Hackaday Links: July 23, 2017

Hey, you know what’s happening right now? We’re wrapping up the third round of The Hackaday Prize. This challenge, Wheels, Wings, and Walkers, is dedicated to things that move. If it’s a robot, it qualifies, if it’s a plane, it qualifies, if it passes butter, it qualifies. There’s only a short time for you to get your entry in. Do it now. Superliminal advertising.

Speaking of the Hackaday Prize, this project would be a front-runner if only [Peter] would enter it in the competition. It’s one thing to have a cult; I have a cult and a petition to ‘stop’ me.

We were completely unaware of this project, but a few weeks ago, a cubesat was launched from Baikonur. This cubesat contains a gigantic mylar reflector, and once it’s deployed it will be the second brightest object in the night sky after the moon. I don’t know why we haven’t seen this in the press, but if you have any pictures of sightings, drop those in the comments.

In a mere two years, we’ll be looking at the 50th anniversary of the Apollo 11 landing. The mission control center at Johnson Space Center — where these landings were commanded and controlled — is still around, and it’s not in the best shape. There’s a Kickstarter to restore the Apollo Mission Control Center to its former glory. For the consoles, this means restoring them to Apollo 15 operational configuration.

We’ve seen 3D printed remote control airplanes, and at this point, there’s nothing really exceptional about printing a wing. This user on imgur is going a different direction with 3D printed fiberglass molds. Basically, it’s a fuselage for a Mustang that is printed, glued together, with the inside sanded and coated in wax. Two layers (3 oz and 6 oz) fiberglass is laid down with West Systems epoxy. After a few days, the mold is cracked open and a fuselage appears. This looks great, and further refinements of the process can include vapor smoothing of the inside of the mold, a few tabs to make sure the mold halves don’t break when the part is released, and larger parts in general.

The Darknet’s Casefile will take you to the limit of your existing knowledge. Join them, to go on a quest to improve your technical abilities.

This week is Def Con. That means two things. First, we’re on a hardware hunt. If you’ve been dedicating the last few months to #badgelife or other artisanal electronics, we want to hear about it. Second, [Joe Kim] made a graphic of the Tindie dog wearing a Hackaday hoodie and it’s adorable. There are a limited number of stickers of our hacker dog.

Gigabyte launched a single board computer with an Intel Apollo Lake CPU, discrete memory and storage, and a mini PCIe slot. Of course, this is being incorrectly marketed as a ‘Raspberry Pi competitor’, but whatever.

Gigabytes The Dust With UEFI Vulnerabilities

At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer.

Gigabyte has been working on a fix since the start of 2017. Gigabyte are preparing to release firmware updates as a matter of urgency to only one of the affected models — GB-BSi7H-6500 (firmware vF6), while leaving the — GB-BXi7-5775 (firmware vF2) unpatched as it has reached it’s end of life. We understand that support can’t last forever, but if you sell products with such a big fault from the factory, it might be worth it to fix the problem and keep your reputation.

The two vulnerabilities that have been discovered seem like a massive oversight from Gigabyte, They didn’t enable write protection for their UEFI (CVE-2017-3197), and seem to have thrown cryptography out of the window when it comes to signing their UEFI files (CVE-2017-3198). The latter vulnerability is partly due to not verifying a checksum or using HTTPS in the firmware update process, instead using its insecure sibling HTTP. CERT has issued an official vulnerability note (VU#507496) for both flaws.

Attackers may exploit the vulnerabilities to execute unsigned code in System Management Mode (SMM), planting whatever malware they like into the low level workings of the computer. Cylance explain a possible scenario as follows:

The attacker gains user-mode execution through an application vulnerability such as a browser exploit or a malicious Word document with an embedded script. From there, the attacker elevates his privileges by exploiting the kernel or a kernel module such as Capcom.sys to execute code in ring 0. A vulnerable SMI handler allows the attacker to execute code in SMM mode (ring -2) where he finally can bypass any write protection mechanisms and install a backdoor into the system’s firmware.

With all this said, it does raise some interesting opportunities for the hacker community. We wonder if anyone will come up with a custom UEFI for the Brix since Gigabyte left the keys in the door.