Plastic Model Emulates the First Untethered Spacewalk

Here’s something really wonderful. [Dave Akerman] wrote up the results of his attempt to use a high-altitude balloon to try to re-create a famous image of NASA’s Bruce McCandless floating freely in space with the Earth in the background. [Dave] did this in celebration of the 34th anniversary of the first untethered spacewalk, even going so far as to launch on the same day as the original event in 1984. He had excellent results, with plenty of video and images recorded by his payload.

80’s “Astronaut with MMU” model kit.

Adhering to the actual day of the spacewalk wasn’t the only hurdle [Dave] jumped to make this happen. He tracked down an old and rare “Astronaut with MMU” (Mobile Maneuvering Unit) plastic model kit made by Revell USA and proceeded to build it and arrange for it to remain in view of the cameras. Raspberry Pi Zero Ws with cameras, LoRA hardware, action cameras, and a UBlox GPS unit all make an appearance in the balloon’s payload.

Sadly, [Bruce McCandless] passed away in late 2017, but this project is a wonderful reminder of that first untethered spacewalk. Details on the build and the payload, as well as the tracking system, are covered here on [Dave]’s blog. Videos of the launch and the inevitable balloon burst are embedded below, but more is available in the summary write-up.

Continue reading “Plastic Model Emulates the First Untethered Spacewalk”

Spectre and Meltdown: How Cache Works

The year so far has been filled with news of Spectre and Meltdown. These exploits take advantage of features like speculative execution, and memory access timing. What they have in common is the fact that all modern processors use cache to access memory faster. We’ve all heard of cache, but what exactly is it, and how does it allow our computers to run faster?

In the simplest terms, cache is a fast memory. Computers have two storage systems: primary storage (RAM) and secondary storage (Hard Disk, SSD). From the processor’s point of view, loading data or instructions from RAM is slow — the CPU has to wait and do nothing for 100 cycles or more while the data is loaded. Loading from disk is even slower; millions of cycles are wasted. Cache is a small amount of very fast memory which is used to hold commonly accessed data and instructions. This means the processor only has to wait for the cache to be loaded once. After that, the data is accessible with no waiting.

A common (though aging) analogy for cache uses books to represent data: If you needed a specific book to look up an important piece of information, you would first check the books on your desk (cache memory). If your book isn’t there, you’d then go to the books on your shelves (RAM). If that search turned up empty, you’d head over to the local library (Hard Drive) and check out the book. Once back home, you would keep the book on your desk for quick reference — not immediately return it to the library shelves. This is how cache reading works.

Continue reading “Spectre and Meltdown: How Cache Works”

ASLR^CACHE Attack Defeats Address Space Layout Randomization

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot. The discovery of this security flaw along with the practical implementation is really important mainly because of two factors: what it means for ASLR to be broken and how the MMU sidechannel attack works inside the processor.

Address Space Layout Randomization or ASLR is an important defense mechanism that can mitigate known and, most importantly, unknown security flaws. ASLR makes it harder for a malicious program to compromise a system by, as the name implies, randomizing the process addresses when the main program is launched. This means that it is unlikely to reliably jump to a particular exploited function in memory or some piece of shellcode planted by an attacker.

Breaking ASLR is a huge step towards simplifying an exploit and making it more reliable. Being able to do it from within JavaScript means that an exploit using this technique can defeat web browser ASLR protection running JavaScript, the most common configuration for Internet users.

ASLR have been broken before in some particular scenarios but this new attack highlights a more profound problem. Since it exploits the way that the memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks, this means that the flaw is in the hardware itself, not the software that is running. There are some steps that the software vendors can take to try to mitigate this issue but a full and proper fix will mean replacing or upgrading hardware itself.

In their paper, researchers reached a dramatic conclusion:

Continue reading “ASLR^CACHE Attack Defeats Address Space Layout Randomization”