Showdown Time For Non-Standard Chargers In Europe

It seems that few features of a consumer electronic product will generate as much rancour as a mobile phone charger socket. For those of us with Android phones, the world has slowly been moving over the last few years from micro-USB to USB-C, while iPhone users regard their Lightning connector as the ultimate in connectivity. Get a set of different phone owners together and this can become a full-on feud, as micro-USB owners complain that nobody has a handy charging cable any more, USB-C owners become smug bores, and Apple owners do what they’ve always done and pretend that Steve Jobs invented USB. Throwing a flaming torch into this incendiary mix is the European Union, which is proposing to mandate the use of USB-C on all phones sold in its 27 member nations with the aim of reducing considerably the quantity of e-waste generated.

Minor annoyances over having to carry an extra micro-USB cable for an oddball device aside, we can’t find any reason not to applaud this move, because USB-C is a connector born of several decades of USB evolution and brings with it not only the reversible plug but also the enhanced power delivery standards that enable fast charging no matter whose USB-PD charger you are using. Mandating USB-C will put an end to needlessly overpriced proprietary cables, and bring eventual unity to a fractured world. Continue reading “Showdown Time For Non-Standard Chargers In Europe”

A Dutch City Gets A €600,000 Fine For WiFi Tracking

It’s not often that events in our sphere of technology hackers have ramifications for an entire country or even a continent, but there’s a piece of news from the Netherlands (Dutch language, machine translation) that has the potential to do just that.

Enschede is an unremarkable but pleasant city in the east of the country, probably best known to international Hackaday readers as the home of the UTwente webSDR and for British readers as being the first major motorway junction we pass in the Netherlands when returning home from events in Germany. Not the type of place you’d expect to rock a continent, but the news concerns the city’s municipality. They’ve been caught tracking their citizens using WiFi, and since this contravenes Dutch privacy law they’ve been fined €600,000 (about $723,000) by the Netherlands data protection authorities.

The full story of how this came to pass comes from Dave Borghuis (Dutch language, machine translation) of the TkkrLab hackerspace, who first brought the issue to the attention of the municipality in 2017. On his website he has a complete timeline (Dutch, machine translation), and in the article he delves into some of the mechanics of WiFi tracking. He’s at pains to make the point that the objective was always only to cause the WiFi tracking to end, and that the fine comes only as a result of the municipality’s continued intransigence even after being alerted multiple times to their being on the wrong side of privacy law. The city’s response (Dutch, machine translation) is a masterpiece of the PR writer’s art which boils down to their stating that they were only using it to count the density of people across the city.

The events in Enschede are already having a knock-on effect in the rest of the Netherlands as other municipalities race to ensure compliance and turn off any offending trackers, but perhaps more importantly they have the potential to reverberate throughout the entire European Union as well.

Netscape Communicator And SHA-1 Written Into Brexit Agreement

We pity the civil servants involved in the negotiations between the European Union and the United Kingdom, because after tense meetings until almost the Eleventh Hour, they’ve had to cobble together the text of a post-Brexit trade agreement in next-to-no time. In the usual manner of such international agreements both sides are claiming some kind of victory over fish, but the really interesting parts of the document lie in the small print. In particular it was left to eagle-eyed security researchers to spot that Netscape Communicator 4, SHA-1, and RSA encryption with a 1024-bit key length are recommended to secure the transfer of DNA data between states. The paragraphs in question can be found on page 932 of the 1256-page agreement.

It’s likely that some readers under 30 years old will never have used a Netscape product even though they will be familiar with Firefox, the descendant Mozilla software. Netscape were a pioneer of early web browsers, and  Communicator 4 was the company’s all-in-one browser and email offering from the late 1990s. It and its successors steadily lost ground against Microsoft’s Internet Explorer, and ultimately faded away along with the company under AOL ownership in the late 2000s. Meanwhile the SHA-1 hashing algorithm has been demonstrated to be vulnerable to collision attacks, and computing power has advanced such that 1024-bit RSA encryption can be broken in a sensible time frame by anyone with sufficient GPU power to give it a try. It’s clear that something is amiss in the drafting of this treaty, and we’d go so far as to venture the opinion that a tired civil servant simply cut-and-pasted from a late-1990s security document.

So will the lawmakers of Europe now have to dig for ancient software as mandated by treaty? We hope not, as from our reading they are given as examples rather than as directives. We worry however that their agencies might turn out to be as clueless on digital security as evidently the civil servants are, so maybe Verizon Communications, current owners of the Netscape brand, could be in for a few support calls.

European Right To Repair: Poor Repairability Shamed With Rating System

Happily the right to repair movement is slowly gaining ground, and recently they’ve scored a major success in the European Parliament that includes a requirement that products be labelled with expected lifetime and repairability information, long-term availability of parts, and numerous measures aimed at preventing waste.

… including by requiring improved product information through mandatory labelling on the durability and reparability of a product (expected lifetime, availability of spare parts, etc.), defining durability and reparability as the main characteristics of a product…

Even the UK, whose path is diverging from the EU due to Brexit, appears to have a moment of harmony on this front. This builds upon existing rights to repair in that devices sold in Europe will eventually have to carry a clearly visible repair score to communicate the ease of repairability and supply of spare parts, making a clear incentive for manufacturers to strive for the highest score possible.

We live in an age in which our machines, appliances, and devices are becoming ever more complex, while at the same time ever more difficult to repair. Our community are the masters of fixing things, but even we are becoming increasingly stumped in the face of the latest flashy kitchen appliance or iDevice. The right to repair movement, and this measure in particular, seeks to improve the ability of all consumers, not just us hackers, to makebuying decisions for better products and lower environmental impact.

With a population of around 450 million people spread across 27 member countries, the EU represents a colossal market that no manufacturer can afford to ignore. Therefore while plenty of other regions of the planet have no such legislation this move will have a knock-on effect across the whole planet. Since the same products are routinely sold worldwide it is to be expected that an improvement in repairability for European markets will propagate also to the rest of the world. So when your next phone has a replaceable battery and easier spares availability, thank the EU-based right to repair campaigners and some European lawmakers for that convenience.

European Parliament from EU, CC BY 2.0.

Zoombombing The EU Foreign Affairs Council

Those with security clearance are capable of making foolish mistakes, just like the rest of us. So is the story of how a Dutch journalist made an appearance on video meeting of the European Union’s Foreign Affairs Council (Dutch language, Google Translate link).

Ank Bijleveld's Tweeted picture, with the access details blacked out by Daniël Verlaan.
Netherlands Defence MInister Ank Bijleveld’s Tweeted picture, with the access details blacked out by Daniël Verlaan.

Like any other video call, if you had the link you could enter the meeting. So when Netherlands Defence Minister Ank Bijleveld Tweeted a photo of a video call last Friday, the address bar of the browser gave away the secret to anyone with a keen eye. Dutch journalist Daniël Verlaan working for the broadcaster RTL saw the URL on the screen and deduced the login credentials for the meeting.

We say “deduced”, but in fact there were five of the six digits in the PIN in the clear in the URL, leaving him with the difficult task of performing a one-digit brute-force attack and joining with the username “admin”. He joined and revealed his presence, then was admonished for committing a criminal offence before he left.

On one level it’s an opportunity for a good laugh at the expense of the defence ministers, and we certainly wouldn’t want to be Ank Bijleveld or probably the EU’s online security people once the inevitable investigation into this gets under way. It seems scarcely credible that the secrecy on such a high-security meeting could have sat upon such a shaky foundation without for example some form of two-factor authentication using the kind of hardware available only to governments.

EU policy is decided not by individual ministries but by delicate round-table summits of all 27 countries. In a pandemic these have shifted to being half-online and half in-real-life, so this EU defence ministers’ meeting had the usual mosaic video feed of politicians and national flags. And one Zoom-bombing journalist.

EU Duty Changes, A Whole VAT Of Trouble For Hackers?

It could be said that there are a number of factors behind  the explosion of creativity in our community of hardware hackers over the last couple of decades, but one in particular that is beyond doubt is the ease with which it has been possible to import small orders from China. See something on AliExpress and it can be yours for a few quid, somewhere in a warehouse on the other side of the world it’s put into a grey shipping bag, and three weeks later it’s on your doorstep. This bounty has in no small part been aided by a favourable postage and taxation environment in which both low postage costs and a lack of customs duties on packages under a certain value conspire to render getting the product in front of you a fraction of the cost of buying the thing in the first place. Continue reading “EU Duty Changes, A Whole VAT Of Trouble For Hackers?”

Europeans Now Have The Right To Repair – And That Means The Rest Of Us Probably Will Too

As anyone who has been faced with a recently-manufactured household appliance that has broken will know, sometimes they can be surprisingly difficult to fix. In many cases it is not in the interests of manufacturers keen to sell more products to make a device that lasts significantly longer than its warranty period, to design it with dismantling or repairability in mind, or to make spare parts available to extend its life. As hardware hackers we do our best with home-made replacement components, hot glue, and cable ties, but all too often another appliance that should have plenty of life in it heads for the dump.

Czech waste management workers dismantle scrap washing machines. Tormale [CC BY-SA 3.0].
Czech waste management workers dismantle scrap washing machines. Tormale [CC BY-SA 3.0].
If we are at a loss to fix a domestic appliance then the general public are doubly so, and the resulting mountain of electrical waste is enough of a problem that the European Union is introducing new rules governing their repairability. The new law mandates that certain classes of household appliances and other devices for sale within the EU’s jurisdiction must have a guaranteed period of replacement part availability and that they must be designed such that they can be worked upon with standard tools. These special classes include washing machines, dishwashers, refrigerators, televisions, and more.

Let’s dig into the ramifications of this decision which will likely affect markets beyond the EU and hopefully lead to a supply of available parts useful for repair and beyond.

Continue reading “Europeans Now Have The Right To Repair – And That Means The Rest Of Us Probably Will Too”