This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6

Some weeks are slow, and the picking are slim when discussing the latest security news. This was not one of those weeks.

First up is Fragattacks, a set of flaws in wireless security protocols, allowing unauthenticated devices to inject packets into the network, and in some cases, read data back out. The flaws revolve around 802.11’s support for packet aggregation and frame fragmentation. The whitepaper is out, so let’s take a look.

Fragmentation and aggregation are techniques for optimizing wireless connections. Packet aggregation is the inclusion of multiple IP packets in a single wireless frame. When a device is sending many small packets, it’s more efficient to send them all at once, in a single wireless frame. On the other hand, if the wireless signal-to-noise ratio is less than ideal, shorter frames are more likely to arrive intact. To better operate in such an environment, long frames can be split into fragments, and recombined upon receipt.

There are a trio of vulnerabilities that are built-in to the wireless protocols themselves. First up is CVE-2020-24588, the aggregation attack. To put this simply, the aggregation section of a wireless frame header is unauthenticated and unencrypted. How to exploit this weakness isn’t immediately obvious, but the authors have done something clever.

First, for the purposes of explanation, we will assume that there is already a TCP connection established between the victim and an attacker controlled server. This could be as simple as an advertisement being displayed on a visited web page, or an image linked to in an email. We will also assume that the attacker is performing a Man in the Middle attack on the target’s wireless connection. Without the password, this only allows the attacker to pass the wireless frames back and forth unmodified, except for the aggregation header data, as mentioned. The actual attack is to send a special IP packet in the established TCP connection, and then modify the header data on the wireless frame that contains that packet.

When the victim tries to unpack what it believes to be an aggregated frame, the TCP payload is interpreted as a discrete packet, which can be addressed to any IP and port the attacker chooses. To put it more simply, it’s a packet within a packet, and the frame aggregation header is abused to pop the internal packet out onto the protected network. Continue reading “This Week In Security: Fragattacks, The Pipeline, Codecov, And IPv6”

Something’s Up In Switzerland: Explaining The B Meson News From The Large Hadron Collider

Particle physics is a field of extremes. Scales always have 10really big number associated. Some results from the Large Hadron Collider Beauty (LHCb) experiment have recently been reported that are statistically significant, and they may have profound implications for the Standard Model, but it might also just be a numbers anomaly, and we won’t get to find out for a while. Let’s dive into the basics of quantum particles, in case your elementary school education is a little rusty.

It all starts when one particle loves another particle very much and they are attracted to each other, but then things move too fast, and all of a sudden they’re going in circles in opposite directions, and then they break up catastrophically…

Continue reading “Something’s Up In Switzerland: Explaining The B Meson News From The Large Hadron Collider”

Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track

With the rise of usable electric cars in the marketplace, and markets around the world slowly phasing out the sale of fossil fuel cars, you could be forgiven for thinking that the age of the internal combustion engine is coming to an end. History is rarely so cut and dry, however, and new technologies aim to keep the combustion engine alive for some time yet.

Toyota’s upcoming Corolla Sport-based hydrogen-burning racer. Credit: Toyota media

One of the most interesting technologies in this area are hydrogen-burning combustion engines. In contrast to fuel cell technologies, which combine hydrogen with oxygen through special membranes in order to create electricity, these engines do it the old fashioned way – in flames. Toyota has recently been exploring the technology, and has announced a racecar sporting a three-cylinder hydrogen-burning engine will compete in this year’s Fuji Super TEC 24 Hour race.

Hydrogen Engines?

The benefit of a hydrogen-burning engine is that unlike burning fossil fuels, the emissions from burning hydrogen are remarkably clean. Burning hydrogen in pure oxygen produces only water as a byproduct. When burned in atmospheric air, the result is much the same, albeit with small amounts of nitrogen oxides produced. Thus, there’s great incentive to explore the substitution of existing transportation fuels with hydrogen. It’s a potential way to reduce pollution output while avoiding the hassles of long recharge times with battery electric technologies. Continue reading “Toyota’s Hydrogen-Burning Racecar Soon To Hit The Track”

Historical Hackers: Emergency Antennas Launched By Kite

Your airplane has crashed at sea. You are perched in a lifeboat and you need to call for help. Today you might reach for a satellite phone, but in World War II you would more likely turn a crank on a special survival radio.

These radios originated in Germany but were soon copied by the British and the United States. In addition to just being a bit of history, we can learn a few lessons from these radios. The designers clearly thought about the challenges stranded personnel would face and came up with novel solutions. For example, how do you loft a 300-foot wire up to use as an antenna? Would you believe a kite or even a balloon?

Continue reading “Historical Hackers: Emergency Antennas Launched By Kite”

Simple Encryption You Can Do On Paper

It’s a concern for Europeans as it is for people elsewhere in the world: there have been suggestions among governments to either outlaw, curtail, or backdoor strong end-to-end encryption. There are many arguments against ruining encryption, but the strongest among them is that encryption can be simple enough to implement that a high-school student can understand its operation, and almost any coder can write something that does it in some form, so to ban it will have no effect on restricting its use among anyone who wants it badly enough to put in the effort to roll their own.

With that in mind, we’re going to have a look at the most basic ciphers, the kind you could put together yourself on paper if you need to.

Continue reading “Simple Encryption You Can Do On Paper”

The Mysterious Wobble Of Muons

You might think that particle physicists would be sad when an experiment comes up with different results than their theory would predict, but nothing brightens up a field like unexplained phenomena.  Indeed, particle physicists have been feverishly looking for deviations from the Standard Model. This year, there have been tantalizing signs that a long unresolved discrepancy between theory and experiment will be confirmed by new experimental results.

In particular, the quest to measure the magnetic moment of muons started more than 60 years ago, and this has been measured ever more precisely since. From an experiment in 1959 at CERN in Switzerland, to the turn of the century at Brookhaven, to this year’s result at Fermilab, the magnetic moment of the muon seems to be at odds with theoretical predictions.

Although a statistical fluke is basically excluded, this value also relies on complex theoretical calculations that are not all in agreement. Instead of heralding a new era of physics, it might just be another headline too good to be true. But some physicists are mumbling “new particle” in hushed tones. Let’s see what all the fuss is about.

Continue reading “The Mysterious Wobble Of Muons”

The Russian Woodpecker: Official Bird Of The Cold War Nests In Giant Antenna

On July 4th, 1976, as Americans celebrated the country’s bicentennial with beer and bottle rockets, a strong signal began disrupting shortwave, maritime, aeronautical, and telecommunications signals all over the world. The signal was a rapid 10 Hz tapping that sounded like a woodpecker or a helicopter thup-thupping on the roof. It had a wide bandwidth of 40 kHz and sometimes exceeded 10 MW.

This was during the Cold War, and plenty of people rushed to the conclusion that it was some sort of Soviet mind control scheme or weather control experiment. But amateur radio operators traced the mysterious signal to an over-the-horizon radar antenna near Chernobyl, Ukraine (then part of the USSR) and they named it the Russian Woodpecker. Here’s a clip of the sound.

The frequency-hopping Woodpecker signal was so strong that it made communication impossible on certain channels and could even be heard across telephone lines when conditions were right. Several countries filed official complaints with the USSR through the UN, but there was no stopping the Russian Woodpecker. Russia wouldn’t even own up to the signal’s existence, which has since been traced to an immense antenna structure that is nearly half a mile long and at 490 feet, stands slightly taller than the Great Pyramid at Giza.

This imposing steel structure stands within the irradiated forest near Pripyat, an idyllic town founded in 1970 to house the Chernobyl nuclear plant workers. Pictured above is the transmitter, also known as Duga-1, Chernobyl-2, or Duga-3 depending on who you ask. Located 30 miles northeast of Chernobyl, on old Soviet maps the area is simply labeled Boy Scout Camp. Today, it’s all within the Chernobyl Exclusion Zone.

It was such a secret that the government denied it’s existence, yet was being heard all over the world. What was this mammoth installation used for?

Continue reading “The Russian Woodpecker: Official Bird Of The Cold War Nests In Giant Antenna”