Category Archives: Design

Revisiting the Death of Michael Hastings

 Share
 Tweet
 Pin
 Vote

Could emerging tech present new forensics in the suspicious early demise of controversial Rolling Stone reporter, Michael Hastings? How cheaper hardware and open-sourced coding could shed new light on a murder as the possibility of remotely hacking today’s cars gains traction.

Hacking your car might already be possible. This tweet by NYT tech writer, Nick Bilton, is a great example:

Weeks back, I wrote a short piece about CANtact, a $60 device that enables you  to interface with a car’s onboard computer through your laptop’s USB port. Eric Evenchick presented CANtact at Black Hat Asia 2015 security conference in Singapore. The onboard CPU of a motor-vehicle is called the CAN, for Controller Area Network. Evenchick hopes his device’s affordability will spur programmers to reverse engineer the firmware and proprietary languages various CAN systems use.

Read more about CANtact: CANtact Device Lets you Hack a Car’s CPU for $60

I got feedback on the CANtact story about a seemingly unrelated topic: The Death of Michael Hastings. Hastings was Rolling Stone and Buzzfeed contributor who became very vocal about the surveillance state when the  U.S. Department of Justice started investigating reporters in 2013. Hastings coined the term “war on journalism” when the Obama Administration sanctioned limitations on journalists ability to report when the White House considered it a security risk. Buzzfeed ran his last story, “Why Democrats Love to Spy On Americans”, June 7, 2013. Hastings is considered suspicious by many Americans after he died in an explosive, high -speed automobile accident, June 18, 2013, in Los Angeles, CA.

Check out one of the last interviews with Michael Hastings and scroll down for a description of the oft repeated conspiracy theory surrounding his untimely death.

The Michael Hastings Conspiracy Theory:

Unlike a lot of post-millennium conspiracy theories, which usually start online, this one actually began on television. Reporters were already contentious about the limitations the Obama admin. were attempting to impose and it seemed like extremely suspicious timing that one of the leaders of the criticism against censorship was suddenly killed. The internet ran with it and some Americans considered the crash as suspicious at the time. Public opinion is often without the merit of hard evidence, though, and this case was no different. Not everyone considered the media coverage unbiased, considering the political stake journalists had in the issue.

The first solid argument that Hasting didn’t die by accident came from Richard A. Clarke, a former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism(what a title~!), who called the crash “consistent with a car cyber attack”. The conspiracy theory gestating around water coolers and message boards was truly born when Clarke went public with this outright accusation:

“There is reason to believe that intelligence agencies for major powers—including the United States—know how to remotely seize control of a car. So if there were a cyber attack on [Hastings’] car—and I’m not saying there was, I think whoever did it would probably get away with it.”

Next, WikiLeaks announced that Hastings reached out to a Wikileaks lawyer Jennifer Robinson only a few hours before the crash.

Army Staff Sergent Joe Biggs came forward with an email he thought might help in a murder investigation. The email was CCed to a few of Hastings’ colleagues, stating he was “onto a big story” and planned to “go off the radar”. Perhaps the most incriminating detail is that he warned the addressees of this email to expect a visit from the FBI. The FBI denied Hastings was being investigated in a formal press release.

LA Weekly admitted Hastings was preparing a new installment of what had been an ongoing story involving the CIA. Hastings’ wife, Elise Jordan, confirmed he had been working on a story profiling CIA Director John O. Brennan.

 

The case against foul play:

I have to admit, I got sucked in for a second but Cosmoso is a science blog and I personally believe an important part of science is to maintain rational skepticism. The details I listed above are the undisputed facts. You can research online and verify them. It might seem really likely that Hastings was onto something and silenced by some sort of foul play leading to a car accident but there is no hard evidence, no smoking gun, no suspects and nothing really proving he was a victim of murder.

The rumor online has always been that there are suspicious aspects to the explosion. Cars don’t always explode when they crash but Frank Markus director of Motor Trend said the ensuing fire after the crash was consistent with most high-speed car crashes. The usual conspiracy theorist reaction is to suspect this kind of testimony to have some advantage or involvement thus “proving” it biased. It’s pretty difficult to do that in the case of Frank Markus, who just directs a magazine and website about cars.

Hastings’ own family doesn’t seem to think the death was suspicious. His brother, Jonathan, later revealed Michael seemed “manic” in the days leading up to the crash. Elise Jordan, his wife told the press it was “just a really tragic accident”

A host of The Young Turks who was close with Hastings once said Hastings’ friends had noticed he was agitated and tense. Michael often complained that he was being followed and watched. It’s easy to dismiss the conspiracy theory when you consider it may have stemmed from the line of work he chose.

Maybe the government conspiracy angle is red herring.

Reporting on the FBI, the Military, the Whitehouse, or the CIA are what reporters do. People did it before and since. Those government organizations have accountability in ways that would make an assassination pretty unlikely.

If it wasn’t the government who would have wanted to kill Hastings?

A lot of people, it turns out. Hastings had publicly confirmed he received several death-threats after his infamous Rolling Stone article criticizing and exposing General McChrystal. Considering the United States long history of reactionary violence an alternate theory is that military personnel performed an unsanctioned hit on Hastings during a time when many right wing Americans considered the journalist unpatriotic.

Here’s where the tech comes into play:

Hastings had told USA Today his car had recently been “tampered with”, without any real explanation of what that means but most people in 2013 would assume it means physical tampering with the brakes or planting a bug. In any case he said he was scared and planned to leave town.

Now it’s only two years later, and people are starting to see how a little bit of inside knowledge of how the CAN computer works in a modern vehicle can be used to do some serious harm. We might never know if this was a murder, an assassination or an accident but hacking a car remotely seemed like a joke at the time; two years later no one is laughing.
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

CANtact Device Lets you Hack a Car’s CPU for $60

 Share
 Tweet
 Pin
 Vote

Right now, Eric Evenchick is presenting CANtact at Black Hat Asia 2015 security conference in Singapore. Cantact is a hardware interface that attaches to the car’s CPU at one end and a regular laptop at the other. He’s already figured out how to do several simple hacks. It may sound like a simple device but the pricey commercially-available on-board CPU interfaces have been a consistent obstacle to car security research.

Car Companies have a huge security hole that they have not publicly addressed. The only reason people don’t regularly computer hack motor-vehicles is a lack of commercially available hardware. Hacking a car’s electronic system is something only a few people would even have the equipment to learn. To become a specialized security researcher in this area you would have to have a car you are willing to seriously mess with, which is expensive in and of itself. Some people might have access to a clunker that was made recently enough to have a CPU but they can’t afford the $1,200 stock cable that your local car mechanic would have to run the pre-fab software provided my the manufacturer. Eric Evenchick spent the last year figuring out exactly what makes the hardware tick, so he could put it int he hands of security researchers for the price of a dinner at a fancy restaurant.

24-year-old Eric Evenchick calls the controversial device CANtact, and he’s going to present it today at Black Hat Asia security conference in Singapore, whether car companies like it or not. The code that comes on the board attached tot he cable is open source. He can get it as cheap as $60 and maybe it will sell through third parties for $100.  CANtact uses any USB interface to adapt to a car or truck’s OBD2 port at the other end. OBD2 ports usually connect under the dashboard and talk to the car or trucks CPU. In most modern vehicles, the complicated Controller Area Network, or CAN, controls  the windows, the brakes, the power-steering, the dashboard indicators and more. It’s something that can disable your car and most people shouldn’t mess with it just yet. Once peer-collaborated info breaks into the mainstream, Evenchick hopes customized CAN systems will be common practice.

“Auto manufacturers are not up to speed. They’re just behind the times. Car software is not built to the same standards as, say, a bank application. Or software coming out of Microsoft.” Ed Adams at Security Innovation, 2014

Is can hacking a security threat we’ll see in the future? Quite probably. Back in 2013 security researchers Chris Valasek and Charlie Miller used DARPA funding to demonstrate how possible it really is to affect steering and brakes once the CAN system is accessed.

In the controversial death of journalist Michael Hastings, some people suspected car-hacking. It’s never been proven but you can read a detailed examination of the evidence in the Cosmoso.net article: Revisiting the Death of Michael Hastings

Evenchick is not trying to allow hackers to more easily hack cars. Instead he claims more affordable gadgetry will improve security, which seems to be the way tenuous relationship of security culture and hacking has always gone. In the test described in the link to the forbes article above, Valasek and Miller rewired a $150 ECOM cable to access and test vehicles’ OBD2 ports. CANtact comes out of the box ready to do what Valasek and Miller had to stay up late nights perfecting.

Anyone who attended Black Hat Asia, or can get a hold of any video of Evenchick’s presentation can contact Jon Howard: [email protected]
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

Carbon3D’s CLIP: Faster than Any Other 3D Printing System – and Cooler Looking!

 Share
 Tweet
 Pin
 Vote

A picture is worth a thousand words with CLIP 3D’s laser-cured liquid printing.

3D printing is one of the best up and coming tech fields to follow. CLIP 3D Printing is the fastest device to date. Designers and engineers are starting to rely on 3D printing to stay competitive but the process is far from streamlined. Companies like Carbon3D are ahead of the pack with the coolest looking printing process that just happens to also be faster than anyone else out there. By rethinking the way the resin is cured, Carbon3D got their newest printer to produce 25-100 times faster than any other resin printing techniques, as of early 2015. It’s like they just couldn’t decide between fast an beautiful.

Peep the video at the bottom of this article~!

3Dprint.com broke the story, announcing Carbon3D’s Continuous Liquid Interface Production technique. CLIP built off of the most innovative ideas that have already been done with 3D printing  by utilizing photosensitive resin and an incredibly precise laser to cure the liquid into a solid from the bottom of a clear pan. Inspired by techniques which print and cure layer-by-layer, CLIP instead uses it’s laser to cure in conjunction with oxygen which inhibits the curing process allowing for variable ratios of viscosity. This allows the printer to print in 3 dimensions simultaneously.

DIAGRAM OF CLIP

You can see the liquid from the top in the promotional media but the action happens underneath the pool. The transparent window that holds the pool of liquid “ink” is also oxygen-permeable. This allows controlled amounts of oxygen and laser light to hit the bottom of the liquid layer.  Carbon3D  explains the process can leave uncured spots on the bottom layer as little as a few dozen microns thick. As the oxygenated areas of the resin are decided, the laser cures the unoxygenated areas, leaving a layer of solid that is attached to the layer above. This amazing GIF speaks for itself. DAYUM:

Carbon 3D has managed to keep a proprietary amount of this technique secret while still nailing down $41 million in funding from venture capital firms. It’s almost like they 3D printed themselves from liquid into the solid competitive start-up they are today.

As the fastest guys on the scene Carbon3D are the hottest new guys. The slow production speed is one of the biggest reasons 3D printing hasn’t become the manufacturing norm and CLIP printing is expected to change that moving forward from early 2015. Cosmoso.net is watching this fascinating development on the edge of our 3D printed seats.
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

The Computer of the Future is…. Vague.

 Share
 Tweet
 Pin
 Vote

Quantum Computer prototypes make mistakes. It’s in their nature. Can redundancy correct them?

Quantum memory promises speed combined with energy efficiency. If made viable it will be used in phones, laptops and other devices and give us all faster, more trustworthy tech which will require less power to operate.  Before we see it applied, the hardware requires redundant memory cells to check and double-check it’s own errors.

All indications show quantum tech is poised to usher the next round of truly revolutionary devices but first, scientists must solve the problem of the memory cells saving the wrong answer. Quantum physicists must redesign circuitry that exploits quantum behavior. The current memory cell is called a Qubit. The Qubit takes advantage of quantum mechanics to transfer data at an almost instantaneous rate, but the data is sometimes corrupted with errors. The Qubit is vulnerable to errors because it is physically sensitive to small changes in the environment it physically exists in. It’s been difficult to solve this problem because it is a hardware issue, not a software design issue. UC Santa Barbara’s physics professor John Martinis’ lab is dedicated to finding a workaround that can move forward without tackling the actual errors. They are working on a self-correcting Qubit.

The latest design they’ve developed at Martinis’ Lab is quantum circuitry that repeatedly self-checks for errors and suppresses the statistical mistake. Saving data to mutliple Qubits and empowering the overall system with that kind of desirable reliability we’ve come to expect from non-quantum digital computers. Since an error-free Qubit seemed last week to be a difficult hurdle, this new breakthrough seems to mean we are amazingly close to a far-reaching breakthrough.

Julian Kelly is a grad student and co-lead author published in Nature Journal:

“One of the biggest challenges in quantum computing is that qubits are inherently faulty so if you store some information in them, they’ll forget it.”

Bit flipping is the problem dejour in smaller, faster computers.

Last week I wrote about a hardware design problem called bit flipping, where a classic, non-quantum computer has this same problem of unreliable data. In effort to make a smaller DRAM chip, designers created an environment where the field around one bit storage location could be strong enough to actually change the value of the bit storage location next to it. You can read about that design flaw and the hackers who proved it could be exploited to gain system admin privileges in otherwise secure servers, here.

Bit flipping also applies to this issue in quantum computing. Quantum computers don’t just save information in binary(“yes/no”, or “true/false”) positions.  Qubits can be in any or even all positions at once, because they are storing value in multiple dimensions. It’s called “superpositioning,” and it’s the very reason why quantum computers have the kind of computational prowess they do, but ironically this characteristic also makes Qubits prone to bit flipping. Just being around atoms and energy transference is enough to create unstable environments and thus unreliable for data storage.

“It’s hard to process information if it disappears.” ~ Julian Kelly.

Along with Rami Barends, staff scientist Austin Fowler and others in the Martinis Group, Julian Kelly is making a data storage scheme where several qubits work in conjunction to redundantly preserve information. Information is stored across several qubits in a chip that is hard-wired to also check of the odd-man-out error. So, while each Qubit is unreliable, the chip itself can be trusted to store data for longer and with less, hopefully, no errors.

It isn’t a new idea but this is the first time it’s been applied. The device they designed is small, in terms of data storage, but it works as designed. It corrects its own errors. The vision we all have of a working quantum computer able to process a sick amount of data in an impressively short time? That will require something in the neighborhood of  a hundred million Qubits and each of the Qubits will be redundantly  self-checking to prevent errors.

Austin Fowler spoke to Phys.org about the firmware embedded in this new quantum error detection system, calling it surface code. It relies on the measurement of change between a duplication and the original bit, as opposed to simlpy comparing a copy of the same info. This measurement of change instead of comparison of duplicates is called parity recognition, and it is unique to quantum data storage. The original info being preserved in the Qubits is actually unobserved, which is a key aspect of quantum data.

“You can’t measure a quantum state, and expect it to still be quantum,” explained Barends.

As in any discussion of quantum physics, the act of observation has the power to change the value of the bit. In order to truly duplicate the data the way classical computing does in error detection, the bit would have to be examined, which in and of itself would potentially cause a bitflip, corrupting the original bit. The device developed at Martini’s U of C Santa Barbara lab

This project is a groundbreaking way of applying physical and theoretical quantum computing because it is using the phsycial Qubit chip and a logic circuit that applies quantum theory as an algorithm. The results being a viable way of storing data prove that several otherwise untested quantum theories are real and not just logically sound. Ideas in quantum theory that have been pondered for decades are now proven to work in the real world!

What happens next?

Phase flips:

Martinis Lab will be continuing it’s tests in effort to refine and  develop this approach. While the bit flip errors seemed to have been solved with this new design, there is a new type of error not found in classical computing that has yet to be solved: the  phase-flip. Phase-flips might be a whole other article and until Quantum physicists solve them there is no rush for the layman to understand.

Stress tests:

The team is also currently running the error correction cycle for longer and longer periods while monitoring the devices integrity and behavior to see what will happen. Suffice to say, there are a few more types of errors than it may appear, despite this breakthrough.

Corporate sponsorship:

As if there was any doubt about funding…. Google has approached Martinis Lab and offered them support in effort to speed up the day when quantum computers stomp into the mainstream.
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

Examining The Apple iPhone Planned Obsolescence Conspiracy

 Share
 Tweet
 Pin
 Vote

Apple has the money and the know how… are they making your old iPhone suck through planned obsolescence just to force you into the checkout line for a new one?

Planned Obsolescence isn’t just a conspiracy theory. You can read the 1932 pamphlet, widely-considered the origin of the concept, here. The argument in favor of it is it’s effect on the economy; more products being produced and sold means an active, thriving market. Of course there is an obvious ethical problem of selling people a product that won’t continue to work as it should for as long as it should. Several companies openly admit they do it. For Apple, it works like this: Whenever a new iPhone comes out, the previous model gets buggy, slow and unreliable. Apple dumps money into a new, near perfect ad campaign and the entire first world and beyond irrationally feels silly for not already owning one, even before it’s available. Each release marks the more expensive iPhone with capabilities the last one can’t touch. This is already a great marketing plan and I’m not criticizing Apple’s ability to pull it off as described. The problem is planned obsolescence; some iPhone owners notice the older model craps out on them JUST as the newest iPhone hits the retail shops. Apple has the money and the know how… are they making your old iPhone suck just to force you into the checkout line for a new one?

Full disclosure, I’m biased: I owned an iphone for long enough to live through a new product release and mine did, indeed, crap out as described above. Slow, buggy, and unreliable it was. With that anecdote under my belt I might be satisfied to call this e-rumor totally true but in the interest of science I collected further evidence. I combed the messageboards to see who had good points and who is just the regular internet nutjob with a stupid theory. To examine the evidence, I’m gonna start with this fact:

Fact 1: Apple’s product announcements and new product releases come at regular intervals. So, if the old iPhones stop working correctly at that same interval there would be a coinciding pattern. The tricky part is finding the data but the pattern of release dates is a good place to start because it is so clear. Other companies could be doing this type of fuckery but it would be harder to track. Not only does Apple time their releases but they do it at a faster pace than most. The new iPhones tend to come out once a year but studies show people keep their phones for about 2-3 years if they are not prompted or coerced to purchase a newer model.

Fact 2: Yes, it’s possible. There are so many ways the company would be able to slow or disable last year’s iPhone. It could happen by an automatic download that can’t be opted out of, such as an “update” from the company. Apple can have iPhones come with pre-programmed software that can’t be accessed through any usual menu system on the iPhone. There can even be a hardware issue that decays or changes based on the average amount of use. There can be a combination of these methods. The thing is, so many people jailbreak iPhones, it seems like someone might be able to catch malicious software. There are some protocols that force updates, though. hmmm.

Fact 3: They’ve been accused of doing this every new release since iPhone 4 came out. his really doesn’t look like an accident, guys. This 2013 article in the New York Times Magazine by Catherine Rampell describes her personal anecdote, which, incidentally is exactly the same as the way my iPhone failed me. When Catherine contacted Apple tech support they informed her the iOS 7 platform didn’t work as well on the older phones, which lead her to wonder why the phones automatically updated the operating system upgrade in the first place.

Earlier on the timeline, Apple released iOS 4 offering features that were new and hot in 2010: features like tap-to-focus camera, multitasking and faster image loading. The iPhone 4 was the most popular phone in the country at the time but it suddenly didn’t work right, crashing and becoming too slow to be useful.

The iPhone 4 release made the iPhone 4 so horrible it was basically garbage, and Apple appeared to have realized the potential lost loyalty and toned it down. The pattern of buggy and slow products remained, though, When iOS 7 came out in 2013, it was a common complaint online and people started to feel very sure Apple was doing it on purpose.

Fact 4: Google Trends shows telltale spikes in complaints that match up perfectly with the release dates. The New York Times(2014) called this one and published Google queries for “iphone slow” spike in traffic for that topic. Look at Google trends forecasting further spikes because the pattern is just that obvious:

Does Apple Ruin Your iPhone on Purpose? The Conspiracy, Explained

Apple has a very loyal customer base, though. Rene Ritchie wrote for iMore, saying this planned obsolescence argument is “sensational,” and a campaign of “misinformation” by people who don’t actually understand how great an iPhone really is(barf). Even though the motive is crystal clear, the arguement that Apple is innocent isn’t complete nonsense, either: Apple ruining iPhones could damage customer loyalty. People espousing this argument claim an intentional slowdown is less likely than just regular incompatibility due to new software features. The latter point is a good one, considering how almost all software manufacturers have a hard time adjusting new software to old operating systems. Cooler software usually needs faster hardware and for some ridiculous reason no one has ever come out with an appropriately customizable smartphone and Apple woudl likely be the last on the list.

Christopher Mims pointed out on Quartz: “There is no smoking gun here, no incriminating memo,” of an intentional slowdown on Apple’s part.

There is really no reason to believe Apple would be against this kind of thing, even if planned obsolescence were a happy accident for the mega-corporation. Basically, if this is happening by accident it’s even better for Apple because they don’t have to take responsibility and it likely helps push the new line. Apple is far from deserving the trustworthy reputation they’ve cultivated under Steve Jobs, as the glitzy marketing plan behind the pointless new Apple Watch demonstrates.
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

“Rowhammering” Attack Gives Hackers Admin Access

 Share
 Tweet
 Pin
 Vote

A piece of code can actually manipulate the physical memory chip by repeatedly accessing nearby capacitors in a burgeoning new hack called Rowhammering. Rowhammer hacking is so brand new no one’s actually done it yet. Google’s Project Zero security initiative figured out how to exploit an aspect of a physical component in some types of DDR memory chips. The hack can give the user increased system rights regardless of an untrusted status. Any Intel-compatible PCs with this chip and running Linux are vulnerable – in theory. Project Zero pulled it off but it isn’t exactly something to panic about unless you are doing both those things: using DRAM and running linux.

A lot of readers might be susceptible to this security hack but most won’t want to read the technical details. If you are interested you can check out the project zero blog piece about it.  The security flaw is in a specific chip, the DRAM, or dynamic random-access memory chip. The chip is supposed to just store information in the form of bits saved on a series of capacitors. The hack works by switching the value of bits stored in DDR3 chip modules known as DIMMs. so, DRAM is the style of chip, and each DRAM houses several DIMMs. Hackers researching on behalf of Project Zero basically designed a program to repeatedly access sections of data stored on the vulnerable DRAM until the statistical odds of one or more DIMMS retaining a charge when it shouldn’t becomes a statistical reality.

IN 2014, this kind of hack was only theoretical until, scientists proved this kind of “bit flipping” is completely possible. Repeatedly accessing an area of a specific DIMM can become so reliable as to allow the hacker to predict the change of contents stored in that section of DIMM memory. Last Monday(March 9th, 2015) Project Zero demonstrated exactly how a piece of software can translate this flaw into an effective security attack.

“The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software,” David Kanter, senior editor of the Microprocessor Report, told Ars. “This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack.”

Why it’s called Rowhammering.

The memory in a DDR-style chip is configured in an array of rows and columns. Each row is grouped with others into large blocks which handle the accessable memory for a specific application, including the memory resources used to run the operating system. There is a security feature called a “sandbox”, designed to protect the data integrity and ensure the overall system stays secure. A sandbox can only be accessed through a corresponding application or the Operating System.  Bit- flipping a DDR chip works when a hacker writes an application that can access two chosen rows of memory. The app would then access those same 2 rows hundreds of thousands of times, aka hammering. When the targeted bits flip from ones to zeros, matching a dummy list of data in the application, the target bits are left alone with the new value.

The implications of this style hack are hard to see for the layman but profound in the security world. Most data networks allow a limited list of administrators to have special privileges. It would be possible, using a rowhammer attack, to allow an existing account to suddenly gain administrative privileges to the system. In the vast majority of systems that kind of access would allow access into several other accounts. Administrative access would also allow some hackers to alter existing security features. The bigger the data center, the more users with accounts accessing the database, the more useful this vulnerability is.

The Physics of a Vulnerability

We’re all used to newer tech coming with unforeseen security problems. Ironically, this vulnerability is present in newer DDR3 memory chips. This is because the newer chips are so small there is actually and is the result of the ever smaller dimensions of the silicon. The DRAM cells are too close together in this kind of chip, making it possible to take a nearby chip, flip it back and forth repeatedly, and eventually make the one next to it – the target bit that is not directly accessible- to flip.

Note: The Rowhammer attack being described doesn’t work against newer DDR4 silicon or DIMMs that contain ECC(error correcting code), capabilities.

The Players and the Code:

Mark Seaborn, and Thomas Dullien are the guys who finally wrote a piece of code able to take advantage of this flaw. They created 2 rowhammer attacks which can run as processes. Those processes have no security privileges whatsoever but can end up gaining  administrative access to a  x86-64 Linux system. The first exploit was a Native Client module, incorporating itself into the platform as part of Google Chrome. Google developers caught this attack and altered an instruction in Chrome called CLFLUSH and the exploit stopped working. Seaborn and Dullien were psyched that they were able to get that far and write the second attempt shortly thereafter.

The second exploit, looks like a totally normal Linux process. It allowed Seaborn and Dullien to access to all physical memory which proved the vulnerability is actually a threat to any machine with this type of DRAM.

The ARS article about this has a great quote by Irene Abezgauz, a product VP at Dyadic Security:

The Project Zero guys took on the challenge of leveraging the concept of rowhammer into an actual exploit. What’s impressive is the combination of lots of deep technical knowledge with quite a bit of hacker creativity. What they did was create attack techniques in which flipping just a single bit in a specific location allows them to execute any code they want with root privileges or escape a sandbox. This is impressive by itself, but they added to this quite a few creative solutions to make it more likely to succeed in a real world scenario and not just in the lab. They figured out ways for better targeting of the specific locations in memory they needed to flip, improved the chances of the attack to succeed by creating (“spraying”) multiple locations where a flipped bit would make the right impact, and came up with several ideas to leverage this into actual privileged code execution. This combination makes for one of the coolest exploits I’ve seen in a while.

Project Zero didn’t name which models of DDR3 are susceptible to rowhammering. They also claim that this attack could work on a variety of operating platforms, even though they only tried it on a Linux computer running x86-64 hardware, something that they didn’t technically prove but seems very believable considering the success and expertise they seem to carry behind that opinion.

So, is Rowhammering a real threat or just some BS?

There isn’t an obvious, practical application for this yet. Despite how powerful the worst-case scenario would be, this threat doesn’t really come with a guarantee of sweeping the internet like some other, less-recent vulnerability exploits. The overwhelming majority of hacks are attempted from remote computers but Seaborn and Dullien apparently needed physical access to incorporate their otherwise unprivlidged code into the targeted system. Also, because the physical shape of the chip dictates which rows are vulnerable it may be the case that users who want to increase security to protect against this exploit can just reconfigure where the administrative privileges are stored and manipulated on the chip. Thirdly, rowhammering as Project Zero describes actually requires over 540,000 memory accesses less than 64 milliseconds – that’s a memory speed demand that means some systems can’t even run the necessary code. Hijacking a system using rowhammering with these limitations is presently not a real threat.

People used to say the same thing about memory corruption exploits, though. For examples: buffer overflow or a use-after-free both allow hack-attempts to squeeze malicious shell code into protected memory of a computer. Rowhammering is differnt because it is so simple. It only allows increased privileges for the hacker or piece of code, which is a real threat if it becomes developed as thoroughly as the development of memory corruption exploits has. The subtle difference might even be hard to grasp now, but now that the work has been done it’s the usual race between security analysts who would love to protect against it and the criminal world trying to dream up a way to make it more viable. Rob Graham, CEO of Errata Security, wrote further on the subject, here.

In short, this is noteworthy because a physical design flaw in a chip is being exploited, as opposed to a software oversight or code efficacy problem. A piece of code is actually affecting the physical inside of the computer during the attack.

Or, as Kanter, of the Microprocessor Report, said:

“This is not like software, where in theory we can go patch the software and get a patch distributed via Windows update within the next two to three weeks. If you want to actually fix this problem, we need to go out and replace, on a DIMM by DIMM basis, billions of dollars’ worth of DRAM. From a practical standpoint that’s not ever going to happen.”
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

Is the new Apple Watch Missing the Mark or Ahead of it’s Time?

 Share
 Tweet
 Pin
 Vote

My friend Pat O’dea wrote:

Asked a guy showing off his expensive new smartwatch “What do you like most about it?” He replied “You don’t realize how many times during the day you have to reach into your pocket and pull your phone out just to see what time it is, so this like, totally solves that.” Speechless.

Steve Jobs’ legendary status as a businessman and a tech pioneer didn’t die with him, but Apple is pretty far from bulletproof. No one’s talent for anticipating the wants and needs of the consumer base is infallible and the ability to cultivate a brand reputation is arguably too rare to even study or accurately speculate about.  Apple has gone through ups and downs and had some spectacular failures in the past. Since his death, everyone has pondered at least once: Can the brand progress into a new era of product development without Jobs?

Apple tenaciously conceptualized the personal computer but the real ability to stay afloat and eventually thrive depended on financial support from investors and even competitors who were simply eager to keep the market of new ideas alive with the competition that spurred the personal computer’s development in the first place. The story behind Apple is one that discusses the future of branding itself. A few years ago Apple cultivated a lifestyle. The ipod and the iphone were as American as Coca~Cola or Warner Brothers. From hardware design, to software design, to intuitive user experience, Apple made devices that people found easy to use and extremely, surprisingly useful – and they did it with confidence and subtlety.  Never before has a company proven it’s finger to be on the pulse of the market. Period.

The millions behind Apple’s multiple ad campaigns were spent to capture a market that may not be able to afford the type of products that forged the rep. Missing Steve Jobs leadership might not be the problem behind Apple repeatedly missing the mark but it’s hard to imagine him supporting a product like the Apple Watch.

The “Think different,” campaign was aimed at regular, middle class people. Apple products took existing tech and put it in a format anyone could just pick up, figure out, and use without any real instruction or coaching. Most of all, apple products were effective and useful. Despite the target audience, the products have always come with a price tag that was a tad high for the intended consumers.

Apple Watch is following only one aspect of the marketing plan in this beginning of the post-Jobs era: the pitch. They are trying to push the watch as an affordable product when it’s usefulness is taken into consideration. The problem is: it isn’t very useful.

People supported and even coveted iPods and iPhones  because of the groundbreaking and aesthetic but the accusation of them being expensive and frivolous has always plagued the company. The atmosphere Jobs cultivated put a spell on the world but the products often did live up to the hype – or at least come close. The days of Americans buying $2000 laptops and considering it a bargain are damn near over. Being able to take a unit out of the box and find a pre-programmed piece of tech that the everyman could (almost)afford and operate was apparently harder than Jobs made it seem. The days of Apple being able to brag about how useful these devices are seriously numbered.

It’s not just the watch. Apple press-released new laptops available in gold. They released videos of Christy Turlington Burns doing the things millionaires do. The Apple Watch also comes plated in 18 Karat Gold. Tim Cook quoted the starting price at $10,000.

Over the past year, various people speculated or confirmed that this jump to a new target audience was in the works. John Gruber blogs for Apple, and he predicted the highest of this new high end material would not even be affordable. Kevin Roose wrote for Fusion, saying Apple is likely to market toward the high end of the wealth inequality spectrum pointing out how wrong engineer Jony Ive was by quipping, “Apple products are for everyone.”

So the new prices are out and they are as ridiculous as expected. The new product reviews are in and the watch isn’t really doing anything that a phone can’t already pull off.  The lower end model of the Apple Watch is still $350 and if all it really offers is the differnce between a pocket-watch and a wristwatch, I think it’s safe to say: Apple fell off. There is no technological difference between the low end and high end models; the computer is the identical in functionality. The higher end model is not useful except for people who want to brag about it as a status symbol or convert their money into an asset that may not even appreciate in value. In short, it seems like a seriously bad investment.

I might be out of line by imagining what a deadman would say but gold-plated anything is not something I would have expected Jobs’ reputation to support. The other side of this debate is something like: Apple has had a long and storied history and changed it’s mission several times. There is no reason to see this as the end of Apple. It’s possible that the company is acting on economic information that has been vetted and tested extensively and knows full well that an expensive, sort of silly watch is going to push profit margins appropriately toward their goals. That doesn’t make this round of new products any less disappointing.
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY

An Interview With 3D Printed Food Artist Chloe Rutzerveld

 Share
 Tweet
 Pin
 Vote

Chloé shines in this interview about the future of food design and her upcoming year, including SXSW and developing 3D-printed prototypes into a culinary reality.

Eindhoven University of Technology Graduate, Chloé Rutzerveld, designed a food I don’t quite know how to categorize. I first saw pictures of her most recent work, Edible Growth, last week and immediately wrote to her. Her Edible Growth concept involves a bunch of hot topics in current scientific thought but the pictures don’t put the technology first – they just look great. In fact the pictures are currently the point of the project. There are tons of details that need to be worked out, and Rutzerveld is spending the upcoming year getting the funding, awareness and support to develop this project into a realistic restaurant menu item. 3d printing technology is a frontier she is willing to jump way into. Read more about Edible Growth on Rutzerveld’s website.

Chloé answered a ton of questions below

Sketches

The current concept art looks great. What was the initial idea behind these great looking confections?

The shape of the edible developed and changed throughout the design process, influenced by development in the technological and biotechnological parts of the project. For example, at first, I made drawings of Edible Growth in which the entire ball was filled with wholes. Which doesn’t make sense because cresses and mushrooms don’t grow down, only up 😉

3d printed food

Chloé’s initial, all-plastic design showed plants and mushrooms growing in all directions but the final design with real food had to accommodate gravity with a modified design.

Also, when the product is printed, you see straight lines, showing the technology part.. when the product matures these straight technological lines become invisible by the organic growth of the product. Showing the collaboration between technology and nature. Technology in this project is merely used as a means to enhance natural processes like photosynthesis and fermentation.

Chloe RutzerveldWhat inspired you? 

My skepticism towards printing food and the urge to find some way to use this new technology to create healthy, natural food with good a good taste and structure in which the printer would add something to the product, as well as the environment.

3d printen

A 3d printer arranges dough for the first step of an edible growth prototype.

Once you had the idea, how long did it take you to produce the prototypes and pastries we can see in the photos?

At first I made a lot of drawings and prototypes form clay. After that I started using nylon 3d-printed structures. When I gained more knowledge about 3d printing and the material composition inside the structure, the design of the product changed along with that. The mushrooms and cress inside the prototypes, as well as the savory pie dough is just a visualization, the final product might be totally different. It’s mend as inspiration and showing that we should think beyond printing sugar, chocolate and dough if we want to use this technology to create future ‘food’.

The prototyping process took about 2 months I think.. and multiple museums asked if they could exhibited it, I made non-food, food products that would last longer.

DSC06857

What are you doing for a living? 

Haha great question, because as you probably understand, media attention is great but does not help me pay my bills unfortunately 😉 But it does make it easier to get assignments for the development of workshops, dinners etc.

Basically at this point, I give lectures, presentations, and organize events and dinners. One upcoming event I’m organizing is about my new project called “Digestive Food”. I will not say too much about it, but I’ll update my website soon;)

To have a more stable income, I started working for the Next Nature Network in February, to organize the Next Nature Fellow program! Next Nature explores the technosphere and the co-evolving relationship with technology

Edible GrowthHow did you find the project so far?

Well I personally think it looks beautiful and I’m quite proud that so many people are inspired and fascinated by it! It would be great if such a product would come on the market.

I wonder what the pastry and edible soil are made of. Can you talk about the ingredients? 

I don’t call it edible soil, but a breeding ground. Because everything must be edible (like a fully edible eco-system) we experimented with a lot of different materials. But in the end, we found that agar-agar is a very suitable breeding ground on which also certain species of fungi and cress (like the velvet-paw and watercress for example) can grow very easily within a few days without growing moldy!

IMG_8562

Agar-agar breeding ground turned out to be the right mix of versatility and food-safe materials to make Edible Growth go from plastic prototype to edible reality.

How do you feel about copyright and patented ideas?

I am not very interested in that part.. of course it’s good to get credits for the idea and the photo’s but I will not buy a patent. I don’t have the knowledge or employees to develop this concept into a reel product. So I actually hope someone steels the idea and starts developing it further :)! I’m often asked by big tech-companies or chefs if I wanted an investment to develop it… but to be honest.. I’ve many other ideas and things I would like to do.

Edible prototype - Copy

Do  you have secret ingredients?

Haha not in the product, but in my work it would be passion, creativity and a pinch of excessive work ethos 😉

What types of foods have you experimented with?

For Edible Growth? A dozen of cresses, and other seeds, dried fruits and vegetables for the breeding ground, agar-agar, gelatins, some spores..

But for my other projects also with mice, muskrat, organ meat, molecular enzymes etc.

IMG_9265

Who have you been working with? 

Waag Society (Open Wetlab, Amsterdam), Next Nature (Amsterdam), TNO (Eindhoven & Zeist), Eurest at the High Tech Campus (Eindhoven)

What is your studio environment like? 

I actually still live in a huge student-home which I share with 9 other people. But because I almost graduated one year ago I will need to move out. So I work a lot at home, in my 16m2 room, in the big-ass kitchen downstairs,  if I have appointments somewhere I afterwards work in a café or restaurant with wi-fi, or at flex work places, my parents house.. I’m very flexible and can work almost everywhere 🙂 Practical work I’ll do mostly at home obviously.

But I am looking for a nice studio in Eindhoven, that’s easier to receive guests or people from companies.

 What steps need to happen before we start seeing 3D printed food become commercially available? Development of software, hardware and material composition.

I noticed on your website you have other projects in the works. What are you doing currently? What are your upcoming plans and goals for 2015? 

Next week I’ll go to SXSW. In the summer I’m going to Matthew Kenney Culinary academy to learn more practical and theoretical things about food (and secretly just because I absolutely love to learn about plating and menu planing). I’m developing this event I told you about for the Museum Boerhaave in Leiden and the E&R platform. And when I return from Maine, I actually want to set up a temporary pop-up restaurant at the Ketelhuisplein during the Dutch Design Week 2015 about a social or cultural food issue.

Thanks again, Chloé~! This was fun!!!
Jonathan Howard
Jonathan is a freelance writer living in Brooklyn, NY