How a wireless keyboard lets hackers take full control of connected computers

Found on Ars Technica on Saturday, 16 March 2019
Browse Hardware

While the keyboard and mouse send input that’s protected with the time-tested Advanced Encryption Standard, the USB dongle that accepts the input accepts unencrypted packets as well, as long as they’re in the proper format.

Matthias Deeg, a SySS researcher, said there is no reliable way keyboard users can protect themselves against the vulnerabilities other than to ensure they are completely isolated from all other radio-based devices.

That wouldn't happen if people would not want everything to be wireless.

The 6 reasons why Huawei gives the US and its allies security nightmares

Found on Technology Review on Monday, 31 December 2018
Browse Hardware

The detention in Canada of Meng Wanzhou, Huawei’s CFO and the daughter of its founder, is further inflaming tensions between the US and China. Her arrest is linked to a US extradition request.

Behind this very public drama is a long-running, behind-the-scenes one centered on Western intelligence agencies’ fears that Huawei poses a significant threat to global security.

In its defense, Huawei can point to the fact that no security researchers have found back doors in its products. “There’s all this concern, but there’s never been a smoking gun,” says Paul Triolo of the Eurasia Group.

The US and Europe are at fault for the problem, so they cannot complain at all. Over the past decades, more and more production has been outsourced to China because it was cheaper there thanks to non-existing protection of workers. At the same time, these industry sectors have been rooted out on the homelands. It's been obvious from the beginning, but greed and "free market" ignore common sense in favor of money.

Kansas trying to unload $10 million in computer equipment

Found on AP News on Sunday, 23 December 2018
Browse Hardware

The state still owes $2 million on the equipment, which it bought in 2016 as part of a failed plan to develop a centralized storage system, call Kansas GovCloud, for computer information. That idea was canceled by state IT officials who said it was too expensive. Instead, the state contracts with an outside company to store data on remote servers.

“We keep changing our IT philosophy as a state. Knee-jerk reactions. We need an overall picture to understand the direction the state needs to go,” she said.

What a fine example of wasted taxpayer money, mixed with incompetence. To make it worse, in the end they just shoved it onto "the cloud" (read: someone else's server which they do not have any control over).

The Commodore Amiga Was A Computer Ahead Of Its Time

Found on Gizmodo on Saturday, 15 December 2018
Browse Hardware

Despite being ahead of its time when it was unveiled in 1985, the Commodore Amiga didn't survive past 1996.

The Amiga had enough support from consumers to sell over the years, with the stripped-back Amiga 500 doing particularly well. Video games did well on the platform, thanks to its technical edge.

It was superior. However, Commodore borked it completely and sunk the ship.

Helium implicated in weird iPhone malfunctions

Found on Ars Technica on Wednesday, 31 October 2018
Browse Hardware

The iPhone user guide warns that proximity to helium can impair functionality and that to recover, devices should be left to air out for a week or so in an environment far away from the rogue helium.

Smartphones contain microelectromechanical systems (MEMS): tiny mechanical systems that are integrated into chips.

That's probably the weirdest way to make a smartphone stop working that we've heard. As for why non-Apple devices appear to escape without harm? They might use different seals or perhaps aren't using MEMS devices in such critical roles.

Or they use cheaper MEMs which have a lower quality to maximize profits.

Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus 'Security Updates'

Found on Motherboard on Wednesday, 17 October 2018
Browse Hardware

Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It’s just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements.

Hardware makers began cooking draconian restrictions into printers, ranging from unnecessary cartridge expiration dates to obnoxious DRM and firmware updates blocking the use of “unofficial” cartridges.

Along with net neutrality, there is a clear need for ink neutrality too.

Facebook unveils smart displays, promises not to snoop on your video calls

Found on Ars Technica on Monday, 08 October 2018
Browse Hardware

In addition to their price and size differences, the Portal+ has a more powerful speaker that includes two tweeters with high-range frequency and a single, four-inch bass speaker for richer sound. Both devices have a four-mic array that's designed to pick up your voice no matter where you are in the room.

Facebook hasn't been the most forthcoming company when it comes to letting users know which data it collects and how it's using that data. It also doesn't have the best track record when it comes to keeping users' data safe.

Facebook said it doesn't "listen to, view, or keep the contents of" Portal video calls and that all video calls are encrypted as well.

Yeah. Sure.

A $1, Linux-Capable, Hand-Solderable Processor

Found on Hackaday on Tuesday, 18 September 2018
Browse Hardware

This is an ARM processor capable of running Linux. It’s hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3.

There is no HDMI support, you’ll need to add some more chips (that are probably in a BGA package), but, hey, it’s only a dollar.

While the Allwinner A13 beats all the other options on price and solderability, it should be noted that like all of these random Linux-capable SoCs, the software is a mess. There is a reason those ‘Raspberry Pi killers’ haven’t yet killed the Raspberry Pi, and it’s because the Allwinner chips don’t have documentation and let’s repeat that for emphasis: the software is a mess.

So the price is good, but the software is a mess. That effectively turns it into a "thanks but no thanks" product, which is too bad. Not to mention that it's a bad idea to offer the core in a TQFP package which you can solder manually, while the missing graphic option would require BGA chips which cut down to target audience to a minority.

Intel rips up microcode security fix license that banned benchmarking

Found on The Register on Thursday, 23 August 2018
Browse Hardware

Intel's gagging order came in the form of this license clause: "You will not, and will not allow any third party to … publish or provide any Software benchmark or comparison test results."

Predictably, Intel's contractual omertà had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

That Intel even thought it would get away with that.

German researchers defeat printers' doc-tracking dots

Found on The register on Wednesday, 27 June 2018
Browse Hardware

Beating the unique identifiers that printers can add to documents for security purposes is possible: you just need to add extra dots beyond those that security tools already add. The trick is knowing where to add them.

Anybody can take a scan of the document, and clear “empty” areas in an image editor, but the group's second technique is more sophisticated. After their algorithm identifies the pattern in use, it takes a mask of all possible dot locations in that pattern, and adds extra dots that conform to the layout, but render the code meaningless.

If you think about it, the idea is pretty simple but clearly very efficient.