hacc

Google and Apple take on BLE tracker abuse — that they pioneered

Google announced in a blog post today that it and Apple were leading an industry coalition (that includes smaller item-tracking players like Samsung, Tile, and others) to develop a specification for Bluetooth Low Energy (BLE) tracking devices. These devices, like Apple’s popular AirTag, are small BLE emitters that use public key cryptography and a network of “finding” devices to tell you where your tag is when you’re not around. Soon after AirTags were released, malicious…

Continue reading

ethics

fLAWS: A Warning Against Lethal Autonomous Agents

In 2021, a small North Carolina-based drug company called Collaborations Pharmaceuticals was invited to present their thoughts about the potential for harm caused by their research at a biennial arms control conference. Collaborations Pharmaceuticals’ core intellectual property is its drug design software MegaSyn. MegaSyn incorporates machine learning (ML) techniques to identify and repurpose existing drugs to treat rare diseases, afflictions that carry little financial incentive for large drug manufacturers to cure. MegaSyn can also develop…

Continue reading

hacc

The GL-iNet Mango Travel Router & CVE-2022-31898

I had an hour or two to kill before a dentist appointment last summer, so I pulled out the GL-iNet Mango v2 Travel Router I had bought to hack on in just this type of situation. At 30$ and about the size of a credit card, I figured I was bound to find something. And boy, did it not take long. After opening up the firmware in Ghidra and searching for calls to system() as a first shot, I…

Continue reading

Uncategorized

Hello!

I’ve started this blog to talk about the things I enjoy — research, programming, reviewing pickle-flavored potato chips, &c. I like writing more than I’m any good at it, but hopefully this blog will give me a chance to narrow the gap. At the very least, it’s a place where I can pin some puns. Let’s do this!

Continue reading