The third bug fixed is a very interesting one, CVE-2021-30737, memory corruption in the ASN.1 decoder. ASN.1 is a serialization format, used in a bunch of different crypto and telecom protocols, like the PKCS key exchange protocols. This bug was reported by [xerub], who showed off an attack against locked iPhone immediately after boot. Need to break into an old iPhone? Looks like there’s an exploit for that now. Continue reading “This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New”→
Introduced in Android 11, the power menu is a way to quickly interact with smart home gadgets without having to open their corresponding applications. Just hold the power button for a beat, and you’ll be presented with an array of interactive tiles for all the gadgets you own. Well that’s the idea, anyway.
[Mat] of “NotEnoughTech” wasn’t exactly thrilled with how this system worked out of the box, so he decided to figure out how he could create his own power menu tiles. His method naturally requires quite a bit more manual work than Google’s automatic solution, but it also offers some compelling advantages. For one thing, you can make tiles for your own DIY devices that wouldn’t be supported otherwise. It also allows you to sidestep the cloud infrastructure normally required by commercial home automation products. After all, does some server halfway across the planet really need to be consulted every time you want to turn on the kitchen light?
The first piece of the puzzle is Tasker, a popular automation framework for Android. It allows you to create custom tiles that will show up on Android’s power menu, complete with their own icons and brief descriptions. If you just wanted to perform tasks on the local device itself, this would be the end of the story. But assuming that you want to control devices on your network, Tasker can be configured to fire off a command to a Node-RED instance when you interact with the tiles.
In his post, [Mat] gives a few examples of how this combination can be used to control smart devices and retrieve sensor data, but the exact implementation will depend on what you’re trying to do. If you need a bit of help getting started, our own [Mike Szczys] put together a Node-RED primer last year that can help you put this flow-based visual programming tool to work for you.
An inexorable trend over the last decade or more has been the exodus of AM radio stations from the low frequency and HF broadcast bands. The bandwidth and thus audio quality at these frequencies puts them at a disadvantage against FM and internet streamed services, and the long-distance advantage of HF has been reduced by easy online access to overseas content. The world has largely moved on from these early-20th-century technologies, leaving them ever more a niche service.
Happily for medium- and long-wave enthusiasts there is a solution to their decline, in the form of DRM, or Digital Radio Mondiale, a digital scheme that delivers cleaner audio and a range of other services in the same space as a standard-sized AM channel. DRM receivers are somewhat rare and usually not cheap though, so news of an Android app DRM receiver from Starwaves is very interesting indeed.
DRM uses a licensed encoding scheme from the Fraunhofer Institute, and this product follows on from a line of hardware DRM receivers that Starwave have developed using their technology. It uses the Android device as a front-end for any of a number of SDR receivers, including the popular RTL-SDR series. It supports the VHF variant of DRM, though we’re guessing that since the best chance of finding a DRM channel for experimentation is on HF that an RTL-SDR with the HF modification will be required. We think it’s an interesting development because the growth of DRM is a chicken-and-egg situation where there must be enough receivers in the wild for broadcasters to consider it viable.
I learned a new acronym while reading about a set of flaws in the Dell BIOS update system. Because Dell has patched their driver, but hasn’t yet revoked the signing keys from the previous driver version, it is open to a BYOVD attack.
BYOVD, Bring Your Own Vulnerable Driver, is an interesting approach to Windows privilege escalation. 64-bit versions of Windows have a security feature that blocks unsigned kernel drivers from the kernel. The exploit is to load an older, known-vulnerable driver that still has valid signatures into the kernel, and use the old vulnerabilities to exploit the system. The caveat is that even when a driver is signed, it still takes an admin account to load a driver. So what use is the BYOVD attack, when it takes administrative access to pull off?
SentinelLabs is witholding their proof-of-concept, but we can speculate. The particular vulnerable driver module lives in the filesystem at C:\Windows\Temp, a location that is writable by any process. The likely attack is to overwrite the driver on the filesystem, then trigger a reboot to load the older vulnerable version. If you’re still running Windows on your Dell machines, then make sure to go tend to this issue. Continue reading “This Week In Security: BYOVD, Spectre Vx, More Octal Headaches, And ExifTool”→
Nintendo’s Switch is perhaps most famous for blurring the lines between handheld consoles and those you plug into a TV. However, the tablet-esque device can also run Android if you’re so inclined, and it recently got an upgrade to version 10.
It’s an upgrade that brings many new features to the table, most of which you might consider must haves for regular use. The newer port brings support for USB Power Delivery, as well as deep sleep modes that enable the unit’s battery to last for several weeks. There’s also support for over-the-air updates which should ease ongoing maintenance, and improvements for Bluetooth compatibility and the touch screen as well.
We always like citizen science projects, so we were very interested in DECO, the Distributed Electronic Cosmic-ray Observatory. That sounds like a physical location, but it is actually a network of cell phones that can detect cosmic rays using an ordinary Android phone’s camera sensor.
There may be some privacy concerns as the phone camera will take a picture and upload it every so often, and it probably also taxes the battery a bit. However, if you really want to do citizen science, maybe dedicate an old phone, put electrical tape over the lens and keep it plugged in. In fact, they encourage you to cover the lens to reduce background light and keep the phone plugged in.
If development platforms were people, Google would be one of the most prolific serial killers in history. Android Things, Google’s attempt at an OS for IoT devices, will officially start shutting down on January 5, 2021, and the plug will be pulled for good a year later. Android Things, which was basically a stripped-down version of the popular phone operating system, had promise, especially considering that Google was pitching it as a secure alternative in the IoT space, where security is often an afterthought. We haven’t exactly seen a lot of projects using Android Things, so the loss is probably not huge, but the list of projects snuffed by Google and the number of developers and users left high and dry by these changes continues to grow. Continue reading “Hackaday Links: December 20, 2020”→