recall

14 Articles

Hackaday Links Column Banner

Hackaday Links: September 26, 2021

September 26, 2021 by 33 Comments

Dealing with breakdowns is certainly nothing new for drivers; plenty of us have had our ride die in mid-flight, and experienced the tense moment when it happens in traffic. But the highly integrated and instrumented nature of the newest generation of electric vehicles can bring an interesting twist to the roadside breakdown, if the after-action report of a Tesla driver is any indication.

While driving on a busy road at night, driver [Pooch] reports that his Tesla Model S started beeping and flashing warnings to get to the side of the road right away. [Pooch] tried to do so, but the car died, coasted to a stop in the middle of the road, and engaged the parking brakes. The bricked Tesla would have been a sitting duck in the middle of the road but for a DOT crew who happened to be nearby and offered to provide some protection while [Pooch] waited for help. The disturbing part was the inability to get the car into any of the service modes that might let it be pushed off to the shoulder rather than stuck in traffic, something that’s trivial to do in ICE vehicles, at least older ones.

In other electric vehicle news, Chevy Bolt owners are turning into the pariahs of the parking garage. General Motors is telling Bolt EV and EUV owners that due to the risk of a battery fire, they should park at least 50 feet (15 meters) away from other vehicles, and on the top level of any parking structures. There have been reports of twelve battery fires in Bolts in the US recently, which GM says may be due to a pair of manufacturing defects in the battery packs that sometimes occur together. GM is organizing a recall to replace the modules, but isn’t yet confident that the battery supplier won’t just be replicating the manufacturing problem. The social distancing rules that GM issued go along with some fairly stringent guidelines for charging the vehicle, including not charging overnight while parked indoors. With winter coming on in the northern hemisphere, that’s going to cause a bit of inconvenience and probably more than a few cases of non-compliance that could end in tragedy.

Fans of electronic music might want to check out “Sisters with Transistors”, a documentary film about some of the pioneering women of electronic music. Electronic music has been around a lot longer than most of us realize, and the film reaches back to the 1920s with Theremin virtuoso Clara Rockmore, and continues on into the 1980s with Laurie Spiegel, whose synthesizer work has been speeding away from Earth for the last 44 years on the Golden Records aboard the Voyager spacecraft. Hackaday readers will no doubt recognize some of the other women featured, like Daphne Oram and Delia Derbyshire, who cobbled together the early Dr. Who music with signal generators, tape loops, and random bits of electronics in the pre-synthesizer days of the early 60s. We’ve watched the trailer for the film and it looks pretty good — just the kind of documentary we like.

We’re big fans of circuit sculpture around here, and desperately wish we had the patience and the skill to make something like Mohit Bhoite or Jiri Praus can make. Luckily, there’s now a bit of a shortcut — Geeek Club’s Cyber Punk PCB Construction Kit. These kits are a little like the love child of Lego and PCBWay, with pieces etched and cut from PCB stock. You punch the pieces out, clean up the mouse bites, put Tab A into Slot B, and solder to make the connection permanent. Each kit has some components for the requisite blinkenlight features, which add to the cool designs. Looks like a fun way to get someone started on soldering, or to build your own skills.

And finally, another nail was driven into the coffin of Daylight Savings Time this week, as the island nation of Samoa announced they wouldn’t be “springing ahead” as scheduled this weekend. Daylight Savings Time has become a bone of contention around the world lately, and mounting research shows that the twice-yearly clock changes cause more trouble than they may be worth. In Europe, it’s due to be banned as soon as all the member nations can agree on normal time or summer time.

In the case of Samoa, DST was put into effect in 2010 on the assumption that it would give plantation workers more productive hours in the field and save energy. Instead, the government found that the time change just gave people an excuse to socialize more, which apparently upset them enough to change the rule. So there you have it — if you don’t like Daylight Savings Time, start partying it up.

Hackaday Links Column Banner

Hackaday Links: July 12, 2020

July 12, 2020 by 30 Comments

Based in the US as Hackaday is, it’s easy to overload the news with stories from home. That’s particularly true with dark tales of the expanding surveillance state, which seem to just get worse here on a daily basis. So we’re not exactly sure how we feel to share not one but two international stories of a dystopian bent; one the one hand, pleased that it’s not us for a change, but on the other, sad to see the trend toward less freedom and more monitoring spreading.

The first story comes from Mexico, where apparently everything our community does will soon be illegal. We couch that statement because the analysis is based on Google translations of reports from Mexico, possibly masking the linguistic nuances that undergird legislative prose. So we did some digging and it indeed appears that the Mexican Senate approved a package of reforms to existing federal copyright laws that will make it illegal to do things like installing a non-OEM operating system on a PC, or to use non-branded ink cartridges in a printer. Reverse engineering ROMs will be right out too, making any meaningful security research illegal. There appear to be exceptions to the law, but those are mostly to the benefit of the Mexican government for “national security purposes.” It’ll be a sad day indeed for Mexican hackers if this law is passed.

The other story comes from Germany, where a proposed law would grant sweeping surveillance powers to 19 state intelligence bodies. The law would require ISPs to install hardware in their data centers that would allow law enforcement to receive data and potentially modify it before sending it on to where it was supposed to go. So German Internet users can look forward to state-sponsored man-in-the-middle attacks and trojan injections if this thing passes.

OK, time for a palate cleanser: take an hour to watch a time-lapse of the last decade of activity of our star. NASA put the film together from data sent back by the Solar Dynamics Observatory, a satellite that has been keeping an eye on the Sun from geosynchronous orbit since 2010. Each frame of the film is one hour of solar activity, which may sound like it would be boring to watch, but it’s actually quite interesting and very relaxing. There are exciting moments, too, like enormous solar eruptions and the beautiful but somehow terrifying lunar transits. More terrifying still is a massive coronal mass ejection (CME) captured in June 2011. A more subtle but fascinating phenomenon is the gradual decrease in the number of sunspots over the decade as the Sun goes through its normal eleven-year cycle.

You’ll recall that as a public service to our more gear-headed readers that we recently covered the recall of automotive jack stands sold at Harbor Freight, purveyor of discount tools in the USA. Parts for the jack stands in question had been cast with a degraded mold, making the pawls liable to kick out under load and drop the vehicle, with potentially catastrophic results for anyone working beneath. To their credit, Harbor Freight responded immediately and replaced tons of stands with a new version. But now, Harbor Freight is forced to recall the replacement stands as well, due to a welding error. It’s an embarrassment, to be sure, but to make it as right as possible, Harbor Freight is now accepting any of their brand jack stands for refund or store credit.

And finally, if you thought that the experience of buying a new car couldn’t be any more miserable, wait till you have to pay to use the windshield wipers. Exaggeration? Perhaps only slightly, now that BMW “is planning to move some features of its new cars to a subscription model.” Plans like that are common enough as cars get increasingly complex infotainment systems, or with vehicles like Teslas which can be upgraded remotely. But BMW is actually planning on making options such as heated seats and adaptive cruise control available only by subscription — try it out for a month and if you like it, pay to keep them on for a year. It would aggravate us to no end knowing that the hardware supporting these features had already been installed and were just being held ransom by software. Sounds like a perfect job for a hacker — just not one in Mexico.

Hackaday Links Column Banner

Hackaday Links: May 24, 2020

May 24, 2020 by 56 Comments

We’re saddened to learn of the passing of Gershon Kingsley in December 2019 at the age of 97. The composer and electronic music pioneer was not exactly a household name, but the things he did with the Moog synthesizer, especially the surprise hit “Pop Corn”, which he wrote in 1969, are sure to be familiar. The song has been covered dozens of times, in the process of which the spelling of the name changed to “Popcorn.” We’re most familiar with the 1972 cover by Hot Butter, an earworm from our youth that doesn’t hide the Moog as deeply in the backing instruments as Kingsley did in the original. Or, perhaps you prefer the cover done by a robotic glockenspiel, because robotic glockenspiel.

A few months back, we covered the audacious plan to recover the radio gear from the Titanic. At the time, the potential salvors, Atlanta-based RMS Titanic, Inc., were seeking permission to cut into the submerged remains of the Titanic‘s Marconi room to remove as much of the wireless gear as possible. A federal judge granted permission for the salvage operation last Friday, giving the company the green light to prepare an expedition for this summer. The US government, through the National Oceanic and Atmospheric Administration and the National Park Service, argued strenuously to leave the wreck be and treat it as a tomb for the 1,527 victims. For our part, we had a great discussion about the merits in the comments section of the previous article. Now that it’s a done deal, we’d love to hear what you have to say about this again.

Although life appears to be slowly returning to what passes for normal, that doesn’t mean you might not still have some cycles to spare, especially when the time spent can bolster your skillset. And so if you’re looking to adding FPGAs to your resume, check out this remote lab on FPGA vision systems offered by Bonn-Rhein-Sieg University. The setup allows you to watch lectures, download code examples, and build them on your local computer, and then upload the resulting binaries to real hardware running on the lab’s servers in Germany. It sounds like a great way to get access to FPGA hardware that you’d otherwise have a hard time laying hands on. Or, you know, you could have just come to the 2019 Hackaday Superconference.

Speaking of skill-builders, oscilloscope owners who want to sharpen their skills could do worse than to listen to the advice of a real scope jockey like Allen Wolke. He recently posted a helpful video listing the five most common reasons for your scope giving “wrong” voltage readings. Spoiler alert: the instrument is probably doing exactly what you told it to do. As a scope newbie, we found the insights very helpful, and we can imagine even seasoned users could make simple mistakes like using the wrong probe attenuation or forgetting that scope response isn’t flat across its bandwidth.

Safety tip for the gearheads among us: your jack stands might be unsafe to use. Harbor Freight, the stalwart purveyor of cheap tools, has issued a recall of two different models of its jack stands. It seems that the pawls can kick out under the right conditions, sending the supported load crashing to the ground. This qualifies as a Very Bad Day for anyone unlucky enough to be working underneath when it happens. Defective jack stands can be returned to Harbor Freight for store credit, so check your garage and be safe out there in the shop.

And finally, because everyone loves a good flame war, Ars Technica has come up with a pronunciation guide for common tech terms. We have to admit that most of these are not surprising; few among the technology literate would mispronounce “Linux” or “sudo”. We will admit to a non-fanboy level of ignorance on whether the “X” in “iOS X” was a Roman numeral or not, but learning that the “iOS” part is correctly pronounced as three syllables, not two was a bit shocking. It’s all an exercise in pedantry that reminds us of a mildly heated discussion we had around the secret Hackaday writers’ bunker and whether “a LED” or “an LED” is the correct style. If the Internet was made for anything, it was stuff like this.

Takata Airbag Recalls Widen To Potentially Affect Other Types Of Airbag

November 7, 2019 by 55 Comments

The Takata airbag case has become the largest product recall in history, caused over 20 deaths, and cost many billions of dollars. Replacement efforts are still ongoing, and sadly, the body count continues to rise.  Against this backdrop, further recalls have been announced affecting another type of Takata airbag.

The recall affects BMW 3 Series vehicles, produced between 1997 and 2000. Notably, it appears these cars may have been built before Takata’s fateful decision to produce airbag inflators using ammonium nitrate propellants, known for their instability. Instead, these vehicles likely used Takata’s proprietary tetrazole propellant, or Non-Azide Driver Inflators (NADI). These were developed in the 1990s, and considered a great engineering feat at the time. They were eventually phased out around 2001 for cost reasons, leading to the scandal that rolls on to this day.

As these airbags were produced before the switch to ammonium nitrate, they have thus far escaped scrutiny as part of existing recalls. Two recent incidents of airbag misdeployments in Australia led to the recall, causing a death and a serious injury. BMW Australia have advised owners not to drive affected vehicles, and are offering loan or hire cars to affected vehicles. Given the age of the affected vehicles, the company is considering a buyback program in the event that suitable replacement parts cannot be made available.

This development is foreboding, as it suggests yet more cars, originally considered safe, are now at risk of injuring or killing occupants in the event of a crash. It’s not yet clear exactly which makes are effected by this recall, but expect the numbers of vehicles to continue to climb.

[via Sydney Morning Herald]

Botnet Recall Of Things

October 26, 2016 by 33 Comments

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Engage Tinfoil Hat: Samsung Note 7 Battery Theory

October 24, 2016 by 144 Comments

For the most part I believe things are as they seem. But every once in a while I begin to look at notable technology happenings from a different angle. What if things are not like they seem? This is conspiracy theory territory, and I want to be very clear about this: what follows is completely fictitious and not based on fact. At least, I haven’t tried to base it on facts surrounding the current events. But perhaps you can. What if there’s more to the battery fires in Samsung’s Galaxy Note 7 phones?

I have a plausible theory, won’t you don your tinfoil hat and follow me down this rabbit hole?

Continue reading “Engage Tinfoil Hat: Samsung Note 7 Battery Theory”

car dashboard

How Those Hackers Took Complete Control Of That Jeep

August 22, 2015 by 72 Comments

It was an overcast day with temperatures in the mid seventies – a perfect day to take your brand new Jeep Cherokee for a nice relaxing drive. You and your partner buckle in and find yourselves merging onto the freeway just a few minutes later.  You take in the new car smell as your partner fiddles with the central touch screen display.

“See if it has XM radio,” you ask as you play with the headlight controls.

Seconds later, a Taylor Swift song begins to play. You both sing along as the windows come down. “Life doesn’t get much better than this,” you think. Unfortunately, the fun would be short lived. It started with the windshield wipers coming on – the dry rubber-on-glass making a horrible screeching sound.

“Hey, what are you doing!”

“I didn’t do it….”

You verify the windshield wiper switch is in the OFF position. You switch it on and off a few times, but it has no effect. All of the sudden, the radio shuts off. An image of a skull and wrenches logo appears on the touchscreen. Rick Astley’s “Never Gonna Give You Up” begins blaring out of the speakers, and the four doors lock in perfect synchronization. The AC fans come on at max settings while at the same time, you feel the seat getting warmer as they too are set to max. The engine shuts off and the vehicle shifts into neutral. You hit the gas pedal, but nothing happens. Your brand new Jeep rolls to a halt on the side of the freeway, completely out of your control.

Sound like something out of a Hollywood movie? Think again.

[Charlie Miller], a security engineer for Twitter and [Chris Valasek], director for vehicle safety research at IOActive, were able to hack into a 2014 Jeep Cherokee via its wireless on-board entertainment system from their basement. A feature called UConnect, which allows the vehicle to connect to the internet via a cellular connection, has one of those things you might have heard of before – an IP address. Once the two hackers had this address, they had the ‘digital keys’ to the Jeep. From there, [Charlie] and [Chris] began to tinker with the various firmwares until they were able to gain access to the vehicle’s CAN bus. This gives them the ability to control many of the car’s functions, including (under the right conditions) the ability to kill the brakes and turn the steering wheel. You probably already have heard about the huge recall Chrysler issued in response to this vulnerability.

But up until this weekend we didn’t know exactly how it was done. [Charlie] and [Chris] documented their exploit in a 90 page white paper (PDF) and spoke at length during their DEF CON talk in Las Vegas. That video was just published last night and is embedded below. Take look and you’ll realize how much work they did to make all this happen. Pretty amazing.

Continue reading “How Those Hackers Took Complete Control Of That Jeep”