Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity

September 11, 2020 by Jonathan Bennett 7 Comments

Raccoon is the next flashy security flaw with a name, cute logo, and a website (and a PDF). Raccoon is a flaw in TLS version prior to 1.3, and seems to be a clever bit of work, albeit one with limited real-world application. The central problem is that these older versions of TLS, when using Diffie Hellman (DH), drop leading all-zero bytes in the resulting pre-master key. As that key is part of the input for calculating the master session key, a shortened pre-master key results in a slightly faster calculation of the master key. If an attacker can make fine-grained timing measurements, he can determine when the pre-master key is trimmed.

Let’s review Diffie Hellman, briefly. The client and server agree on two numeric values, a base g and modulus p, and each party generates a secret key, a and b. Each party calculates a public key by raising the shared base to their own private key, mod the shared modulus: A = g^a mod p. These public keys are exchanged, and each party raises the received key to their own secret key: A^b. Exponents have a non-obvious quirk, the power rule. A value raised to a power raised to a power is the same as the value raised to the power of the exponents multiplied together. g^a^b is equal to g^(a*b). By going through this mathematical dance, the server and client have arrived at a shared value that only they know, while preserving the secrecy of their private keys. Continue reading “Security This Week: Racoons In My TLS, Bypassing Frontends, And Obscurity” →

The O-Bahn Busway – Obscure Transit For The Masses

September 10, 2020 by Zoe Skyforest 78 Comments

Around the world, governments and city planners have long struggled with the issue of transport. Getting people where they need to be in a timely fashion is key to making a city a comfortable, attractive place to live. As far as public transport is concerned, this typically consists of buses on the roads, and trams and trains on rails.

Down in the city of Adelaide, Australia, things get a little muddled, however. Nestled in a river valley lies a special transportation network known as the O-Bahn, where buses ride on concrete rails and the drivers can even take their hands off the wheel. The system remains a rarity worldwide, and was spawned by a perfect storm of conflicting requirements.

A Child of Circumstance

In the 1970s, the South Australian government found itself backed into a corner. Facing a booming population in the north-eastern suburbs, new transport links with greater capacity were needed to get people to the central business district. Original plans from the 1960s had called for more freeways to be built all over the city to solve the problem. In the face of stiff public opposition, legislation was passed in 1970 blocking the construction of any new freeways for a full decade, forcing the government to consider alternatives.

O-Bahn buses passing at speed near Stephens Terrace. Buses formerly reached speeds up to 100 km/h on the network; this was dropped to 85 km/h in 2012, adding 20 seconds to the average run. Credit: Lewin Day

Despite plans being shelved, a corridor of land stretching from the city to the north-east had already been acquired for freeway construction. This was retained, and studies were commissioned to determine the best transportation solution to suit the needs of the area. The “North East Adelaide Public Transport Review” suggested light-rail or a busway would be the best solution.

Initial plans were proposed to link the north-east with a light-rail tramway that would connect with the existing tramline from the city proper to Glenelg in the west. However, the City of Adelaide protested the plan, believing that extending the existing tramline to the east would damage the city’s carefully planned structure. Plans were made to rectify this by running part of the line underground, massively increasing costs, and the proposal was shelved.

It was at this time, the guided busway in Essen, Germany came to the attention of the state government. Aiming to help reduce congestion by allowing buses to share tram tunnels, it began as a demonstration which later developed into the Spurbus network. The system offered lower cost and higher flexibility than light rail, and avoided the need to carve up the city to hook in to the existing light rail network. Had Adelaide laid out its existing heavy or light rail networks differently, the O-Bahn might not have gotten a look in. However, back in the early 1980s, it was an easy solution in a sea of difficult choices.

Continue reading “The O-Bahn Busway – Obscure Transit For The Masses” →

3D-Printed Thermite Brings The Heat, And The Safety

September 10, 2020 by Kristina Panos 15 Comments

Thermites are a double-edged sword. Packing a tremendous energy density, and eager to produce tremendous heat when ignited, thermite is great for welding train tracks. But sometimes you might be looking for a little more finesse. A new approach to 3D printing thermites might just be able to tame the beast.

Most of us do our soldering while sitting safely indoors in a comfortable climate. The biggest dangers we’re likely to face are burnt fingertips, forgetting the heat shrink, or accidentally releasing the smoke monster. But outside of our homes and workshops, there’s a lot of extreme joining of metals going on. No matter where it’s done, welding and brazing in the field requires a lot of equipment, some of which is unwieldy and even more difficult to move around in harsh conditions.

Welding railroad tracks with thermite. Image via YouTube

The utility of brazing is limited by all the complex scaffolding of hardware required to support it. This limiting factor and the discovery of thermite led to exothermic welding, which uses an energetic material to provide enough heat to melt a filler metal and join the pieces. Energetic materials can store a lot of chemical energy and forcefully release it in a short period of time.

Thermites are made of metal oxide and metal powder, often iron oxide and aluminium. When ignited by a source of high heat, thermite compounds undergo an exothermic reduction-oxidation (redox) reaction as the aluminium reduces the number of electrons in the iron oxide atoms. More heat makes the reaction run faster, generating more heat, and so on. The result is molten iron and aluminium oxide slag.

Continue reading “3D-Printed Thermite Brings The Heat, And The Safety” →

AUTOVON: A Phone System Fit For The Military

September 9, 2020 by Dan Maloney 62 Comments

It’s a common enough Hollywood trope that we’ve all probably seen it: the general, chest bespangled with medals and ribbons, gazes at a big screen swarming with the phosphor traces of incoming ICBMs, defeatedly picks up the phone and somberly intones, “Get me the president.” We’re left on the edge of our seats as we ponder what it must be like to have to deliver the bad news to the boss, knowing full well that his response will literally light the world on fire.

Scenes like that work because we suspect that real-life versions of it probably played out dozens of times during the Cold War, and likely once or twice since its official conclusion. Such scenes also play into our suspicion that military and political leaders have at their disposal technologies that are vastly superior to what’s available to consumers, chief among them being special communications networks that provide capabilities we could only have dreamed of back then.

As it turns out, the US military did indeed have different and better telephone capabilities during the Cold War than those enjoyed by their civilian counterparts. But as we shall see, the increased capabilities of the network that came to be known as AUTOVON didn’t come so much from better technology, but more from duplicating the existing public switched-telephone network and using good engineering principles, a lot of concrete, and a dash of paranoia to protect it.

Continue reading “AUTOVON: A Phone System Fit For The Military” →

Google Turns Android Up To 11 With Latest Update

September 9, 2020 by Tom Nardi 32 Comments

Just going by the numbers, it’s a pretty safe bet that most Hackaday readers own an Android device. Even if Google’s mobile operating system isn’t running on your primary smartphone, there’s a good chance it’s on your tablet, e-reader, smart TV, car radio, or maybe even your fridge. Android is everywhere, and while the development of this Linux-based OS has been rocky at times, the general consensus is that it seems to have been moving in the right direction over the last few years. Assuming your devices actually get the latest and greatest update, anyway.

So it’s not much of a surprise that Android 11, which was officially released yesterday, isn’t a huge update. There’s no fundamental changes in the core OS, because frankly, there’s really not a whole lot that really needs changing. Android has become mature enough that from here on out we’re likely to just see bug fixes and little quality of life improvements. Eventually Google will upset the apple cart (no pun intended) with a completely new mobile OS, but we’re not there yet.

Of course, that’s not to say there aren’t some interesting changes in Android 11. Or more specifically, changes that may actually be of interest to the average Hackaday reader. Let’s take a look at a handful of changes and tweaks worth noting for the more technical crowd.

Continue reading “Google Turns Android Up To 11 With Latest Update” →

Size Does Matter When It Comes To SD Cards

September 8, 2020 by Zoe Skyforest 54 Comments

The SD card first burst onto the scene in 1999, with cards boasting storage capacities up to 64 MB hitting store shelves in the first quarter of 2000. Over the years, sizes slowly crept up as our thirst for more storage continued to grow. Fast forward to today, and the biggest microSD cards pack up to a whopping 1 TB into a package smaller than the average postage stamp.

However, getting to this point has required many subtle changes over the years. This can cause havoc for users trying to use the latest cards in older devices. To find out why, we need to take a look under the hood at how SD cards deal with storage capacity. Continue reading “Size Does Matter When It Comes To SD Cards” →

Teardown: Mini GPS Jammer

September 8, 2020 by Tom Nardi 144 Comments

If you spend enough time trolling eBay for interesting electronic devices to take apart, you’re bound to start seeing suggestions for some questionable gadgets. Which is how I recently became aware of these tiny GPS jammers that plug directly into an automotive 12 V outlet. Shipped to your door for under $10 USD, it seemed like a perfect device to rip open in the name of science.

Now, you might be wondering what legitimate uses such a device might have. Well, as far as I’m aware, there aren’t any. The only reason you’d want to jam GPS signals in and around a vehicle is if you’re trying to get away with something you shouldn’t be doing. Maybe you’re out driving a tracked company car and want to enjoy a quick two hour nap in a parking lot, or perhaps you’re looking to disable the integrated GPS on the car you just stole long enough for you to take it to the chop shop. You know, as one does.

But we won’t dwell on the potentially nefarious reasons that this device exists. Hackers have never been too choosy about the devices they investigate and experiment with, and there’s no reason we should start now. Instead, let’s take this piece of gray-area hardware for a test drive and see what makes it tick.

Continue reading “Teardown: Mini GPS Jammer” →