This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New

First off, Apple has issued an update for some very old devices. Well, vintage 2013, but that’s a long time in cell-phone years. Fixed are a trio of vulnerabilities, two of which are reported to be exploited in the wild. CVE-2021-30761 and CVE-2021-30762 are both flaws in Webkit, allowing for arbitrary code execution upon visiting a malicious website.

The third bug fixed is a very interesting one, CVE-2021-30737, memory corruption in the ASN.1 decoder. ASN.1 is a serialization format, used in a bunch of different crypto and telecom protocols, like the PKCS key exchange protocols. This bug was reported by [xerub], who showed off an attack against locked iPhone immediately after boot. Need to break into an old iPhone? Looks like there’s an exploit for that now. Continue reading “This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New”

Never Miss Your Transport With This Bus Arrival Notifier

[John Graham-Cumming] was all set to start a new project based on the Raspberry Pi. Well, that was until shipment was delayed due to manufacturing issues. Not to fret, he transitioned over to a router board which displays the arrival countdown for mass transit bus service.

He based the build on a web page the Transport for London provided. You can load it up and see if your bus is running on time or not. There’s no published API, but by studying the source code from the site [John] was able to figure out how the JSON commands were formatted.

The next step is building a standalone device to pull the data and display it. The board seen above is from a Linksys WRT54GL router. This longtime favorite has a serial port header which can be driven from the Linux kernel. He wired up a jack on the router’s case, and uses an extension cable to get from it to the 7-segment displays mounted in a model of the bus. Since there’s four digits the display can tell you minutes until the arrival of two different buses.

[Thanks Pseudo Lobster]

WRT54GL, Meet Alice

When it comes to routers, there is one that is hacker’s favorite, the WRT54GL. But a slightly lesser known company, Pirelli with their “Alice Gate2 plus Wi-Fi”, seems to be a popular choice among our Italian friends.

[Esteban] has done everything from installing serial and parallel ports, to unlocking firmware while installing Debian. Our personal favorite is the creative wiring of an additional USB port, where he had to custom create a power circuit to run his webcam and external drive.

[Thanks Marco]

[Update: It would appear Roleo, Beghiaro, and Zibri did the actual grunt work at ilpuntotecnicoeadsl and Esteban simply wrote the guides. Thanks for your hard work and hacking skills guys!]

LEGO Router Case Bests Factory Finish

Stare at [Luke’s] LEGO router case; STARE AT IT! The router is nothing special, a WRT54GL that is fun to hack. We’ve seen it used as a robot, turned into a war driving box, and obviously this is where dd-wrt custom firmware started.

[Luke] designed the case in MLCAD and found a seller for the parts which came in just over $50. We think it’s much better looking than the stock case an if you used that for a different project, this is a way to replace it. We’ve embedded [Luke’s] assembly video after the break. If you like this case, take a look at his LEGO PC case as well.

Continue reading “LEGO Router Case Bests Factory Finish”

Router/Twitter/Arduino Clock


[Kyle] decided to build the above LED clock for his church. Though it may look impressive enough, it is also hiding loads of features. [Kyle] wanted to make the clock as easy to control as possible, so rather than use buttons or dials to control what is being displayed, he used Twitter. The clock is connected to the internet through a Linksys WRT54GL. The router was hacked so not only does it supply the connection to Twitter, it also parses all of the replies the clock’s feed gets. The clock responds to commands to turn it on or off, run a countdown before service, display the number of viewers on the church’s live stream, and display a sequence of numbers. The time never needs to be set, as it is synched from the internet. The circuit for actually driving the display is based off a PIC, but it was changed to run off an Arduino.

Wifi Robot : A Hacked WRT54GL Rover

[Jon Bennett] sent us this link to his Wifi Robot. After playing with a Linksys WRT54GL router, he was inspired to build something that would utilize this embedded Linux system. Using a thrift store R/C truck, he built a wireless robot rover. This thing can be controlled over the internet, or by laptop with a range of about 500 meters.

The router has been modified to have 2 Serial ports and a 1GB SD Card. It connects to a micro controller, which could be an Arduino or AVR Butterfly. He has supplied information for both. The truck has been mostly gutted, leaving only the chassis and electronics. He had to beef up some of the truck electronics when they fried under the load. The entire unit is powered by a pair of 7.2 Volt 3800 mAh battery packs. The most important thing on the list though, is the horn. You can honk the horn while you are driving this thing around.

The site supplies tons of information including pictures of his build, videos of it in action, speed tests, schematics, software downloads, and resource links. Great job [Jon].

Netgear Open Source Router

Netgear recently launched the WGR614L wireless router targeted specifically at open source firmware enthusiasts. It can use Tomato, DD-WRT, and soon OpenWRT. The core is a 240MHz MIPS processor with 16MB of flash and 4MB of RAM. You’ll probably remember when Linksys decided to dump Linux from their iconic WRT54G line in favor of VxWorks; they released the similarly speced WRT54GL for enthusiasts. Netgear seems to be arriving pretty late in the game, but they’ve set up a community specifically for this router. Time will tell whether community support is enough to make this the router of choice for hackers. We wish someone would release an x86 based router in the same price range just to make porting stupidly simple.

[via Slashdot]