Hackaday Links: May 24, 2020

We’re saddened to learn of the passing of Gershon Kingsley in December 2019 at the age of 97. The composer and electronic music pioneer was not exactly a household name, but the things he did with the Moog synthesizer, especially the surprise hit “Pop Corn”, which he wrote in 1969, are sure to be familiar. The song has been covered dozens of times, in the process of which the spelling of the name changed to “Popcorn.” We’re most familiar with the 1972 cover by Hot Butter, an earworm from our youth that doesn’t hide the Moog as deeply in the backing instruments as Kingsley did in the original. Or, perhaps you prefer the cover done by a robotic glockenspiel, because robotic glockenspiel.

A few months back, we covered the audacious plan to recover the radio gear from the Titanic. At the time, the potential salvors, Atlanta-based RMS Titanic, Inc., were seeking permission to cut into the submerged remains of the Titanic‘s Marconi room to remove as much of the wireless gear as possible. A federal judge granted permission for the salvage operation last Friday, giving the company the green light to prepare an expedition for this summer. The US government, through the National Oceanic and Atmospheric Administration and the National Park Service, argued strenuously to leave the wreck be and treat it as a tomb for the 1,527 victims. For our part, we had a great discussion about the merits in the comments section of the previous article. Now that it’s a done deal, we’d love to hear what you have to say about this again.

Although life appears to be slowly returning to what passes for normal, that doesn’t mean you might not still have some cycles to spare, especially when the time spent can bolster your skillset. And so if you’re looking to adding FPGAs to your resume, check out this remote lab on FPGA vision systems offered by Bonn-Rhein-Sieg University. The setup allows you to watch lectures, download code examples, and build them on your local computer, and then upload the resulting binaries to real hardware running on the lab’s servers in Germany. It sounds like a great way to get access to FPGA hardware that you’d otherwise have a hard time laying hands on. Or, you know, you could have just come to the 2019 Hackaday Superconference.

Speaking of skill-builders, oscilloscope owners who want to sharpen their skills could do worse than to listen to the advice of a real scope jockey like Allen Wolke. He recently posted a helpful video listing the five most common reasons for your scope giving “wrong” voltage readings. Spoiler alert: the instrument is probably doing exactly what you told it to do. As a scope newbie, we found the insights very helpful, and we can imagine even seasoned users could make simple mistakes like using the wrong probe attenuation or forgetting that scope response isn’t flat across its bandwidth.

Safety tip for the gearheads among us: your jack stands might be unsafe to use. Harbor Freight, the stalwart purveyor of cheap tools, has issued a recall of two different models of its jack stands. It seems that the pawls can kick out under the right conditions, sending the supported load crashing to the ground. This qualifies as a Very Bad Day for anyone unlucky enough to be working underneath when it happens. Defective jack stands can be returned to Harbor Freight for store credit, so check your garage and be safe out there in the shop.

And finally, because everyone loves a good flame war, Ars Technica has come up with a pronunciation guide for common tech terms. We have to admit that most of these are not surprising; few among the technology literate would mispronounce “Linux” or “sudo”. We will admit to a non-fanboy level of ignorance on whether the “X” in “iOS X” was a Roman numeral or not, but learning that the “iOS” part is correctly pronounced as three syllables, not two was a bit shocking. It’s all an exercise in pedantry that reminds us of a mildly heated discussion we had around the secret Hackaday writers’ bunker and whether “a LED” or “an LED” is the correct style. If the Internet was made for anything, it was stuff like this.

Takata Airbag Recalls Widen To Potentially Affect Other Types Of Airbag

The Takata airbag case has become the largest product recall in history, caused over 20 deaths, and cost many billions of dollars. Replacement efforts are still ongoing, and sadly, the body count continues to rise.  Against this backdrop, further recalls have been announced affecting another type of Takata airbag.

The recall affects BMW 3 Series vehicles, produced between 1997 and 2000. Notably, it appears these cars may have been built before Takata’s fateful decision to produce airbag inflators using ammonium nitrate propellants, known for their instability. Instead, these vehicles likely used Takata’s proprietary tetrazole propellant, or Non-Azide Driver Inflators (NADI). These were developed in the 1990s, and considered a great engineering feat at the time. They were eventually phased out around 2001 for cost reasons, leading to the scandal that rolls on to this day.

As these airbags were produced before the switch to ammonium nitrate, they have thus far escaped scrutiny as part of existing recalls. Two recent incidents of airbag misdeployments in Australia led to the recall, causing a death and a serious injury. BMW Australia have advised owners not to drive affected vehicles, and are offering loan or hire cars to affected vehicles. Given the age of the affected vehicles, the company is considering a buyback program in the event that suitable replacement parts cannot be made available.

This development is foreboding, as it suggests yet more cars, originally considered safe, are now at risk of injuring or killing occupants in the event of a crash. It’s not yet clear exactly which makes are effected by this recall, but expect the numbers of vehicles to continue to climb.

[via Sydney Morning Herald]

Botnet Recall Of Things

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Engage Tinfoil Hat: Samsung Note 7 Battery Theory

For the most part I believe things are as they seem. But every once in a while I begin to look at notable technology happenings from a different angle. What if things are not like they seem? This is conspiracy theory territory, and I want to be very clear about this: what follows is completely fictitious and not based on fact. At least, I haven’t tried to base it on facts surrounding the current events. But perhaps you can. What if there’s more to the battery fires in Samsung’s Galaxy Note 7 phones?

I have a plausible theory, won’t you don your tinfoil hat and follow me down this rabbit hole?

Continue reading “Engage Tinfoil Hat: Samsung Note 7 Battery Theory”

How Those Hackers Took Complete Control Of That Jeep

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later.  You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

Continue reading “How Those Hackers Took Complete Control Of That Jeep”