HP WebOS TouchPad Gets With The USB-C Times

October 1, 2024 by Arya Voronova 9 Comments

Despite HP shuttering their WebOS project some time ago, the operating system has kept a dedicated following. One device in particular, the HP TouchPad, was released just a month before webOS went under and is still a favorite among hackers — giving the device the kind of love that HP never could. [Alan Morford] from the pivotCE blog shares the kind of hack that helps this device exist in a modern-day world: a USB-C upgrade for charging and data transfer.

The inline micro USB port used is a perfect fit for a USB-C upgrade, with only small amounts of PCB and case cutting required. Just make sure to get a breakout that has the appropriate 5.1 K resistors onboard, and follow [Alan]’s tutorial closely. He shows all the points you need to tap to let your TouchPad charge and transfer data to your computer, whether for firmware flashing or for daily use.

This hack doesn’t preserve the USB-OTG feature, but that’s fixable with a single WUSB3801. Apart from that, this mod is perfect for keeping your webOS tablet alive and kicking in today’s increasingly USB-C dominated world. Once you’ve done it, you might want to take care of your PlayStation 4 controllers and Arduino Uno boards, too.

This Week In Security: The Log4j That Won’t Go Away, WebOS, And More

December 31, 2021 by Jonathan Bennett 5 Comments

In the past two weeks, Log4j has continued to drive security news, with more vulnerable platforms being found, and additional CVEs coming out. First up is work done by TrendMicro, looking at electric vehicles and chargers. They found a log4j attack in one of the published charger frameworks, and also managed to observe evidence of vulnerability in the Tesla In-Vehicle Infotainment system. It isn’t a stretch to imagine a piece of malware that could run on both a charger, and an EV. And since those systems talk to each other, they could spread the virus through cars moving from charger to charger.

Log4j is now up to 2.17.1, as there is yet another RCE to fix, CVE-2021-44832. This one is only scored a 6.6 on the CVSS scale, as opposed to the original, which weighed in at a 10. 44832 requires the attacker to first exert control over the Log4j configuration, making exploitation much more difficult. This string of follow-on vulnerabilities demonstrates a well-known pattern, where a high profile vulnerability attracts the attention of researchers, who find other problems in the same code.

There are now reports of Log4j being used in Conti ransomware campaigns. Additionally, a Marai-based worm has been observed. This self-propagating attack seems to be targeting Tomcat servers, among others.

Continue reading “This Week In Security: The Log4j That Won’t Go Away, WebOS, And More” →

Bounty For An HP Touchpad Android Port

August 22, 2011 by Brian Benchoff 86 Comments

If you spent your weekend outside and away from the Internet, you might have missed the massive liquidation of HP TouchPads on Amazon, woot.com, WalMart, and the HP online store. Normally a $100 fully featured tablet is nothing to scoff at, but there is a catch: The HP TouchPad runs WebOS. WebOS is a fine operating system for a tablet, but it’s not Android. The folks at HacknMod.com posted a bounty for the first person to port Android to the HP TouchPad.

HacknMod is offering up $450 for a basic Android port and is looking for sponsors for the WiFi, Audio, Camera, and MultiTouch bounties. There’s a lot of discussion about the port on the XDA Developers and the RootsWiki forums if you’d like to get a bearing on how far along the project is. The TouchPad has already been rooted so there’s your starting point.

We’d like to throw our hat into the ring, but we missed out on the TouchPad fire sale. If anyone knows of an online shop where they’re still available, leave a message in the comments.

via HacknMod.com

Palm Pre IPod Spoofing Confirmed

June 4, 2009 by Eliot 29 Comments

palmpre

The new Palm Pre cellphone has a “media sync” feature which lets the device sync with iTunes in a fashion identical to an iPod. Last week [Jon Lech Johansen] speculated that this was not done in cooperation with Apple and that Palm was spoofing the iPod’s USB controller. This was confirmed today when a tipster sent him a screenshot of what the device reports in both standard and media sync modes. The Palm Pre reports its Product ID as iPod and Vendor ID as Apple with a few other changes. [Jon] notes that it doesn’t change the root USB node, so Apple should be able to block this behavior with an iTunes update. With Palm already pulling tricks like this presumably through software we wonder if this will become a full-on arms race.