Hackaday Podcast 080: Trucks On A Wire, Seeing Sounds, Flightless Drone, And TEA Laser Strike

Hackaday editors Elliot Williams and Mike Szczys flip through the index of great hacks. This week we learn of a co-existence attack on WiFi and Bluetooth radios called Spectra. The craftsmanship in a pneumatic drone is so awesome we don’t care that it doesn’t fly. Building a powerful TEA laser is partly a lesson in capacitor design. And join us in geeking out at the prospect of big rigs getting their juice from miles of overhead wires.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~65 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 080: Trucks On A Wire, Seeing Sounds, Flightless Drone, And TEA Laser Strike”

Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack

This year, at DEF CON 28 DEF CON Safe Mode, security researchers [Jiska Classen] and [Francesco Gringoli] gave a talk about inter-chip privilege escalation using wireless coexistence mechanisms. The title is catchy, sure, but what exactly is this about?

To understand this security flaw, or group of security flaws, we first need to know what wireless coexistence mechanisms are. Modern devices can support cellular and non-cellular wireless communications standards at the same time (LTE, WiFi, Bluetooth). Given the desired miniaturization of our devices, the different subsystems that support these communication technologies must reside in very close physical proximity within the device (in-device coexistence). The resulting high level of reciprocal leakage can at times cause considerable interference.

There are several scenarios where interference can occur, the main ones are:

  • Two radio systems occupy neighboring frequencies and carrier leakage occurs
  • The harmonics of one transmitter fall on frequencies used by another system
  • Two radio systems share the same frequencies

To tackle these kind of problems, manufacturers had to implement strategies so that the devices wireless chips can coexist (sometimes even sharing the same antenna) and reduce interference to a minimum. They are called coexistence mechanisms and enable high-performance communication on intersecting frequency bands and thus, they are essential to any modern mobile device. Despite open solutions exist, such as the Mobile Wireless Standards, the manufacturers usually implement proprietary solutions.


Spectra is a new attack class demonstrated in this DEF CON talk, which is focused on Broadcom and Cypress WiFi/Bluetooth combo chips. On a combo chip, WiFi and Bluetooth run on separate processing cores and coexistence information is directly exchanged between cores using the Serial Enhanced Coexistence Interface (SECI) and does not go through the underlying operating system.

Spectra class attacks exploit flaws in the interfaces between wireless cores in which one core can achieve denial of service (DoS), information disclosure and even code execution on another core. The reasoning here is, from an attacker perspective, to leverage a Bluetooth subsystem remote code execution (RCE) to perform WiFi RCE and maybe even LTE RCE. Keep in mind that this remote code execution is happening in these CPU core subsystems, and so can be completely invisible to the main device CPU and OS.

Join me below where the talk is embedded and where I will also dig into the denial of service, information disclosure, and code execution topics of the Spectra attack.

Continue reading “Separation Between WiFi And Bluetooth Broken By The Spectra Co-Existence Attack”

Tomography Through An Infinite Grid Of Resistors

One of the vast untapped potentials of medicine is the access to imaging equipment. A billion people have difficulty getting access to an x-ray, and that says nothing about access to MRIs or CAT scans. Over the past few years, [Jean Rintoul] has been working on a low-cost way to image the inside of a human body using nothing more than a few electrodes. It can be done cheaply and easily, and it’s one of the most innovative ways of bringing medical imaging to the masses. Now, this is a crowdfunding project, aiming to provide safe, accessible medical imaging to everyone.

It’s called Spectra, and uses electrical impedance tomography to image the inside of a chest cavity, the dielectric spectrum of a bone, or the interior of a strawberry. Spectra does this by wrapping an electrode around a part of the body and sending out small AC currents. These small currents are reconstructed using tomographic techniques, imaging a cross-section of a body.

[Jean] gave a talk about Spectra at last year’s Hackaday Superconference, and if you want to look at the forefront of affordable medical technology, you needn’t look any further. Simply by sending an AC wave of around 10kHz through a body, software can reconstruct the internals. Everything from lung volume to muscle and fat mass to cancers can be detected with this equipment. You still need a tech or MD to interpret the data, but this is a great way to bring medical imaging technology to the people who need it.

Right now, the Spectra is up on Crowd Supply, with a board that can be configured to use 32 electrodes. Measurements are taken at 160,000 samples/sec, and these samples have 16-bit resolution. This is just the acquisition hardware, though, but the software to do tomographic reconstruction is open source and also readily available.

In terms of bringing medical imaging to the masses, this is a very impressive piece of work, and is probably the project from last year’s Hackaday Prize that has the best chance of changing the world.

Be A Fire Bender With The Power Of Magnets

More often than you think, scientific progress starts with a simple statement: “Huh, that’s funny…” That’s the sign that someone has noticed something peculiar, and that’s the raw fuel of science because it often takes the scientist down interesting rabbit holes that sometimes lead to insights into the way the world works.

[Ben Krasnow] ended up falling down one of those rabbit holes recently with his experiments with magnets and flames. It started with his look at the Zeeman effect, which is the observation that magnetic fields can influence the spectral lines of light emitted by certain sources. In a previous video, [Ben] showed that light from a sodium lamp could be dimmed by a powerful electromagnet. Some of his viewers took exception to his setup, which used an oxy-acetylene flame doped with sodium passing through the poles of the magnet; they thought the effect observed was a simple magnetohydrodynamic effect, and not the Zeeman effect he was supposed to be testing. That led to the experiments in the video below, which started with a candle flame being strongly deflected by the magnet. [Ben] methodically worked through the problem, eliminating variables by going so far as to blow soap bubbles of various gasses within the magnet’s poles to rule out the diamagnetism of oxygen as a cause of the phenomenon. He finally showed that even hot air by itself is deflected, using a simple light bulb and a FLIR camera. It’s good stuff, and well worth a watch.

Spoiler alert: [Ben] is still scratching his head about what’s going on, and we’re looking forward to his conclusions. This isn’t his first rabbit hole expedition, of course; his experiments with creating plasma with high-pressure water were fascinating, as were his DIY superconducting ceramics. Continue reading “Be A Fire Bender With The Power Of Magnets”

Vera Rubin: Shedding Light On Dark Matter

Vera sat hunched in the alcove at Kitt Peak observatory, poring over punch cards. The data was the same as it had been at Lowell, at Palomar, and every other telescope she’d peered through in her feverish race to collect the orbital velocities of stars in Andromeda. Although the data was perfectly clear, the problem it posed was puzzling. If the stars at the edges of spiral galaxy were moving as fast as the ones in the center, but the pull of gravity was weaker, how did they keep from flying off? The only possible answer was that Andromeda contained some kind of unseen matter and this invisible stuff was keeping the galaxy together.

Though the idea seemed radical, it wasn’t an entirely new one. In 1933, Swiss astronomer Fritz Zwicky made an amazing discovery that was bound to bring him fame and fortune. While trying to calculate the total mass of the galaxies that make up the Coma Cluster, he found that the mass calculation based on galaxy speed was about ten times higher than the one based on total light output. With this data as proof, he proposed that much of the universe is made of something undetectable, but undeniably real. He dubbed it Dunkle Materie: Dark Matter.

But Zwicky was known to regularly bad mouth his colleagues and other astronomers in general. As a result, his wild theory was poorly received and subsequently shelved until the 1970s, when astronomer Vera Rubin made the same discovery using a high-powered spectrograph. Her findings seemed to provide solid evidence of the controversial theory Zwicky had offered forty years earlier.

Continue reading “Vera Rubin: Shedding Light On Dark Matter”