Trojans Can Lurk Inside AVR Bootloaders

If there’s one thing we’ve learned over the years, it’s that if it’s got a silicon chip inside, it could be carrying a virus. Research by one group focused on hiding a trojan inside an AVR Arduino bootloader, proving even our little hobbyist microcontrollers aren’t safe.

The specific aim of the research was to hide a trojan inside the bootloader of an AVR chip itself. This would allow the trojan to remain present on something like a 3D printer even if the main firmware itself was reinstalled. The trojan would still be able to have an effect on the printer’s performance from its dastardly hiding place, but would be more difficult to notice and remove.

The target of the work was the ATmega328P, commonly used in 3D printers, in particular those using the Marlin firmware. For the full technical details, you can dive in and read the research paper for yourself. In basic terms, though, the modified bootloader was able to use the chip’s IVSEL register to allow bootloader execution after boot via interrupt. When an interrupt is called, execution passes to the trojan-infected bootloader’s special code, before then returning to the program’s own interrupt to avoid raising suspicion. The trojan can also execute after the program’s interrupt code too, increasing the flexibility of the attack. Continue reading “Trojans Can Lurk Inside AVR Bootloaders”

Hackers Beware: Shenzhen Is Closing

If you’re among those of us with immediate plans for a PCB or parts order from China, watch out – Shenzhen just recently got put on a week-long lockdown. Factories, non-essential stores and public places are closed, and people are required to spend time at home – for a city that makes hardware thrive, this sounds like a harsh restriction. Work moves to remote where possible, but some PCB fabs and component warehouses might not be at our service for at least a week.

It might be puzzling to hear that the amount of cases resulting in closures is as low as 121, for a city of 12.6 million people. The zero-tolerance policy towards COVID has been highly effective for the city, with regular testing, adhered-to masking requirements and vaccinations – which is how we’ve been free to order any kinds of boards and components we needed throughout the past two years. In fact, 121 cases in one day is an unprecedented number for Shenzhen, and given their track record and swift reaction, it is reasonable to expect the case count dropping back to the regular (under 10 cases per day) levels soon.

Not all manufacturing facilities are located in Shenzhen, either. Despite what certain headlines might have you believe, supply chain shortages aren’t a certainty from here. A lot of the usual suspects like PCBWay and JLCPCB are merely reporting increased lead times as they reallocate resources, and while some projects are delayed for now, a lot of fabs you’d use continue operating with minor delays at most. SeeedStudio has its operations impacted more severely, and your Aliexpress orders might get shipped a bit later than usual – but don’t go around calling this a Chinese New Year v2 just yet. For those who want to keep a closer eye on the situation and numbers, the [Shenzhen Pages] Twitter account provides from-the-ground updates on the situation.

Wondering how your supply chain might be affected? We’ve talked about this way back in February 2020, addressing then-warranted worries that Chinese New Year would grow into a longer disruption than planned due to COVID becoming into a factor to manage. If you’re yet to discover the significance of Shenzhen, books have been written on this marvellous city, where you can build a successful hardware company in a week’s time. We’ve even had a meetup there once!

Header image: Charlie fong, CC BY-SA 4.0.

Screenshot of a 1988 news report on the Morris Worm computer virus

Retrotechtacular: Cheesy 1980s News Report On Early Internet Virus

It was a cold autumn night in 1988. The people of Cambridge, Massachusetts lay asleep in their beds unaware of the future horror about to be unleashed from the labs of the nearby college. It was a virus, but not just any virus. This virus was a computer program whose only mission was to infect every machine it could come in contact with. Just a few deft keystrokes is all that separated law abiding citizens from the…over the top reporting in this throwback news reel posted by [Kahvowa].

Computer History Museum exhibit of the floppy disk used to distribute the Morris worm computer virus.
Computer History Museum exhibit featuring the original floppy disk used to distribute the Morris Worm computer virus.

To be fair, the concept of a computer virus certainly warranted a bit of explanation for folks in the era of Miami Vice. The only places where people would likely run into multiple computers all hooked together was a bank or a college campus. MIT was the campus in question for this news report as it served as ground zero for the Morris Worm virus.

Named after its creator, Robert Tappan Morris, the Morris Worm was one of the first programs to replicate itself via vulnerabilities in networked computer systems. Its author intended the program to be a benign method of pointing out holes, however, it ended up copying itself onto systems multiple times to the point of crashing. Removing the virus from an infected machine often took multiple days, and the total damage of the virus was estimated to be in the millions of dollars.

In an attempt to anonymize himself, Morris initially launched his worm program from a computer lab at MIT as he was studying at Cornell at the time. It didn’t work. Morris would go onto to be the first person to receive a felony conviction under the 1986 Computer Fraud and Abuse Act. After the appeals process, he received a sentence a community service and a fine. After college Morris co-founded the online web store software company Viaweb that Yahoo! would acquire in 1998 for 49 million dollars. Years later in an ironic twist, Morris would return to academia as a professor at MIT’s department of Electrical Engineering and Computer Science.

Interested in some info on viruses of a different nature? Check out this brief history on viruses from last year.
Continue reading “Retrotechtacular: Cheesy 1980s News Report On Early Internet Virus”

Fight Disease With A Raspberry Pi

Despite the best efforts of scientists around the world, the current global pandemic continues onward. But even if you aren’t working on a new vaccine or trying to curb the virus with some other seemingly miraculous technology, there are a few other ways to help prevent the spread of the virus. By now we all know of ways to do that physically, but now thanks to [James Devine] and a team at CERN we can also model virus exposure directly on our own self-hosted Raspberry Pis.

The program, called the Covid-19 Airborne Risk Assessment (CARA), is able to take in a number of metrics about the size and shape of an area, the number of countermeasures already in place, and plenty of other information in order to provide a computer-generated model of the number of virus particles predicted as a function of time. It can run on a number of different Pi hardware although [James] recommends using the Pi 4 as the model does take up a significant amount of computer resources. Of course, this only generates statistical likelihoods of virus transmission but it does help get a more accurate understanding of specific situations.

For more information on how all of this works, the group at CERN also released a paper about their model. One of the goals of this project is that it is freely available and runs on relatively inexpensive hardware, so hopefully plenty of people around the world are able to easily run it to further develop understanding of how the virus spreads. For other ways of using your own computing power to help fight Covid, don’t forget about Folding@Home for using up all those extra CPU and GPU cycles.

Portrait Of A Digital Weapon

Over the years, artists have been creating art depicting weapons of mass destruction, war and human conflict. But the weapons of war, and the theatres of operation are changing in the 21st century. The outcome of many future conflicts will surely depend on digital warriors, huddled over their computer screens, punching on their keyboards and maneuvering joysticks, or using devious methods to infect computers to disable or destroy infrastructure. How does an artist give physical form to an unseen, virtual digital weapon? That is the question which inspired [Mac Pierce] to create his latest Portrait of a Digital Weapon.

[Mac]’s art piece is a physical depiction of a virtual digital weapon, a nation-state cyber attack. When activated, this piece displays the full code of the Stuxnet virus, a worm that partially disabled Iran’s nuclear fuel production facility at Natanz around 2008. Continue reading “Portrait Of A Digital Weapon”

A Brief History Of Viruses

It was around the year 1590 when mankind figured out how to use optical lenses to bring into sight things smaller than the natural eye can observe. With the invention of the microscope, a new and unexplored world was discovered. It will likely be of great surprise to the reader that scientists of the time did not believe that within this new microscopic realm lay the source of sickness and disease. Most would still hold on to a belief of what was known as Miasma theory, which dates back to the Roman Empire. This theory states that the source of disease was contaminated air through decomposing organic materials. It wouldn’t be until the 1850’s that a man by the name of Louis Pasteur, from whom we get “pasteurization”, would promote Germ Theory into the spotlight of the sciences.

Louis Pasteur experimenting in his lab.
Louis Pasteur. Source

Pasteur, considered by many as the father of microbiology, would go on to assist fellow biologist Charles Chameberland in the invention of the aptly named Pasteur Chamberland filter — a porcelain filter with a pore size between 100 and 1000 nanometers. This was small enough to filter out the microscopic bacteria and cells known at that time from a liquid suspension, leaving behind a supply of uncontaminated water. But like so many other early scientific instrumentation inventions it would lead to the discovery of something unexpected. In this case, a world far smaller than 100 nanometers… and add yet another dimension to the ever-shrinking world of the microscopic.

This is when we began to learn about viruses.

Continue reading “A Brief History Of Viruses”

How Researchers Used Salt To Give Masks An Edge Against Pathogens

Masks are proven tools against airborne diseases, but pathogens — like the COVID-19 virus — can collect in a mask and survive which complicates handling and disposal. [Ilaria Rubino], a researcher at the University of Alberta, recently received an award for her work showing how treating a mask’s main filtration layer with a solution of mostly salt and water (plus a surfactant to help the wetting process) can help a mask inactivate pathogens on contact, thereby making masks potentially re-usable. Such masks are usually intended as single-use, and in clinical settings used masks are handled and disposed of as biohazard waste, because they can contain active pathogens. This salt treatment gives a mask a kind of self-cleaning ability.

Analysis showing homogenous salt coating (red and green) on the surface of fibers. NaCl is shown here, but other salts work as well.

How exactly does salt help? The very fine salt coating deposited on the fibers of a mask’s filtration layer first dissolves on contact with airborne pathogens, then undergoes evaporation-induced recrystallization. Pathogens caught in the filter are therefore exposed to an increasingly-high concentration saline solution and are then physically damaged. There is a bit of a trick to getting the salt deposited evenly on the polypropylene filter fibers, since the synthetic fibers are naturally hydrophobic, but a wetting process takes care of that.

The salt coating on the fibers is very fine, doesn’t affect breathability of the mask, and has been shown to be effective even in harsh environments. The research paper states that “salt coatings retained the pathogen inactivation capability at harsh environmental conditions (37 °C and a relative humidity of 70%, 80% and 90%).”

Again, the salt treatment doesn’t affect the mask’s ability to filter pathogens, but it does inactivate trapped pathogens, giving masks a kind of self-cleaning ability. Interested in the nuts and bolts of how researchers created the salt-treated filters? The Methods section of the paper linked at the head of this post (as well as the Methods section in this earlier paper on the same topic) has all the ingredients, part numbers, and measurements. While you’re at it, maybe brush up on commercially-available masks and what’s inside them.