__ __ __ ___ / // /__ _____/ /__ ___ _ / _ \___ ___ __ / _ / _ `/ __/ '_/ / _ `/ / // / _ `/ // / /_//_/\_,_/\__/_/\_\ \_,_/ /____/\_,_/\_, / retro edition /___/Now optimized for embedded devices!!
| About | Successes | Retrocomputing guide | Email Hackaday |
When you think about hacking laptops, it’s highly unlikely that you would ever consider the battery as a viable attack vector. Security researcher [Charlie Miller] however, has been hard at work showing just how big a vulnerability they can be.
As we have been discussing recently, the care and feeding of many batteries, big and small, is handled by some sort of microcontroller. [Charlie] found that a 2009 update issued by Apple to fix some lingering MacBook power issues used one of two passwords to write data to the battery controllers. From what he has seen, it seems these same passwords have been used on all batteries manufactured since that time as well. Using this data, he was subsequently able to gain access to the chips, allowing him to remotely brick the batteries, falsify data sent to the OS, and completely replace the stock firmware with that of his own.
He says that it would be possible for an attacker to inject malware into the battery itself, which would covertly re-infect the machine, despite all traditional removal attempts. Of course, replacing the battery would rectify the issue in these situations, but he says that it would likely be the last thing anyone would suspect as the source of infection. While using the battery to proliferate malware or cause irreversible damage to the computer would take quite a bit of work, [Charlie] claims that either scenario is completely plausible.
He plans on presenting his research at this year’s Black Hat security conference in August, but in the meantime he has created a utility that generates a completely random password for your Mac’s battery. He says that he has already contacted Apple to in order to help them construct a permanent fix for the issue, so an official patch may be available in the near future.
[Thanks, Sergio]
[Coley] sent in this port of jetpack for the propeller uc, but when I started poking around I discovered this sweet hybrid robot platform. A four stroke Robin/Subaru 35cc motor drives a car alternator, providing virtually unlimited (in the robot world) power on demand. Hit the video after the break for a quick R/C demo and an idea of how loud the engine is. Offhand, I recognize the lovejoy coupler that was used to connect the engine to the alternator.
By the way, this bot is featured in the latest Robot magazine, so you can get details there if you hate reading forums.
[Karl] set out to improve the depth image that the Kinect camera is able to feed into a computer. He’s come up with a pre-processing package which smooths the depth data in real-time.
There are a few problems here, one is that the Kinect has a fairly low resolution, it is also depth limited to a range of about 8 meters from the device (an issue we hadn’t considered when looking at Kinect-based mapping solutions). But the drawbacks of those shortcomings can be mitigated by improving the data that it does collect. [Karl's] approach is twofold: pixel filtering, and averaging of movement.
The pixel filtering works with the depth data to help clarify the outlines of objects. Weighted moving average is used to help reduce the amount of flickering areas rendered from frame to frame. [Karl] included a nice GUI with the code which lets you tweak the filter settings until they’re just right. See a demo of that interface in the clip after the break and let us know what you might use this for by leaving a comment.
Yes, Weblogs, Inc. has been purchased by AOL. Should you be worried? Not really. Weblogs, Inc. is still an independent entity from AOL. AOL won’t be censoring us or directing us. [grayskies] hit the nail on the head “How much direction did Weblogs, Inc have on Hack-A-Day? They had the annoying “Best of weblogs inc” and the banner at the top.” This deal does mean a better contract and probably more money to throw at projects, contest prizes and schwag. My checks will have AOL on them so I guess I have to stop throwing out the mail from them now.
As a show of good faith, here’s a recent article from Linux.ars on monitoring network traffic with Ruby and pcap; the example script is an AIM sniffer.
RoboNexus 2005 started yesterday. [William Cox] from GoRobotics.net is covering the event on his site.
[Robogeek] has decided to tackle the adaptive LED color controller project. First task: modularize the LED units.
While you’re over at Blogcadre you could help former H-A-D editor Jason Striegel beta test his smartphone app.
We get quite a few emails from people telling us that their school’s firewall blocks access to our site. Duxbury High School is actually holding a hacking contest. I was contacted by Mr. Conners looking for judges. We’ll do a judging poll if you readers are interested.
[phatmonkey] is working on a high altitude slug project.
The Hack-A-Day folding team is moving as fast as ever. We’re now ranked in the top 350.
People have started unlocking their Linksys “Vonage” PAP2. [Ozmotear]
[Troy] is already getting into the holiday spirit.
Instructables user [MRHint] was inspired by his friends’ recycling efforts, and decided to start recycling as well. The one thing he noticed was that they typically had no idea how many cans they had stored up, nor how much their bags of cans weigh. He figured that he could somewhat automate the crushing process while keeping an accurate can count using a handful of electronics and some elbow grease.
He started by designing a can crushing rig that would use an old windshield wiper motor he had sitting around the house. The motor is connected to a pulley, which drives a set of threaded rods connected to his movable crushing panel. When the motor is started, the panel is drawn against a stationary board, crushing the can.[MRHint] also had an unused Arduino hanging around, so he used it to control the crusher as well as keep track of how many times the crusher had been run.
From what we hear the whole setup works pretty well, but as with any project he sees plenty of room for improvement. Future changes may include a more powerful motor and a chain/sprocket setup in place of the belt and pulley he currently uses. Do you have any other suggestions for [MRHint]? Let us know in the comments.