ignition switch can be bypassed with a USB cable. And it’s getting a patch rollout right now, but it’s not a USB vulnerability, in quite the way you might think. In most cars, the steering column is easily disassembled, but these vehicles have an extra-bad design problem. The ignition cylinder can be disassembled while locked, just by depressing a pin.

Physical security has some parallels to computer security, and one such parallel is that good security can often be bypassed by a simple mistake. When it comes to lock design, one such potential bypass is the ability to disassemble a lock while it’s still locked. And somehow, Kias after 2010, and Hyundais after 2015 were made with exactly this flaw. The lock could be disassembled, and the interface between the lock and the ignition switch just happens to be the right shape and size for USB A. Oh, and these cars don’t have an engine immobilizer — there isn’t a chip built into the keys for extra security.

The problem became widespread late last year when the flaw went viral on TikTok, and thousands of copycat crimes were inspired. Beyond the obvious problem, that teenagers were getting an early start on a life of crime with grand theft auto, there were at least 8 deaths directly attributed to the inane stunt. And this brings us back to this week’s news, that a software update is rolling out to address the issue.

Honestly, I have questions. A software update doesn’t add in-key security chips. At best, it could attempt to detect the key position, and sabotage the engine management control, in an ad-hoc immobilizer. That’s likely a paper clip-turned-jumper away from being bypassed. The other new feature, doubling the alarm time from 30 second to a minute, doesn’t inspire much confidence. Hopefully the changes are enough to kill the trend. Continue reading “This Week In Security: USB Cable Kia, Reddit, And Microsoft RCEs”

Virgin Orbit’s First UK Launch Attempt: What Went Wrong

A month ago there was disappointment as Virgin Orbit’s first attempt at a space launch from the United Kingdom using its converted Boeing 747 airliner platform failed to achieve orbit. Now with the benefit of a lot of telemetry analysis the company have released their findings, which conclude that a fuel filter within the second stage became dislodged. The resulting fuel starvation was enough to cause the engine to receive insufficient cooling and overheat, bringing the mission to a premature end.

As we said at the time, the interesting part of the launch, midair from the 747, appears to have gone flawlessly. Space exploration is hard, and we are confident that they’ll fix any fuel filter mounting issues on future launches and be placing payloads in orbit for their customers soon afterwards. The whole program has seen significant news coverage in the UK where the craft has its base, and those of us in that environ will no doubt see it portrayed locally as a matter of national pride. The truth however will be that it flies on the talents of engineers from all corners of the world. We’ll be watching out next time, and look forward to a successful mission.

Header: Österreichisches Weltraum Forum, CC BY-SA 4.0.

Citizen Science Finds Prehistoric Burial Mounds

What do you do when you have a lot of LiDAR data and not enough budget to slog through it? That’s the problem the Heritage Quest project was faced with — they had 600,000 LiDAR maps in the Netherlands and wanted to find burial mounds using the data. By harnessing 6,500 citizen scientists, they were able to analyze the data and locate over 1,000 prehistoric burial mounds, including many that were previously unknown, along with cart tracks, kilns, and other items of archaeological interest.

The project used Zooniverse, a site we’ve mentioned before, to help train volunteers to analyze data. The project had at least 15 volunteers examining each map. The sites date between 2,800 and 500 BC. Archaeologists spent the summer of 2021 verifying many of these digital finds. They took samples from 300 sites and determined that 80 of them were previously unknown. They estimate that the total number of sites found by the volunteers could be as high as 1,250.

This is a great example of how modern technology is changing many fields and the power of citizen science, both topics we always want to hear more about. We’ve seen NASA tapping citizen scientists, and we’ve even seen high school students building research buoys. So if you’ve ever wanted to participate in advancing the world’s scientific knowledge, there’s never been a better time to do it.

Screenshot of KiCad 7 feature that lets you overlay a PCB bitmap image and draw traces over it, being used for board reverse-engineering purposes

KiCad 7.0.0 Is Here, Brings Trove Of Improvements

Yesterday, the KiCad team has released KiCad 7.0.0 – a surprise for those of us who have only gotten used to the wonders of KiCad 6, and it’s undoubtedly a welcome one! Some of these features, you might’ve seen mentioned in the KiCad 2022 end-of-year recap, and now, we get to play with them in a more stable configuration. There’s a trove of features and fixes for all levels of KiCad users, beginners, hobbyists and professionals alike – let’s start with some that everyone can appreciate! Continue reading “KiCad 7.0.0 Is Here, Brings Trove Of Improvements”

Ban On Physical Mail Slated For NYC Jails, Which Could Go Digital Instead

Prison is a scary place, very much by design. It’s a place you end up when convicted of crimes by the judicial system, or in some cases, if you’re merely awaiting trial. Once you go in as a prisoner, general freedom and a laundry list of other rights are denied to you. New York City is the latest in a long list of municipalities looking to expand that list to include a ban on inmates receiving physical mail.

To achieve this, prisons across the US are instead switching to digital-only systems, which would be run by a private entity. Let’s look at the how, what, and why of this contentious new idea.

Continue reading “Ban On Physical Mail Slated For NYC Jails, Which Could Go Digital Instead”

Deciphering Queen Of Scots, Mary Stuart’s Lost Letters

First part of the cypher used by Mary Stuart and Castelnau, showing the use of homophones, special characters and more. (Credit: Lasry et al., 2023)
First part of the cypher used by Mary Stuart and Castelnau, showing the use of homophones, special characters and more. (Credit: Lasry et al., 2023)

Communications by important people over the past thousands of years have been regularly encrypted, making the breaking of this encryption both an essential and also a fascinating historical field. One recent example of an important historical discovery by codebreakers are letters dating back to 1578 through 1584 by Mary Stuart, the Queen of Scots in the 16th century. While deemed lost for centuries, researchers came across them in a stash of encrypted letters that were kept at the Bibliothèque nationale de France’s (BnF). After decrypting these 57 letters, they realized what they had come across.

Even in digitized form, they could not simply be OCRed, leaving the researchers to manually transcribe each character into the software they used to assist with the decrypting. Only during the decrypting process, they began to realize that these were not Italian communications – matching the rest of the collection of which they were part – but in fact letters by Mary and her allies. Of the 57 letters, 54 are from Mary to Castelnau, the French ambassador in London at the time.

Supporting evidence for these decrypted letters being from Mary and Castelnau came from British archives, which had clear text versions of some of the encrypted letters, dated to the years when a mole within the French embassy was leaking translated texts to the English, as part of the usual political pastime during those centuries of getting onto thrones and making other people leave them. Mary’s attempt to become not only the Queen of Scots but also Queen of England came to a tragic end with her execution in 1587 after a politically motivated show trial.

The software the researchers used primarily is called CrypTool 2, which is an open-source project that provides cryptoanalysis and related functionality. The access to the documents themselves was enabled via the DECRYPT project, resources which taken together enables virtually anyone to undertake such historical sleuthing from the comfort of their own home.

(Thanks to [Stephen Walters] for the tip)