COVID-tracing Framework Privacy Busted By Bluetooth

[Serge Vaudenay] and [Martin Vuagnoux] released a video yesterday documenting a privacy-breaking flaw in the Apple/Google COVID-tracing framework, and they’re calling the attack “Little Thumb” after a French children’s story in which a child drops pebbles to be able to retrace his steps. But unlike Hänsel and Gretl with the breadcrumbs, the goal of a privacy preserving framework is to prevent periodic waypoints from allowing you to follow anyone’s phone around. (Video embedded below.)

The Apple/Google framework is, in theory, quite sound. For instance, the system broadcasts hashed, rolling IDs that prevent tracing an individual phone for more than fifteen minutes. And since Bluetooth LE has a unique numeric address for each phone, like a MAC address in other networks, they even thought of changing the Bluetooth address in lock-step to foil would-be trackers. And there’s no difference between theory and practice, in theory.

In practice, [Serge] and [Martin] found that a slight difference in timing between changing the Bluetooth BD_ADDR and changing the COVID-tracing framework’s rolling proximity IDs can create what they are calling “pebbles”: an overlap where the rolling ID has updated but the Bluetooth ID hasn’t yet. Logging these allows one to associate rolling IDs over time. A large network of Bluetooth listeners could then trace people’s movements and possibly attach identities to chains of rolling IDs, breaking one of the framework’s privacy guarantees.

This timing issue only affects some phones, about half of the set that they tested. And of course, it’s only creating a problem for privacy within Bluetooth LE range. But for a system that’s otherwise so well thought out in principle, it’s a flaw that needs fixing.

Why didn’t the researchers submit a patch? They can’t. The Apple/Google code is mostly closed-source, in contrast to the open-source nature of most of the apps that are running on it. This remains troubling, precisely because the difference between the solid theory and the real practice lies exactly in those lines of uninspectable code, and leaves all apps that build upon them vulnerable without any recourse other than “trust us”. We encourage Apple and Google to make the entirety of their COVID framework code open. Bugs would then get found and fixed, faster.

Continue reading “COVID-tracing Framework Privacy Busted By Bluetooth”

Fog-Free Mask Hack Solves Mask Versus Glasses Conundrum With Superb Seal

If you have worn a mask and glasses together for more than a quarter of a second, you are probably annoyed that we don’t have a magical solution for foggy lenses. Moisture-laden air is also a good indicator of where unfiltered air is escaping. Most masks have some flexible metal across the nose bridge that is supposed to seal the top, but it is woefully inadequate. The Badger Seal by [David Rothamer] and [Scott Sanders] from the University of Wisconsin-Madison College of Engineering is free to copy during the COVID-19 pandemic, even commercially. It works by running an elastic cord below the jaw and a formable wire over the nose to encourage contact all around both mouth and nose.

You can build your own in three ways. Each configuration is uniquely suited to a different situation. The first design is the easiest to make and should work for most people. The second is best for folks who need a better seal on the lower half of their face, like someone sporting a beard. It can also have ear loops, and that means your 3D printed ear savers have another use. The Madison campus of the University of Wisconsin also has fun with lock cracking and graphene experiments.
Continue reading “Fog-Free Mask Hack Solves Mask Versus Glasses Conundrum With Superb Seal”

Building A Heavy Duty Open Source Ventilator

Since the COVID-19 pandemic started, we’ve seen several attempts to create homebrew ventilators designed to address the shortage of these lifesaving machines. Unfortunately, most hackers aren’t terribly experienced when it comes to designing practical medical equipment. So while many of the designs might have appeared functional on the workbench, there’s little chance they’d get used in any official capacity.

The open source DP Ventilator is still clearly the product of a couple plucky hackers, but we think it shows a level of design maturity that’s been missing in many of the earlier attempts. Made primarily with 3D printed components, this mechanical device is designed to operate a hand-held manual resuscitator; essentially standing in for a human operator. This makes the design far less complex than if it had to actually pump air itself, not to mention safer for the patient since the resuscitator (often referred to as an Ambu Bag) installed in it would be a sterile pre-packaged item.

In the video after the break, you can see just how much thought and effort has been put into the device’s touch screen interface. With a few quick taps the medical professional operating the DP Ventilator can dial in variables such as breathing rate, pressure, and volume to match the patient’s needs. While the Arduino Mega 2560 at the machine’s heart wouldn’t pass muster for any regulating body in charge of medical devices, we think with a few more tweaks, this design is getting close to something that might actually be able to save lives.

Continue reading “Building A Heavy Duty Open Source Ventilator”

Running A Successful Hacker Camp In A Pandemic: BornHack 2020

You could say 2020 is The Year That Didn’t Happen, or perhaps even The Year That Everything Happened Online. All the international cons and camps have been cancelled, and we’ve spent our time instead seeing our friends in Jitsi, or Zoom.

But there was one camp that wasn’t cancelled. The yearly Danish hacker camp BornHack has gone ahead this year with significantly reduced numbers and amid social distancing, turning it from what is normally one of the smaller and more intimate events into the only real-world event of 2020.

I bought my ticket early in the year and long before COVID-19 became a global pandemic, so on a sunny day in August I found myself in my car with my friend Dani from FizzPop hackerspace in Birmingham taking the ferry for the long drive through the Netherlands and Germany to Denmark.

Continue reading “Running A Successful Hacker Camp In A Pandemic: BornHack 2020”

Facing The Coronavirus

Some of us are oblivious to how often we touch our faces. The current finding is we reach for our eyes, nose, or mouth every three to four minutes. Twenty times per hour is an awful lot of poking, picking, itching, and prodding when we’re supposed to keep our hands away from glands that can transmit and receive disease. To curb this habit and enter the 2020 Hackaday Prize, [Lloyd lobo] built a proof-of-concept device that sounds the alarm when you reach for your face.

We see an Arduino Uno connected to the classic HC-SR04 ultrasonic distance sensor, an LED, and we have to assume a USB battery pack. [Lloyd] recommends the smaller Nano, we might reach for the postage-stamp models and swap the ultrasonic module out for the much smaller laser time of flight sensor. At its soul, this is an intruder alarm. Instead of keeping siblings out of your room, you will be keeping your hands out of the area below the bill of the hat where the sensor is mounted. If you regularly lift a coffee cup to your lips, it might chastise you, and if you chew sunflower seeds, you might establish a tempo. *crunch* *chip* *beep* *crunch* *chip* *beep*

We have reviewed technology to improve our habits like a bracelet that keeps a tally, and maybe there is a book that will help shirk some suboptimal behaviors.

Continue reading “Facing The Coronavirus”

The Mask Launcher; Like An Airbag For Your Face

One of the most effective ways to slow the spread of pathogens like the novel coronavirus is to have individuals wear facemasks that cover the nose and mouth. They’re cheap, and highly effective at trapping potentially infectious aerosols that spread disease. Unfortunately, wearing masks has become a contentious issue, with many choosing to go without. [Allen Pan] was frustrated by this, and set out to make a launcher to quite literally shoot masks directly onto faces.

To fire the masks, Allan built a pneumatic system that gets its power from a compact CO2 canister. This is hooked up to a solenoid, which is fired by the trigger. The high-pressure CO2 then goes through a split to four separate barrels cleverly made out of brake line ([Allen] says it’s faster to get parts from the automotive supply than the home store these days). Each barrel fires a bola weight attached to one of the strings of the mask, in much the same way a net launcher works. The mask is then flung towards the face of the target, and the weights wrap around the back of the neck, tangling and ideally sticking together thanks to neodymium magnets.

Amazingly, the mask worked first time, wrapping effectively around a dummy head and covering the nose and mouth. Follow-up shots were less successful, however, but that didn’t deter [Allen] from trying the device on himself at point-blank range. Despite the risk to teeth and flesh, the launcher again fires a successful shot.

While it’s obviously never meant to be used in the real world, the mask launcher was a fun way to experiment with pneumatics and a funny way to start the conversation about effective public health measures. We’ve featured similar projects before, too. Video after the break.

Continue reading “The Mask Launcher; Like An Airbag For Your Face”

Hackaday Links: August 9, 2020

We regret to admit this, but we completely missed the fact that Windows 10 turned five years old back in March. Granted, things were a little weird back then — at least it seemed weird at the time; from the current perspective, things were downright normal then. Regardless, our belated congratulations to Microsoft, who, like anyone looking after a five-year-old, spends most of their time trying to keep their charge from accidentally killing itself. Microsoft has done such a good job at keeping Windows 10 alive that it has been installed on “one billion monthly active devices”. Of course, back in April of 2015 they predicted that the gigainstall mark would be reached in 2018. But what’s a couple of years between friends?

Of all the things that proved to be in short supply during the pandemic lockdowns, what surprised us most was not the toilet paper crunch. No, what really surprised us was the ongoing webcam supply pinch. Sure, it makes sense, with everyone suddenly working from home and in need of a decent camera for video conferencing. But we had no idea that the market was so dominated by one manufacturer — Logitech — that their cameras could suddenly become unobtainium. Whatever it is that’s driving the shortage, we’d take Logitech’s statement that “demand will be met in the next 4-6 weeks” with a huge grain of salt. After all, back-to-school shopping is likely to look vastly different this year than in previous years.

Speaking of education, check out the CrowPi2 STEM laptop. On the one hand, it looks like just another Raspberry Pi-based laptop, albeit one with a better level of fit and finish than most homebrew Pi-tops. With a Raspberry Pi 4b on board, it can do all the usual stuff — email, browse the web, watch videos. The secret sauce is under the removable wireless keyboard, though: a pretty comprehensive electronics learning lab. It reminds us of the Radio Shack “150-in-One” kits that so many of us cut our teeth on, but on steroids. Having a complete suite of modules and a breadboarding area built right into the laptop needed to program it is brilliant, and we look forward to seeing how the Kickstarter for this does.

Exciting news from Hackaday Superfriend Chris Gammell — he has launched a new podcast to go along with his Contextual Electronics training courses. Unsurprisingly dubbed the Contextual Electronics Podcast, he already has three episodes in the can. They’re available as both video and straight audio, and from the few minutes we’ve had to spend on them so far, Chris has done a great job in terms of production values and guests with Sophy Wong, Stephen Hawes, and Erik Larson leading off the series. We wish him luck with this new venture, and we’re looking forward to future episodes.

One of the best things about GoPro and similar sports cameras is their ability to go just about anywhere and show things we normally don’t get to see. We’re thinking of those gorgeous slo-mo selfies of surfers inside a curling wave, or those cool shots of a skier powder blasting down a mountain slope. But this is the first time we’ve seen a GoPro mounted inside a car’s tire. The video by the aptly named YouTuber [Warped Perception] shows how he removed the tire from the wheel and mounted the camera, a battery pack, and an LED light in the rim, then remounted the tire. The footage of the tire deforming as it contacts the ground is fascinating but oddly creepy. It sort of reminds us a little of the footage from cameras inside the Saturn V fuel tanks — valuable engineering information to be sure, but forbidden in some way.