This Week In Security: Apple Backdoors Curl, Tor’s New Bridge, And GhostRace

OK, that headline is a bit of a cheap shot. But if you run the curl binary that Apple ships, you’re in for a surprise if you happen to use the --cacert flag. That flag specifies that TLS verification is only to be done using the certificate file specified. That’s useful to solve certificate mysteries, or to make absolutely sure that you’re connecting to the server you expect.

What’s weird here is that on a MacOS, using the Apple provided curl binary, --cacert doesn’t limit the program to the single certificate file. On an Apple system, the verification falls back to the system’s certificate store. This is an intentional choice by Apple, but not one that’s aimed particularly at curl. The real magic is in Apple’s SSL library, which forces the use of the system keychain.

The current state of things is that this option is simply not going to do the right thing in the Apple provided binary. It’s documented with the note that “this option is supported for backward compatibility with other SSL engines, but it should not be set.” It’s an unfortunate situation, and we’re hopeful that a workaround can be found to restore the documented function of this option. Continue reading “This Week In Security: Apple Backdoors Curl, Tor’s New Bridge, And GhostRace”

Hackaday Links Column Banner

Hackaday Links: February 4, 2024

Things may not have gone as planned last week for the flying cellphone on Mars, but just because Ingenuity‘s flying career is over doesn’t mean there’s no more work to do. NASA announced this week that it’s going to try a series of “wiggle” maneuvers on Ingenuity‘s rotors, in an attempt to get a better look at the damage to the blade tips and possibly get some clues as to what went wrong. The conjecture at the moment seems to be that a large area of relatively featureless terrain confused the navigation system, which uses down-facing cameras to track terrain features. If the navigation program couldn’t get a bead on exactly how far above the ground it was, it’s possible the copter came in too hard and caused the rotor tips to dig into the regolith. There seems to be some photographic suggestion of that, with what looks like divots in the ground about where you’d expect the rotor tips to dig in, and even scraps of material that look out of place and seem to be about the same color as the rotor blades. All this remains to be seen, of course, and we’re sure that NASA and JPL are poring over all available data to piece together what happened. As much as we hate to say goodbye to Ingenuity, we eagerly await the post-mortem.

Continue reading “Hackaday Links: February 4, 2024”

Getting Root Access On A Tesla

A growing number of manufacturers are locking perfectly good hardware behind arbitrary software restrictions. While this ought to be a bigger controversy, people seem to keep paying for things like printers with ink subscriptions, cameras with features disabled in firmware, or routers with speed restrictions, ensuring that this practice continues. Perhaps the most blatant is car manufacturers that lock features such as heated seats or even performance upgrades in the hopes of securing a higher price for their vehicles. This might be a thing of the past for Teslas, whose software has been recently unlocked by Berlin IT researchers.

Researchers from Technische Universit├Ąt Berlin were able to unlock Tesla’s driving assistant by inducing a two-microsecond voltage drop on the processor which allowed root access to the Autopilot software. Referring to this as “Elon mode” since it drops the requirement for the driver to keep their hands on the steering wheel, they were able to access the full self-driving mode allowing autonomous driving without driver input. Although this might be a bad idea based on the performance of “full self-driving” in the real world, the hack at least demonstrates a functional attack point and similar methods could provide free access to other premium features.

While the attack requires physical access to the vehicle’s computer and a well-equipped workbench, in the short term this method might allow for owners of vehicles to use hardware they own however they would like, and in the long term perhaps may make strides towards convincing manufacturers that “features as a service” isn’t a profitable strategy. Perhaps that’s optimistic, but at least for Teslas it’s been shown that they’re not exactly the most secured system on four wheels.

Tesla’s Plug Moves Another Step Closer To Dominance

Charging an EV currently means making sure you find a station with the right plug. SAE International has now published what could be the end to the mishmash of standards in North America with the J3400 North American Charging Standard.

The SAE J3400TM North American Charging Standard (NACS) Electric Vehicle Coupler Technical Information Report (TIR), which just rolls off the tongue, details the standard formerly only available on Tesla vehicles. We previously talked about the avalanche of support from other automakers this year for the connector, and now that the independent SAE standard has come through, the only major holdout is Stellantis.

Among the advantages of the NACS standard over the Combined Charging System (CCS) or CHAdeMO is a smaller number of conductors given the plug’s ability to carry DC or AC over the same wires. Another benefit is the standard using 277 V which means that three separate Level 2 chargers can be placed on a single 3-phase commercial line with no additional step down required. Street parkers can also rejoice, as the standard includes provisions for lampost-based charger installations with a charge receptacle plug instead of the attached cable required by J1772 which leads to maintenance, clutter, and ADA concerns.

Now that J3400/NACS is no longer under the purview of a single company, the Federal Highway Administration has announced that it will be looking into amending the requirements for federal charger installation subsidies. Current rules require CCS plugs be part of the installation to qualify for funds from the Bipartisan Infrastructure Bill.

If you want to see how to spice up charging an EV at home, how about this charging robot or maybe try fast charging an e-bike from an electric car plug?

Hackaday Links Column Banner

Hackaday Links: December 3, 2023

Sure, it does less than originally promised, but hey — at least it’s more expensive. That about sums up Tesla fans’ feelings after the long-awaited Cybertruck reveal at the Texas Gigafactory on Thursday, where Elon Musk himself handed over the keys — or their Cyber equivalent — to a few new owners. These are expensive machines — $61,000 for the two-motor model, and just shy of $100,000 for the three-motor all-wheel-drive model with all the bells and whistles. That’s considerably more than they were expected to cost back in 2019, a fact which may be at least partially behind the drop in Tesla shares after the launch.

Continue reading “Hackaday Links: December 3, 2023”

A Few New Car Owners Will Join The 48V Future

Leaving aside all the annoying hype surrounding Tesla’s Cybertruck, there’s a little technical detail which might be of more interest to readers than the automotive behemoth itself. It’s one of very few vehicles on the road to eschew 12 volt electrics for not 24 volt, but 48 volt. This has been one of those automotive innovations promised as just around the corner for many years, and it seems finally we’ll see it in practice.

The reason that there’s nothing new in the prospect of moving on from 12 volt electrics has been brewing for decades now. A typical car has plenty of motorized gadgets from seat adjusters to sunroofs, as well as at least one heated windscreen or other surface. These devices take a lot of power, and at the lower voltage require significant current to operate. The 48 volt system will require much less in the way of copper to get the power where it’s needed, so the surprise is that we’ve not yet seen it in run-of-the-mill vehicles from the likes of Ford or Volkswagen.

What we’re guessing is that other manufacturers will be watching from the sidelines as to whether 48 volt electrics cause any problems for the Tesla, and it’s not impossible we could see it becoming the new hotness. There are many choice words we could say relating to the hype around Tesla and its supposed level of innovation, but it could be that this time they’ve really been first with something the whole industry will go for. If so we should rejoice, because it’s likely to push down the prices of 48 volt lithium-ion packs.

Header image: Mliu92, CC BY-SA 3.0.

Tesla Claims To Have Open Sourced The Roadster

In an interesting step for anyone who follows electric car technology, the automaker Tesla has released a trove of information about its first-generation Roadster car into the public domain. The documents involved include service manuals, circuit diagrams, and technical details, and Elon Musk himself Tweeted posted on X that “All design & engineering of the original @Tesla Roadster is now fully open source.

We like the idea and there’s plenty of interesting stuff there, but we can’t find an open-source licence anywhere and we have to take issue with his “Whatever we have, you now have” comment. What we have is useful maintenance information and presents a valuable window into 2010’s cutting edge of electric vehicles, but if it’s everything they have then something must have gone very wrong in the Tesla archives. It’s possible someone might take a Lotus Elise and produce something close to a Roadster replica with this info, but it’s by no means enough to make a car from. Instead we’re guessing it may be a prelude to reducing support for what is a low-production car from over a decade ago.

When it comes to electric vehicle manufacturers open-sourcing their older models we already have a model in the form of Renault’s open-source version of their Twizy runabout. This is a far more credible set of information that can be used to make a fully open-source version of the car, rather than a set of workshop manuals.

Tesla Roadster, cytech, CC BY 2.0.