Webtagr - Technology News Summarizer

Hacking a Satellite Back to Life: The BEESAT-1 Resurrection

2025-01-04

In 2013, Technische Universität Berlin's BEESAT-1 satellite stopped sending valid telemetry data. Projected to remain in orbit for another 20 years, its recovery would unlock new experiments. However, the satellite lacked both telemetry and software update capabilities. This talk recounts the story of how, by combining space and cybersecurity expertise, the fault was diagnosed without telemetry, software updates were implemented without the existing feature, and the satellite was resurrected in September 2024. The journey involved overcoming significant hurdles, including working with 15-year-old software and hardware and devising a method to upload new software without the standard update mechanism. The presentation details the entire recovery process, highlighting the unexpected challenges and successes.

(media.ccc.de)

Tech Satellite Repair

Reverse Engineering the TI SimpleLink RF MCU Black Box

2024-12-30

Despite the popularity of low-cost RF microcontrollers, their internal RF hardware workings remain largely undocumented. This talk delves into the Texas Instruments SimpleLink family of BLE and Sub-GHz RF MCUs. While the reference manual is comprehensive, the radio section is surprisingly sparse. The presenters reverse-engineered the SimpleLink MCU's RF subsystem, explaining its operation from stack to antenna. They also reverse-engineered TI's proprietary RF patch format and investigated the hidden DSP modem cores, potentially opening the door for a cheap single-chip SDR.

(media.ccc.de)

Hardware RF microcontroller

From Pegasus to Predator: The Evolution of Commercial Spyware on iOS

2024-12-30

This talk traces the evolution of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. It begins by analyzing how exploits, infection vectors, and methods of commercial spyware on iOS have changed over time. The presentation then explores advancements in detection methods and forensic resources available to uncover commercial spyware, including a case study on the discovery and analysis of BlastPass, a recent NSO exploit. Finally, it discusses technical challenges and limitations of detection methods and data sources, concluding with open research topics and suggestions for improving the detection of commercial spyware.

(media.ccc.de)

Tech iOS spyware exploits

Critical Flaw Discovered: NATO Radio Encryption Algorithm Broken

2024-12-29

Researchers from the Chaos Computer Club have uncovered a critical vulnerability in HALFLOOP-24, the encryption algorithm used by the US military and NATO. This algorithm protects the automatic link establishment protocol in high-frequency radio, but researchers demonstrated that just two hours of intercepted radio traffic are sufficient to recover the secret key. The attack exploits a flaw in HALFLOOP-24's handling of the 'tweak' parameter, using differential cryptanalysis to bypass significant portions of the encryption process and extract the key. This vulnerability compromises communication confidentiality and enables denial-of-service attacks. The research, published in two papers, highlights a serious security risk and underscores the importance of robust encryption algorithms.

(media.ccc.de)

Tech encryption algorithm

Bioterrorism: Reclaiming Your Health in a Controlled System

2024-12-29

This talk challenges the modern healthcare system's criminalization of self-managed health. Historically, personal health autonomy was the norm; however, today, it requires mediation by state-authorized institutions. The speaker delves into the possibilities of self-compounding medicine and navigating legal risks. The presentation encourages self-medication, offering information on numerous uncommercialized yet self-manufacturable medications, thus challenging the monopoly of the traditional healthcare system.

(media.ccc.de)

Misc bioterrorism self-medication health autonomy

Life After the Newag DRM Disclosure: A 38C3 Report

2024-12-29

Following the disclosure at 37C3 of remote failure simulation code in Newag trains, security researchers faced a backlash. This update details the aftermath, including legal battles with Newag and train operators, media interactions, and multiple official investigations. The report also reveals new cases from different train operators, illustrating the challenges faced by security researchers when confronting powerful adversaries.

(media.ccc.de)

Tech security research legal battles

38C3: Illegal Instructions - Chaos Communication Congress Explores Tech and Society

2024-12-29

The 38th Chaos Communication Congress (38C3), themed "Illegal Instructions," will take place in Hamburg from December 27th to 30th, 2024. This four-day conference, organized by the Chaos Computer Club (CCC), will feature talks and workshops on technology, society, and utopia. Topics range from hardware hacking and security to ethical and political discussions surrounding technological advancements. From liberating Wi-Fi on ESP32 to breaking Apple's new iPhone remote control feature and examining the EU's digital identity systems, 38C3 promises a diverse program sparking debate about technological ethics and societal responsibility.

(media.ccc.de)

Tech Society

Hackers Reveal Vulnerability in Europe's Remotely Controlled Power Grid

2024-12-29

A significant portion of Europe's renewable energy production is remotely controlled via longwave radio. While designed to stabilize the grid, this system, using unencrypted and unauthenticated Versacom and Semagyr protocols, is vulnerable to abuse. Researchers analyzed these protocols and demonstrated how vulnerabilities could be exploited to remotely control streetlights, power plants, and potentially cause large-scale blackouts. They also showcased the possibility of using this vulnerability to create a city-wide light art installation.

(media.ccc.de)

Tech grid security remote control

libobscura: Tackling the Challenges of Camera Programming on Linux

2024-12-28

Using cameras on Linux isn't easy, leading to the creation of libobscura. This project aims to simplify the Video4Linux interface, providing a user-friendly point-and-shoot API. Born from experience developing the camera stack for the Librem 5 and addressing the complexities of libcamera, the talk dives into the intricate details of modern camera control. From pixel formats and depths to media entities, sensitivity, denoising, and more, the challenges are numerous. Funded by the Prototype Fund, libobscura seeks to navigate these complexities, ultimately creating a more accessible camera API for Linux users.

(media.ccc.de)

Development camera

38C3 Conference: Reverse Engineering the ESP32's Wi-Fi Stack to Unlock its Potential

2024-12-28

At the 38C3 conference, Frostie314159 and Jasper Devreker presented a talk on reverse engineering the ESP32's Wi-Fi stack. By reverse engineering the closed-source Wi-Fi stack, they built an open-source alternative, unlocking the full potential of the ESP32. This allows the ESP32 to be used as a penetration testing tool, a B.A.T.M.A.N. mesh router, an AirDrop client, and more. The project highlights the versatility of the ESP32 and provides valuable experience for similar reverse engineering endeavors.

(media.ccc.de)

Hardware Open Source Wi-Fi

Security Flaws in Apple's New iPhone Mirroring Feature Revealed

2024-12-27

At the 38C3 Chaos Communication Congress, Aaron Schlitt's presentation exposed security vulnerabilities in Apple's new iPhone Mirroring feature. This feature allows users to remotely control their locked iPhones from their Macs, blurring the security boundaries of the iOS ecosystem. The talk demonstrated bypasses found in early iOS 18 beta versions, explaining how they work and the security risks involved, raising concerns about the security of Apple devices.

(media.ccc.de)

Tech security vulnerabilities iPhone Mirroring

Demystifying Common Microcontroller Debug Protocols

2024-12-27

This talk delves into common microcontroller debugging protocols like JTAG and SWD. Starting from the physical signals, it explains how these protocols work, covering common mechanisms for managing embedded processors and interacting with various microcontrollers. The presentation explores the meaning of debugging embedded software, building a list of requirements for a comfortable debugging environment, and referencing existing custom debug approaches. Examples range from FPGA cores to tiny 8-bit microcontrollers. Common abstractions like ARM's ADI and RISC-V DMI are also covered, bridging the gap between protocols and core control. Finally, it explains common tasks like flash programming, watchpoints, and single-stepping.

(media.ccc.de)

Development Microcontroller Debugging