Flash Memory: Caveat Emptor

We all love new tech. Some of us love getting the bleeding edge, barely-on-the-market devices and some enjoy getting tech thirty years after the fact to revel in nostalgia. The similarity is that we assume we know what we’re buying and only the latter category expects used parts. But, what if the prior category is getting used parts in a new case? The University of Alabama in Huntsville has a tool for protecting us from unscrupulous manufacturers installing old flash memory.

Flash memory usually lasts longer than the devices where it is installed, so there is a market for used chips which are still “good enough” to pass for new. Of course, this is highly unethical. You would not expect to find a used transmission in your brand new car so why should your brand new tablet contain someone’s discarded memory?

The principles of flash memory are well explained by comparing them to an ordinary transistor, of which we are happy to educate you. Wear-and-tear on flash memory starts right away and the erase time gets longer and longer. By measuring how long it takes to erase, it is possible to accurately determine the age of chip in question.

Pushing the limits of flash memory’s life-span can tell a lot about how to avoid operation disruption or you can build a flash drive from parts you know are used.

Obsolescence As A Service

Yet another Internet of Things service has left its customers in the lurch. IoT devices (mostly lightbulbs) made sold by Greenwave Systems stopped talking to the outside world on July 1. More specifically, the server to which they all connected (ahem, “the cloud”) has been turned off, which rules out using the bulbs with Internet-based services like IFTTT, which was a major selling point of the Things in the first place.

[Edit: We were contacted by Greenwave, and they pointed out that they merely sold the IoT devices in question. They are made by TCP, which is also responsible for cancelling the service. And TCP has a history of doing this sort of thing before.]

It’s not the first time we’ve seen IoT companies renege on their promises to provide service, and it’s surely not going to be the last. We’re preaching to the choir here, but when even Google is willing to take the PR hit to effectively brick your devices, the only protection that you’ve got against obsolescence is an open protocol.

At least the users of Greenwave’s TCP’s devices will continue to be able to control them from within the home. That, plus some clever hacking, will make them workable into the future. But it’s not like the convenience that was sold with the devices.

Boo to shady IoT companies! But thanks to [Adrian] for the tip.

Network Security Theatre

Summer is nearly here, and with that comes the preparations for the largest gathering of security researchers on the planet. In early August, researchers, geeks, nerds, and other extremely cool people will descend upon the high desert of Las Vegas, Nevada to discuss the vulnerabilities of software, the exploits of hardware, and the questionable activities of government entities. This is Black Hat and DEF CON, when taken together it’s the largest security conference on the planet.

These conferences serve a very important purpose. Unlike academia, security professionals don’t make a name for themselves by publishing in journals. The pecking order of the security world is determined at these talks. The best talks, and the best media coverage command higher consultancy fees. It’s an economy, and of course there will always be people ready to game the system.

Like academia, these talks are peer-reviewed. Press releases given before the talks are not, and between the knowledge of security researchers and the tech press is network security theatre. In this network security theatre, you don’t really need an interesting exploit, technique, or device, you just need to convince the right people you have one.

Continue reading “Network Security Theatre”

Ask Hackaday: Why Don’t We Have Flexible Displays Yet?

A few times a month we receive extremely well crafted crowdfunding campaigns in our tip line that make us doubt our sense of reality. While this article therefore isn’t a hack, we felt it would be a good place to start a discussion around OLED flexible displays.

As the dedicated Wikipedia article states flexible displays have been around for a few years already. In 2013, the Samsung Galaxy Round was unveiled as the world’s first mobile phone with a 5.7″ flexible display. The phone (and the screen) were curved in shape but the phone itself was solid. The same goes for the recent Samsung Gear S smart watch.

Yet for only $350 in a $50k goal crowdfunding campaign the Portal flexible wearable smartphone seems to have all the answers. It is scratch & shatter proof, water-resistant, flexible, includes a ‘Portal proprietary flexible battery’, the ‘Fastest multi-core CPU’, gyro, compass, barometer, Bluetooth 4.0, NFC, GPS…. Specifications are even subject to change to ensure the best available components… and it is 89% funded. As they mention,

building a smartphone or a tech company isn’t rocket science.

We also found a 70% funded €100k crowdfunding campaign for a watch bracelet (right click to translate) that will include GPS, Bluetooth, NFS (not a typo), a uSD card, a 4 lines LED screen and a battery for a few days autonomy… how surprising that no major manufacturer thought of that.

This leads us to the title of this post: why don’t we have truly flexible displays yet? We’ll let our readers discussion this point in the comments section below…

SOAP: The Home Automation Router And Kickstarter Scam

How would you like a 7″ tablet with a Quad-core ARM Cortex A9 processor, USB 3.0, 32 GB of storage, 802.11ac, four ports of Gigabit LAN, Bluetooth 4.0, NFC, SATA, HDMI, built-in Zigbee and RFID modules, a camera, speaker and microphone, all for $170? Sound too good to be true? That’s because it probably is. Meet SOAP, the home automation router with a touchscreen, that’s shaping up to be one of the largest scams Kickstarter has ever seen.

There have been a few threads scattered over the web going over some of the… “inconsistencies” about the SOAP kickstarter, mainly focusing on the possibility of fake Facebook likes and Twitter followers. There’s also the question of their development process: they started building a router with an Arduino, then moved on to a Raspberry Pi, a Beaglebone, Intel Atom-powered Minnowboard, the Gizmo Board, PandaBoard, and Wandboard. If you’re keeping track, that’s at least six completely different architectures used in their development iterations. Anyone who has ever tried to build something – not even build a product, mind you – will realize there’s something off here. This isn’t even considering a reasonably accurate BOM breakdown that puts the total cost of production at $131.

The most damning evidence comes from screenshots of the final board design. These pics have since been removed from the Kickstarter page, but they’re still available on the Google cache. The SOAP team claims they’re putting USB 3.0 ports on their board, but the pics clearly show only four pins on each of the USB ports. USB 3.0 requires nine pins. A closer inspection reveals these screenshots are from the files for Novena, [Bunnie Huang]’s open source laptop.

Continue reading “SOAP: The Home Automation Router And Kickstarter Scam”

Scam-o-Matic Determines If You Bought Fake SD Cards

[Andrew] recently got scammed on an SD card purchase and put together a small tool that can help you determine if you’ve had the wool pulled over your eyes as well.

You see, he purchased a set of MicroSD cards, all of which had an advertised capacity of 4GiB. When he tried to use them, they all failed to write more than about 115MiB of data, so he knew something was up. He sat down with some tools that can be used to check the actual capacity of flash media, but he says they were unbelievably slow to scan the cards.

While he waited for one of the scans to complete, he decided to create a utility of his own that would do the same thing in a fraction of the time. His quick and dirty application, called “Scam-o-Matic”, writes random data to the card, double-checking the written region to ensure that data can be read back. If it finds errors your card is likely either a fake or damaged, but if not, it automatically prepares the media for use.

Obviously this sort of situation is relatively rare, but if you think that you have picked up some shady SD cards, be sure to check out [Andrew’s] Github repository.