Mobility Drives Humanity - Modern Traffic Problems and Tesla's AI Solution

Mobility drives humanity. Not only in a literal sense.

When the first true automotive was invented around 1885, the influence, impact and relevance of mobility in the coming decades could only be imagined. Today, mobility drives humanity. The average driver spends about 10-20k miles on roads every year. But mobility has evolved far beyond the car.

With the great influence of mobility also comes a huge set of different problems that are being encountered around the globe. Too many vehicles on too few roads, environmental impact of traffic, no suitable transport vehicle for certain distances. The industry has come up with a few attempts to solve the issue, including the rise of public transport, micro transit, car sharing or electric scooter, just to name a few.

All of this is great and definitely tackles major problems civilization faces at the moment, but we must think and go beyond. With the help of data and software Tesla tries to solve some of the major issues. When you think of Tesla, you most probably think of a) the electric transmission and b) the self-driving capacity. While a) is state of the art and solves the environmental impact, self-driving still has to way its way to run smoothly and efficiently.

Just recently, Tesla announced that they will ship the new ASIC specialized processing chip to all of their cars. The advantage in industry of Tesla is that they have been collecting data from hundreds of thousands of cards for the past 3 years, because they pioneered the idea of having self-driving vehicles powered by data and connectivity. Latest estimates suggest that Tesla owns about 90% of data relevant for self-driving capacity development.

But how does that solve an issue we have with traffic at the moment you may wonder. Think about how many hours per day your car idles in a parking lot or your garage, and how much does that cost? How many cars do you see on the roads with just one or two passengers, whereas there are multiple people with roughly about the same origin location and destination?

What we see with car sharing (Uber) or scooter sharing with Bird or Lime may also become reality for (self-driving) cars in the foreseeable future. A Tesla becomes much more than a personal vehicle to drive from location A to B, it enables the world to be more connected.

Mobility drives humanity. The car industry will undergo a massive overhaul, and Tesla is on the route to lead the car industry 2.0 with data, software and chips. If you’re interested, you can read more about Tesla’s new AI chip here or read this interesting article about Elon Musk disrupting an industry.

Share

AI-Powered Drone Future

It’s not new news that drones have, and increaslingly will have, superior powers. This is not only for recording video footage or cinematic shots but rather a dangerous endeavor. Drones delivering your pizza or the package from Amazon are always to some degree remotely piloted.

With the rise of autonomous drones, it more and more becomes an issue that drones behave in a way a human pilot never would. We give the power into the hands of an artificial intelligence. This will disrupt entire industries for sure because there are more use cases for AI-powered drones than you could ever list. The full potential of a drone can only be accomplished when we train artificial intelligences to operate just like a human would, or possibly even better.

AI drones will be responsible for giving many of us the future we’ve only ever dreamed of.

Share

WesternDigital MyCloud Vulnerabilities Leaked

Probably everyone has heard about a network-attached storage (typically called NAS) somewhere. TL;DR it’s a file-level data storage for all your data. What’s so special about it is that you can access these files from anywhere on the world, on many different devices. The storage unit itself however is kept at your home basement for example. It is more than a single hard drive, more so an entire storage unit with multiple storage drives that are connected. Depending on your RAID settings it will also automatically mirror the devices, so you have a backup available any time.

Introduction

WesternDigital is a vendor with huge impact on the market. Their products are sold many times and considered the most trustworthy on the market. Perhaps I should say were.

WesternDigital offers a service called MyCloud which allows you to access your home-stored data from anywhere, and also automatically synchronize data between devices. As you would expect from such a critical infrastructure like this, there are strong security checks running in the background. Imagine that not only private homes use a NAS to store their holiday pictures from the past few years, but also businesses to share important documents with their employees. Don’t even want to think about someone else gaining access to an infrastructure like that without being allowed to.

Well, here we are. Any firmware version <= 2.30.165 of any WesternDigital product is affected big times by multiple vulnerabilities. Probably some complex 0day which can only be reproduced under special circumstances, right? Yeah, no.

On the first of april WesternDigital was informed about the vulnerabilities in their “MyCloud” product. There are only two devices which are not vulnerable to this. I keep talking about a vulnerability, but what is it?

The vulnerability

This writeup describes all the discovered vulnerabilities. There is one specific one which got me thinking.

If you take a look at the disassembly of the binary you will spot a legit backdoor in their authentication flow. The code looks for a specific user and password and will accept the login if they both match. What we’ve got here is something that allows everyone to access any My Cloud NAS storage unit system by Western Digital. You don’t even have to hack into it, you don’t need to scrape the password from somewhere, there is no social engineering involved - you simply login with the credentials you obtain from the disassembly of the binary.

1
2
3
4
5
if (!strcmp(v3, "mydlinkBRionyg") 
&& !strcmp((const char *)&v9, "abc12345cba") )
{
result = (struct passwd *)1;
}

Luckily this paper was sent to WesternDigital before it was released, so WesternDigital was kind enough to release a firmware update which patches the backdoor and all other vulnerabilities. Still kinda crazy, isn’t it?

Share

WPA3 - What Now?

You might remember the horror news back in October 2017. Through forcing nonce reuse it was able to break WPA2, the current protocol used world-wide for Wi-Fi networks. Everyone freaked out, someone had found out how to basically crack any wireless connection ever made. Fortunately it was possible to patch (also backwards-compatible) the issue and vendors have reacted quickly.

Now, few months later, the Wi-Fi Alliance announced the planned release of WPA3. Not only is this supposed to fix all the security concerns of the 2003-introduced WPA2 standard, but also implement further security steps to ensure a safe Wi-Fi connection around the globe. It is meant to include robust protection because “Wi-Fi security technologies may live for decades, so it’s important that they are continually updated to ensure they meet the needs of the Wi-Fi industry”. An example of such a “step” is the introduction of an encryption called “Opportunistic Wireless Encryption” which offers encryption without authentication.

WPA3 will be ready for the future, that’s what the Wi-Fi Alliance hopes at least. We live in 2018 but weak password choices by users are still a huge problem. WPA3 adresses this and manages to secure devices even though the password is considered weak. With the uprise of IoT, WPA3 also allows better control of settings concerning anything Wi-Fi related, even without any sort of graphical display. Last but not least, with WPA3 government buildings or the military is given the opportunity to use Wi-Fi in a much broader environment where additional security requirements are inalienable.

Let’s see what 2018 brings - and how long it will take Mathy Vanhoef to crack the protocol this time ;-)

Share

Advanced Filtering in IntelliJ Debug Mode

Been there, done that. Debugging is sort of the least fun thing to do when it comes to developing software. The underlying issue we’re facing is unexpected behavior in the code.

There are various ways to find the issue and fix it. Sometimes it’s an easy typo, some other times it is a complicated and entangled problem on various levels that cause the issue we’re seeing. In this post I’ll show a method to analyze a big set of data with IntelliJ debug mode.

The Approach

The shown example is common for processing lots of data with various different attributes in your application. When seeing issues with a sorting or filtering algorithm, it makes most sense to have a look at the entire data set.

For this example we create a simple java.lang.List of Person.

1
2
3
4
5
6
7
8
9
class Person {
private String name;
private int age;

public Person(String name, int age) {
this.name = name;
this.age = age;
}
}

To get a dump of the current content of the list we set a breakpoint somewhere after we fill the list with test data.

people

By right-clicking on the object, here the ArrayList, we can add a “Filter” to it.

The text window lets you enter any sort of code to filter the collection, such as >, <, ==, != and more.

You can also chain certain conditions to get even more filtered data.

This is only one of many extremely powerful tools IntelliJ IDEA offers to debug code to find issues and unwanted behaviors in the code.

Share

Hello World

1
System.out.println("Hello World");
Share