A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘General Hardware’ tag

Uncontrolled Release of Energy

with one comment

Your smartphone has a rather sizable appetite for energy. To keep it running just for one day it needs a battery that is capable of storing a rather notable amount of energy. The same is true for your laptop, tablet, smartwatch, and any other sophisticated portable electronic device. For the most part we never think about the batteries that power our portable electronics until they degrade to such a point that we find ourselves recharging them more often than we’re comfortable with. But what happens when something besides the usual wear and tear goes wrong with our batteries? What happens if a battery decides to release its stored energy all at once? This is a problem plaguing companies that specialize in recycling electronics:

MADISON, Wis. — What happens to gadgets when you’re done with them? Too often, they explode.

As we enter new-gadget buying season, spare a moment to meet the people who end up handling your old stuff. Isauro Flores-Hernandez, who takes apart used smartphones and tablets for a living, keeps thick gloves, metal tongs and a red fireproof bin by his desk here at Cascade Asset Management, an electronics scrap processor. He uses them to whisk away devices with batteries that burst into flames when he opens them for recycling.

One corner of his desk is charred from an Apple iPhone that began smoking and then exploded after he opened it in 2016. Last year, his co-worker had to slide away an exploding iPad battery and evacuate the area while it burned out.

Due to their popularity, lithium-ion batteries are receiving a lot of attention at the moment but the problem of uncontrolled energy release isn’t unique to them. Anything capable of storing energy so that it can be released in a controlled manner can suffer a failure that causes the energy to be released in an uncontrolled manner. Consider the gas tank in your vehicle. Under normal operating conditions the energy stored in your gas tank is released in a controlled manner by your engine. But a crash can cause the energy to be released in an uncontrolled manner, which results in a fire or explosion.

Anything that can store a large quantity of energy should be treated with respect. If you’re repairing your smartphone or laptop, be careful around the battery. If you smell something odd coming from one of your battery-powered devices, put some distance between it and yourself (and anything that can catch fire and burn).

Written by Christopher Burg

September 14th, 2018 at 10:30 am

Posted in Technology

Tagged with ,

Another Processor Vulnerability

without comments

Hardware has received far less scrutiny in the past than software when it comes to security. That has changed in recent times and, not surprisingly, the previous lack of scrutiny has resulted in a lot of major vulnerabilities being discovered. The latest vulnerability relates to a feature found in Intel processors referred to as Hyperthreading:

Last week, developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further.

The situation has since become a little clearer. The Register reported on Friday that researchers at Vrije Universiteit Amsterdam in the Netherlands have found a new side-channel vulnerability on hyperthreaded processors that’s been dubbed TLBleed. The vulnerability means that processes that share a physical core—but which are using different logical cores—can inadvertently leak information to each other.

In a proof of concept, researchers ran a program calculating cryptographic signatures using the Curve 25519 EdDSA algorithm implemented in libgcrypt on one logical core and their attack program on the other logical core. The attack program could determine the 256-bit encryption key used to calculate the signature with a combination of two milliseconds of observation, followed by 17 seconds of machine-learning-driven guessing and a final fraction of a second of brute-force guessing.

Like the last slew of processor vulnerabilities, the software workaround for this vulnerability involves a performance hit. Unfortunately, the long term fix to these vulnerabilities involves redesigning hardware, which could destroy an assumptions on which modern software development relies: hardware will continue to become faster.

This assumption has been at risk for a while because chip designers are running into transistor size limitations, which could finally do away with Moore’s Law. But designing secure hardware may also require surrendering a bit on the performance front. It’s possible that the next generation of processors won’t have the same raw performance as the current generation of processors. What would this mean? Probably not much for most users. However, it could impact software developers to some extent. Many software development practices are based on the assumption that the next generation of hardware will be faster and it is therefore unnecessary to focus on writing performant code. If the next generation of processors have the same performance as the current generation or, even worse, less performance, an investment in performant code could pay dividends.

Obviously this is pure speculation on my behalf but it’s an interesting scenario to consider.

Written by Christopher Burg

June 27th, 2018 at 11:00 am

A Security Issue Is Still a Security Issue Even If It’s a Hit Job

with one comment

A series of flaws were revealed in AMD’s line of processors. The aftermath of these kinds of revelations usually involves a lot of people trying to assess the impact and threat. Can the flaws be exploited remotely? If they can be exploited remotely, is there a way to detect if a system has been exploited? What actions can be taken to mitigate these flaws? Instead of the usual assessment, the aftermath of this revelation has been dominated by people claiming that this revelation was actually a hit job secretly instigated by Intel and individuals wanting to manipulate AMD’s stock price:

Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”

That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.

There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.

The goal here is to research whether the hysterical whitepapers — hysterical as in “crazy,” not “funny” — have any weight to them, and where these previously unknown companies come from.

A lot of people seem to have lost sight of the fact that just because a revelation is a hit job (which I’m not saying this revelation is) doesn’t mean that the revealed exploit isn’t a legitimate exploit. Even if CTS Labs is a company secretly created by Intel for the specific purpose of wrecking AMD’s reputation, the revealed exploits need to be assessed and, if they’re found to be legitimate exploits, addressed.

Written by Christopher Burg

March 15th, 2018 at 10:00 am

New Rifle

with 2 comments

I don’t have much for you guys today since I spent last night sighting in an AR-15 I finished building:

ar-15-18-inch-barrel-magpul-furniture

It’s nothing too special. I wanted to build either an 18″ or 20″ rifle. Palmetto State Armory had an 18″ .223 Wylde barrel with a 1:7 twist on sale for $99 so I ended up building an 18″ rifle. As far as components I used the following:

  • Alex Pro Firearms (a local receiver manufacturer) upper and lower receiver.
  • Bravo Company lower parts kit (their trigger is basically a smooth milspec trigger).
  • Magpul MOE rifle stock.
  • Magpul MOE handguard.
  • PRI railed gas block.
  • WMD nickel boron bolt (it’s shiny and that’s what’s important).
  • Magpul MBUS Pro flip up iron sights (I plan on mounting an optic at some point).
  • Smith Enterprise Vortex flash hider.
  • Bravo Company Mod 4 charging handle.
  • Magpul Battery Assist Device.

As you can see, it’s nothing terribly fancy but it shot well. I put 100 rounds through it yesterday and experienced zero malfunctions. It’s more accurate than I am but that’s not saying a whole lot. I think I’ll end up replacing the trigger at some point. The Bravo Company trigger isn’t bad but I have a far better trigger in my AR-pattern .308 and I’m kind of missing it. On the other hand I really like the Magpul Battery Assist Device. I wish I could fit one on my .308 but the upper receiver isn’t cut out enough for one.

Written by Christopher Burg

August 23rd, 2016 at 10:00 am

Posted in Guns and Gear

Tagged with

Lightbulbs With DRM Are Here

without comments

There’s a lot of love about this crazy future we live in but there are also some downright bizarre things. For example, how many of you thought your lightbulbs need some kind of mechanism to lock you into a particular manufacturer’s bulbs? Through the wonderful world of ZigBee-enabled bulbs Philips has made your dream a reality:

Philips just released firmware for the Philips Hue bridge that may permanently sever access to any “non-approved” ZigBee bulbs. We previously covered third party support in January 2015, when Philips indicated it was not blocked – and have since benefited.

The recent change seems to suggest any non-Philips bulbs from manufacturers such as Cree, GE, and Osram will not be supported in many situations, whereas “Friends of Hue” branded product are. At the time of publication, it’s unclear whether 3rd party bulbs will stop working immediately after the firmware update or if they may only become inaccessible after the bridge is reset. We’re also not sure if being “reset” means rebooted or factory reset. This appears to apply to both the round v1 bridge and square v2 HomeKit-compatible bridge after the latest firmware update is applied.

I’m not going to be a cranky curmudgeon and bitch about lightbulbs with new functionality. But I will bitch about how companies utilize new technology as a means of baiting and switching. Philips originally stated it would support third-party bulbs. I’m guessing the reason behind that was so it didn’t have to foot the entire bill to encourage adoption of ZigBee-enabled bulbs. Now it has changed the rules and locked out third-party manufacturers. In all likelihood this is because ZibBee-enabled bulbs are now sufficiently popular that Philips wants to enjoy all of the profits. It wouldn’t surprise me if somebody at Philips also assumed owners of third-party bulbs would rather purchase Philips’ hardware than lose the functionality offered by ZigBee-enabled bulbs.

There is an important lesson here. Never be entirely reliant on a third-party for your business. If, for example, you are utilizing a third-party’s software package for your hardware you should have an alternative standing buy in case you’re locked out. Were I one of these third-party manufacturers I would release an open source client on GitHub that works with any ZigBee-enabled bulb.

Written by Christopher Burg

December 15th, 2015 at 10:30 am

Turn It Off And On Again

without comments

A small update to my initial thoughts on the Apple Watch. The abysmal battery life and crashing apps problem appears to have been corrected after I rebooted the watch. After that it notified me that an update to WatchOS was available. I’m not sure if rebooting or the firmware update ultimately fixed the problem but things are working much better than they were.

Apply firmware updates to watches? The future is weird. But it’ll get a lot weirder when we have to apply firmware updates to our batteries.

Written by Christopher Burg

December 11th, 2015 at 10:00 am

Posted in Technology

Tagged with ,

Initial Thoughts On The Apple Watch

without comments

Best Buy is selling the Apple Watch at $100.00 discount, which brings the price of the cheapest model down to $250.00. $250.00 happens to be the price range I think is fair for the Apple Watch so yesterday I decided to pick one up. I opted for the cheapest model, the 38mm (I have small wrists) Sports Edition in Space Gray.

Before I start with my initial thoughts lets me be up front and say that I’m a watch guy. By that I mean I’m a huge fan of watches, specifically the mechanical kind. They are to me what paintings are to other fans of art. Up front I will admit that it’s unlikely the Apple Watch will ever replace my mechanical watches for more than a few days at a time. So why did I want one? Because it makes a good fitness tracker that many of the apps I use, such as Cyclemeter, can interface with. In addition to having interfaces for a lot of my apps it also manages not to look completely like ass.

With that out of the way, let me give my initial thoughts. Having owned a Pebble (until the down button broke) and looked at most other popular smartwatches currently on the market I can say that the Apple Watch is probably the closest to being a watch. This is both good and bad. The bad is that the mentality is probably responsible for the high cost of the device. The good is that it is a very well designed product for a smartwatch. Everything from the packaging to the watch itself has a level of detail not found on any of the competing devices I’ve looked at. When you pick up and hold the watch it feels sturdy, the crappy rubber strap is less crappy than most other rubber straps (that is to say it’s softer and more flexible), and the controls feel very tight (as opposed to my Pebble, which had very mushy buttons).

Although the display is tiny it is nice. It’s a Retina display so it has a very high resolution and good color definition. Showing an attention to detail, and to get around the fact the battery in the watch is tiny, the display turns on automatically when you bring your wrist up to look at it. When you put your arm back down the display turns off. I have already developed a love-hate relationship with the touchscreen. On the upside it gives you a lot of options for controls. On the downside many of the buttons are very small. The home screen is a downright mess in my opinion and you really have to use the crown to zoom in quite a bit if you have any hopes of bringing up the app you want. With that said, controls are a problem on every smartwatch and will likely remain less than optimal until somebody thinks up a completely new way of doing things.

Speaking of controls, there are two dedicated hardware controls. One is a crown that can be rotated and pressed like a button and the other is a nearly useless button that serves only to bring up your contacts list (a feature I don’t need). I like the crown control for the most part. The only thing I run into trouble with is it doesn’t act like the back button on the Pebble. Pressing the crown returns you to the home screen, it doesn’t move you back a screen in an app. That’s probably something I just need to adjust to.

Most of the included apps don’t show the same attention to detail as the hardware. Overall I’m not really thrilled with the included apps. They all feel haphazardly put together and I have had a lot of issues with them crashing when they first open.

The battery life is shit. It’ll get you through the day, so long as you don’t use it too heavily, but that’s about it.

I still need time to use it before making any final conclusions. Right now I feel that it is a good buy at $250.00 but really does show a lot of problems, primarily on the software side, typical of a 1.0 release. It is a very nicely presented product and I think the next release will be much better. For what I want, a fitness tracker with some additional functionality, it appears to fit the bill. If you’re already tied in the Apple ecosystem it’s probably the best smartwatch available (although most models of the Pebble will give you actual battery life but at the cost of functionality).

Written by Christopher Burg

December 10th, 2015 at 10:30 am

Nothing To See Here

without comments

Instead of typing posts for your reading pleasure I spent last night replacing networking equipment. For the last several years my network has been running off of a Netgear router. Last week I could hear the bearing in the router’s fan starting to go to Hell so I started looking for a replacement (admittedly I could have replaced the fan but that device is so old it doesn’t even have IPv6 support so it was a good excuse to upgrade).

For AgoraFest we’ve been using Ubiquiti access points to build our mesh network. I’ve really enjoyed working with the hardware so I decided to look into Ubiquiti’s wired options. As it turns out their wired networking equipment is pretty nice so I ordered an EdgeRouter Lite and EdgeSwitch Lite (the Lite versions lack Power over Ethernet, which I didn’t need). They’re now up and running. I still have to fine tune the configurations but you can see this site so the important work is done.

Written by Christopher Burg

August 28th, 2015 at 10:00 am

Posted in Side Notes

Tagged with ,

Manufacturer Included Malware

without comments

When we buy a computer we are necessarily trusting the manufacturer to some extent. One of the things we trust the manufacturer to do is deliver a system free of malware. This trust isn’t always properly placed since many manufacturers include a lot of software that is indistinguishable from malware but we usually trust the manufacturer to not make that malware persistent. What happens when the manufacturer not only includes malware but also makes it so persistent that a clean installation of Windows won’t remove it?

Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed.

The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that “most” is not “all.” Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, calling the feature the “Lenovo Service Engine.”

[…]

Making this rather worse is that LSE and/or OKO appear to be insecure. Security issues, including buffer overflows and insecure network connections, were reported to Lenovo and Microsoft by researcher Roel Schouwenberg in April. In response, Lenovo has stopped including LSE on new systems (the company says that systems built since June should be clean). It has provided firmware updates for affected laptops and issued instructions on how to disable the option on desktops and clean up the LSE files.

This is an example of a manufacturer using a legitimate feature for nefarious purposes. The feature, as far as Microsoft intended it, was meant to be an anti-theft measure:

And in its own awful way, it’s a feature that makes sense. The underlying mechanism is simple enough; the firmware constructs tables of system information when the machine boots. The operating system then examines these tables to, for example, learn what hardware is installed in the machine and how it is connected. This is all governed by a specification called ACPI, Advanced Configuration and Power Interface. Microsoft defined a new ACPI table, the Windows Platform Binary Table (WPBT), that contains information about a firmware-embedded executable. When it boots, Windows looks for a WPBT. If it finds one, it copies the executable onto the filesystem and runs it.

The primary purpose of WPBT is the automatic installation of anti-theft software. This kind of software typically does a couple of things that require online connectivity: it can phone home to check if it’s been reported stolen (and brick or otherwise disable itself if it has), and it can phone home to simply report where it is to aid recovery of lost or stolen hardware.

Instead Lenovo used it to ensure the pre-install software that comes with the laptop, which was insecure, would always be installed even if the user did a clean install with a Windows disc. That’s pretty scummy behavior. Fortunately Lenovo appears to have stopped doing this but trust, as far as I’m concerned, has already been breached.

Written by Christopher Burg

August 18th, 2015 at 10:00 am

Peripherals Are Potentially Dangerous

without comments

Some auto insurance companies are exploring programs where customers can receive reduced rates in exchange for attaching a dongle to their vehicle’s on-board diagnostics (OBD) port. The dongles then use the diagnostics information provided by the vehicle to track your driving habits. If you’re a “good” driver you can get a discount (and if you’re a “bad” driver you’ll probably get charged more down the road). It seems like a good deal for drivers who always obey speed limits and such but the OBD port has access to everything in the vehicle, which means any dongle plugged into it could cause all sorts of havoc. Understandably auto insurance companies are unlikely to use such dongles for evil but that doesn’t mean somebody else won’t:

At the Usenix security conference today, a group of researchers from the University of California at San Diego plan to reveal a technique they could have used to wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving components—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.

“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” says Stefan Savage, the University of California at San Diego computer security professor who led the project. The result, he says, is that the dongles “provide multiple ways to remotely…control just about anything on the vehicle they were connected to.”

I guarantee any savings you get from your insurance company from attaching one of these dongles to your OBD port will be dwarfed in comparison to the cost of crashing your vehicle due to your brakes suddenly being disabled.

This is a perfect example of two entities with little experience in security compounding their failures to create a possible catastrophe. Automotive manufacturers are finally experiencing the consequences of having paid no attention to the security of their on-board systems. Insurance agencies now have a glimpse of what can happen when you fail to understand the technology you’re working with. While a dongle that tracks the driving behavior of customers seems like a really good idea if that dongle is remotely accessible and insecure it can actually be a far bigger danger than benefit.

I wouldn’t attach such a device to my vehicle because it creates a remote connection to the vehicle (if it didn’t the insurance companies would have any reliable way of acquiring the data from the unit) and that is just asking for trouble at this story shows.

Written by Christopher Burg

August 13th, 2015 at 10:00 am