Hackaday Links Column Banner

Hackaday Links: March 10, 2024

We all know that we’re living in a surveillance state that would make Orwell himself shake his head, but it looks like at least one company in this space has gone a little rogue. According to reports, AI surveillance start-up Flock <<insert gratuitous “What the Flock?” joke here>> has installed at least 200 of its car-tracking cameras on public roads in South Carolina alone. That’s a serious whoopsie, especially since it’s illegal to install anything on state infrastructure without permission, which it appears Flock failed to obtain. South Carolina authorities are making a good show of being outraged about this, but it sort of rings hollow to us, especially since Flock now claims that 70% of the population (of the USA, we presume) is covered by their technology. Also, police departments across the country are in love with Flock’s service, which lets them accurately track the movements of potential suspects, which of course is everyone. No word on whether Flock will have to remove the rogue cameras, but we’re not holding our breath.

Continue reading “Hackaday Links: March 10, 2024”

The NSA’s Furby Artificial Intelligence Scare: FOIA Documents Provide Insight

For those of us who were paying a modicum of attention to the part of the news around 1999 which did not involve the imminent demise of humanity due to the Y2K issue, a certain toy called a ‘Furby’ was making the headlines. In addition to driving parents batty, it also gave everyone’s favorite US three-letter agency a scare, with it being accused of being both a spying tool and equipped with an advanced artificial intelligence chip. Courtesy of a recent Freedom of Information Act (FOIA) request we now have the low-down on what had the NSA all atwitter.

In a Twitter thread (Nitter) user [dakotathekat] announced the release, which finally answered many questions about the NSA’s on-premises ban of Furbys (or Furbees if you’re Swedish). The impression one gets is that this ‘Furby ban’ was primarily instated out of an abundance of caution, as unauthorized recording devices of any kind are strictly forbidden on NSA premises. With nobody at the NSA apparently interested in doing a teardown of a Furby to ascertain its internals, and the careful balance between allowing children’s toys on NSA grounds versus the risk of a ‘Furbygate’, a ban seemed the easy way out. Similarly, the FAA saw fit to also make people turn their Furbys off like all other electronic devices.

The original Furby toys did not have anything more complex inside of them than a 6502-derived MCU and a Ti TSP50C04 IC for speech synthesis duties, with the supposed ‘learning’ process using a hardcoded vocabulary that gradually replaced its default gibberish with English or another target language.

Cracking A GBA Game With NSA Tools

[Wrongbaud] is a huge fan of Japanese kaiju-style movies, including Godzilla and King Kong. In honor of the release of a new movie, he has decided to tackle a few projects to see how both of these monsters can hold their own against other legendary monsters. In this project, he is using Ghidra, named after another legendary kaiju, against the password system of the Game Boy Advance game Kong: King of Atlantis.

Since this project is a how-to, [wrongbaud] shows how to search Ghidra for existing scripts that might already have the functionality needed for GBA analysis and emulation. When not, he also illustrates how to write scripts to automate code analysis, and then moves on to cracking the level password system on the game.

The key to finding the passwords on this game was looking for values in the code that were seven characters long, and after some searching [wrongbaud] is finally able to zero in on the code responsible for handling passwords. Once found a brute force method was automated to find viable passwords, and from there the game was officially pwned. For anyone interested in security, reverse engineering, or just the way that binaries work, it’s quite the detailed breakdown. Of course, it’s not the only example we have seen that uses this software tool to extract passwords.

Cold War Code Breaking Manual Teaches Impossible Puzzle Solving

Cryptologist [Lambros Callimahos] was a victim of his own success. He wrote a trilogy of books called Military Cryptanalytics covering code breaking in 1977. The first two volumes were eventually published, but the NSA blocked the public release of the third volume back in 1992. But last December, it finally saw the light of day.

Of course, some parts of the book are redacted, including parts of the table of contents. That’s pretty bad when even your chapter headings can be classified. [Richard Bean] over on Phys.org has some notes about the book along with some examples of hard-to-solve crypto puzzles.

Continue reading “Cold War Code Breaking Manual Teaches Impossible Puzzle Solving”

FBI Reports On Linux Drovorub Malware

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.

Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades

There have been a few moments in the past few years, when a conspiracy theory is suddenly demonstrated to be based in fact. Once upon a time, it was an absurd suggestion that the NSA had data taps in AT&T buildings across the country. Just like Snowden’s revelations confirmed those conspiracy theories, a news in February confirmed some theories about Crypto AG, a Swiss cryptography vendor.

The whole story reads like a cold-war era spy thriller, and like many of those novels, it all starts with World War II. As a result of a family investment, Boris Hagelin found himself at the helm of Aktiebolaget Cryptograph, later renamed to Crypto AG (1952), a Swedish company that built and sold cipher machines that competed with the famous Enigma machine. At the start of the war, Hagelin decided that Sweden was not the place to be, and moved to the United States. This was a fortuitous move, as it allowed Hagelin to market his company’s C-38 cipher machine to the US military. That device was designated the M-209 by the army, and became the standard in-the-field encryption machine.

Continue reading “Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades”

Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security

The past few days have been busy if you’re trying to keep up with the pace of computer security news. Between a serious Chromium bug that’s actively being exploited on Windows 7 systems, the NSA releasing one of their tools as an open source project, and a new Spectre-like speculative execution flaw in Intel processors, there’s a lot to digest.
Continue reading “Spoiler, Use-After-Free, And Ghidra: This Week In Computer Security”