This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS

Steve Ballmer famously called Linux “viral”, with some not-entirely coherent complaints about the OS. In a hilarious instance of life imitating art, Windows machines are now getting attacked through malicious Linux VM images distributed through phishing emails.

This approach seems to be intended to fool any anti-malware software that may be running. The VM includes the chisel tool, described as “a fast TCP/UDP tunnel, transported over HTTP, secured via SSH”. Now that’s an interesting protocol stack. It’s an obvious advantage for an attacker to have a Linux VM right on a target network. As this sort of virtualization does require hardware virtualization, it might be worth disabling the virtualization extensions in BIOS if they aren’t needed on a particular machine.

AI Finds Real CVE

We’ve talked about some rather unfortunate use of AI, where aspiring security researchers asked an LLM to find vulnerabilities in a project like curl, and then completely wasted a maintainer’s time on those bogus reports. We happened to interview Daniel Stenberg on FLOSS Weekly this week, and after he recounted this story, we mused that there might be a real opportunity to use LLMs to find vulnerabilities, when used as a way to direct fuzzing, and when combined with a good test suite.

And now, we have Google Project Zero bringing news of their Big Sleep LLM project finding a real-world vulnerability in SQLite. This tool was previously called Project Naptime, and while it’s not strictly a fuzzer, it does share some similarities. The main one being that both tools take their educated guesses and run that data through the real program code, to positively verify that there is a problem. With this proof of concept demonstrated, it’s sure to be replicated. It seems inevitable that someone will next try to get an LLM to not only find the vulnerability, but also find an appropriate fix. Continue reading “This Week In Security: Linux VMs, Real AI CVEs, And Backscatter TOR DoS”

Under The Sea GPS Uses Sound

If you’ve ever tried to use GPS indoors, you know that the signals aren’t easy to acquire in any sort of structure. Now imagine trying to get a satellite fix underwater. Researchers at MIT have a new technique, underwater backscatter localization or UBL, that promises to provide a low-power localization system tailored for the subsea environment.

Like other existing solutions, UBL uses sound waves, but it avoids some of the common problems with using sonic beacons in that environment. A typical system has a fixed beacon constrained by the availability of power or battery-operated beacons that require replacement or recharging. Since the beacon acts as a transponder — it receives a signal and then replies — it requires either constant power or time to wake up from the external stimulus and that time typically varies with the environment. That variable startup time interferes with computing the round-trip time of the signal, which is crucial for estimating position.

Continue reading “Under The Sea GPS Uses Sound”

Touch Anything And Everything

Powering IoT devices is often a question of batteries or mains power, but in rare exceptions to this rule there is no power supply (PDF Warning). At the University of Wisconsin-Madison and the University of California, San Diego, researchers have gone the extra mile to make advanced backscatter devices, and these new tags don’t need the discrete components we have seen in previous versions. They are calling it LiveTag, and it doesn’t need anything aside from a layer of foil printed or etched on a flexible ceramic-PTFE laminate. PTFE is mostly seen in the RF sector as a substrate for circuit boards.

We have seen some of the wild creations with wifi backscatter that range from dials to pushbuttons. RF backscatter works by modulating the RF signals in which we are continuously swimming. Those radio waves power the device and disrupt the ambient signals, which disruption can be detected by a receiver. With a BOM that looks like a statement more than a list, integration with many devices becomes a cost-effective reality. Do not however broadcast important data because you cannot expect great security from backscatter.

[Via IEEE Spectrum]

No-Battery HD Video Streaming Does It With Backscatter

What if Google Glass didn’t have a battery? That’s not too far fetched. This battery-free HD video streaming camera could be built into a pair of eyeglass frames to stream HD video to a nearby phone or other receiver using no bulky batteries or external power source. Researchers at the University of Washington are using backscatter to pull this off.

The problem is that a camera which streams HD video wirelessly to a receiver consumes over 1 watt due to the need for a digital processor and transmitter. The researchers have separated the processing hardware into the receiving unit. They then send the analog pixels from the camera sensor directly to backscatter hardware. Backscatter involves reflecting received waves back to where they came from. By adding the video signal to those reflected waves, they eliminated the need for the power-hungry transmitter. The full details are in their paper (PDF), but here are the highlights.

Battery-free camera design approach

On the camera side, the pixel voltages (CAM Out) are an analog signal which is fed into a comparator along with a triangular waveform. Wherever the triangle wave’s voltage is lower than the pixel voltage, the comparator outputs a 0, otherwise, it outputs a 1. In this way, the pixel voltage is converted to different pulse widths. The triangular waveform’s minimum and maximum voltages are selected such that they cover the full possible range of the camera voltages.

The sub-carrier modulation with the XOR gate in the diagram is there to address the problem of self-interference. This is unwanted interference from the transmitter of the same frequency as the carrier. And so the PWM output is converted to a different frequency using a sub-carrier. The receiver can then filter out the interference. The XOR gate is actually part of an FPGA which also inserts frame and line synchronization patterns.

They tested two different implementations with this circuit design, a 112 x 112 grayscale one at up to 13 frames per second (fps) and an HD one. Unfortunately, no HD camera on the market gives access to the raw analog pixel outputs so they took HD video from a laptop using USB and ran that through a DAC and then into their PWM converter. The USB limited it to 10 fps.

The result is that video streaming at 720p and 10 fps uses as low as 250 μW and can be backscattered up to sixteen feet. They also simulated an ASIC which achieved 720p and 1080p at 60 fps using 321 μW and 806 μW respectively. See the video below for an animated explanation and a demonstration. The resulting video is quite impressive for passive power only.

If the University of Washington seems familiar in the context of backscatter, that’s because we’ve previously covered their battery-free (almost) cell phone. Though they’re not the only ones experimenting with it. Here’s where backscatter is being used for a soil network. All of this involves power harvesting, and now’s a great time to start brushing up on these concepts and building your own prototypes. The Hackaday Prize includes a Power Harvesting Challenge this year.

Continue reading “No-Battery HD Video Streaming Does It With Backscatter”

The Internet Of Non-Electronic Things

The bill of materials for even the simplest IoT project is likely to include some kind of microcontroller with some kind of wireless module. But could the BOM for a useful IoT thing someday list only a single item? Quite possibly, if these electronics-less 3D-printed IoT devices are any indication.

While you may think that the silicon-free devices described in a paper (PDF link) by University of Washington students [Vikram Iyer] and [Justin Chan] stand no chance of getting online, they’ve actually built an array of useful IoT things, including an Amazon Dash-like button. The key to their system is backscatter, which modulates incident RF waves to encode data for a receiver. Some of the backscatter systems we’ve featured include a soil sensor network using commercial FM broadcasts and hybrid printable sensors using LoRa as the carrier. But both of these require at least some electronics, and consequently some kind of power. [Chan] and [Iyer] used conductive filament to print antennas that can be mechanically switched by rotating gears. Data can be encoded by the speed of the alternating reflection and absorption of the incident WiFi signals, or cams can encode data for buttons and similar widgets.

It’s a surprisingly simple system, and although the devices shown might need some mechanical tune-ups, the proof of concept has a lot of potential. Flowmeters, level sensors, alarm systems — what kind of sensors would you print? Sound off below.

Continue reading “The Internet Of Non-Electronic Things”

Hybrid Technique Breaks Backscatter Distance Barrier

Low cost, long range, or low power — when it comes to wireless connectivity, historically you’ve only been able to pick two. But a group at the University of Washington appears to have made a breakthrough in backscatter communications that allows reliable data transfer over 2.8 kilometers using only microwatts, and for pennies apiece.

For those unfamiliar with backscatter, it’s a very cool technology that modulates data onto RF energy incident from some local source, like an FM broadcast station or nearby WiFi router. Since the backscatter device doesn’t need to power local oscillators or other hungry components, it has negligible power requirements. Traditionally, though, that has given backscatter devices a range of a few hundred meters at most. The UW team, led by [Shyamnath Gollokota], describe a new backscatter technique (PDF link) that blows away previous records. By combining the spread-spectrum modulation of LoRa with the switched attenuation of incident RF energy that forms the basis for backscatter, the UW team was able to cover 2800 meters for under 10 microwatts. What’s more, with printable batteries or cheap button cells, the backscatter tags can be made for as little as 10 cents a piece. The possibilities for cheap agricultural sensors, ultracompact and low power wearable sensors, or even just deploy-and-forget IoT devices are endless.

We’ve covered backscatter before, both for agricultural uses and for pirate broadcasting stations. Backscatter also has also seen more cloak and dagger duty.

Continue reading “Hybrid Technique Breaks Backscatter Distance Barrier”

At Last, (Almost) A Cellphone With No Batteries!

If you are tired of constantly having to worry about the state of the battery in your mobile phone, then maybe help is at hand courtesy of the University of Washington. They are reporting the first-ever battery free cell phone, able to make calls by scavenging ambient power. An impressive achievement, and one about which we’d all like to know more.

On closer examination though, the story is revealed as not quite what it claims to be. It’s still a very impressive achievement, but instead of a cell phone with which you can make calls through the public cell network, it’s more of a remote handset for a custom base station through which it can place Skype calls. Sadly the paper itself is hidden behind a journal publisher’s paywall, so we’re left to poke underneath the research group’s slightly baffling decision to use the word “Cellphone” for something that plainly isn’t, and the university PR department’s dumbing-down for the masses. Aren’t peer reviewers supposed to catch misleading descriptions as well as dodgy science?

In radio terms, it’s an analog AM two-way radio that uses a backscatter transmission technique of applying the modulation as switching to an absorbing antenna tuned to the RF source whose ambient energy is being utilized. This modulates the ambient field within the range of the device, and resulting modulated field can be received and demodulated like any other radio signal. It’s a simplex device, in that you can’t listen and talk at the same time. Other ambient power used by the circuitry is harvested by rectifying received RF and through capturing ambient light on a set of photodiodes. There is a short video explaining the system, which we’ve placed below the break.

Continue reading “At Last, (Almost) A Cellphone With No Batteries!”