Suramya's Blog : Welcome to my crazy life…

June 20, 2023

It is now possible to track someone using SMS Receipt Messages

Filed under: Computer Security,Interesting Sites,My Thoughts,Tech Related — Suramya @ 6:04 PM

With modern technology it is getting more and more easy to track someone. There are many apps, devices etc that allow a target to be tracked in near realtime by someone. This can be done using an App on your phone, find my phone functionality, family phone track etc etc. As someone who is worried about getting tracked they can disable GPS, get a new dumb phone that doesn’t support GPS etc which can mitigate the threat to a large extent. Unfortunately, now there is a new attack surface that allows an attacker to approximately locate a target with up to 96% accuracy.

Researchers have figured out how to deduce the location of an SMS recipient by analyzing timing measurements from typical receiver location. Basically they measure the time elapsed between sending a SMS and the receipt of the Delivery report and then use a ML model to predict the location area where the target could be located. The other advantage of this attack is that it doesn’t require any specialized equipment or access to restricted systems but can be executed via a simple smartphone.

Short Message Service (SMS) remains one of the most popular communication channels since its introduction in 2G cellular networks. In this paper, we demonstrate that merely receiving silent SMS messages regularly opens a stealthy side-channel that allows other regular network users to infer the whereabouts of the SMS recipient. The core idea is that receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. We conducted experiments across various countries, operators, and devices to show that an attacker can deduce the location of an SMS recipient by analyzing timing measurements from typical receiver locations. Our results show that, after training an ML model, the SMS sender can accurately determine multiple locations of the recipient. For example, our model achieves up to 96% accuracy for locations across different countries, and 86% for two locations within Belgium. Due to the way cellular networks are designed, it is difficult to prevent Delivery Reports from being returned to the originator making it challenging to thwart this covert attack without making fundamental changes to the network architecture.

The biggest problem with this method is that it doesn’t depend on any software or anything that needs to be installed on the target phone. You just need a phone that supports SMS, which is pretty much all phones in the market. There is an option to disable delivery reports which would mitigate the threat to an extent but is an opt-out setup rather than an opt-in. One way to reduce this vector would be for manufacturers to disable the delivery report by default and folks who need it can enable it from settings instead of the other way round which is the case right now.

Source: HackerNews: Freaky Leaky SMS: Extracting user locations by analyzing SMS timings
Full Paper: Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

– Suramya

June 12, 2023

A DIY Robot for automating a Cold boot attack now exists

Filed under: Computer Hardware,Computer Security,My Thoughts,Tech Related — Suramya @ 11:58 PM

A Cold boot Attack has been around for a while (It was first demo’d in 2008) but it has been a fairly manual tricky operation till now. But now there is a new DIY Robot has been created that reduces the manual effort for this attack. Now you might be asking what on earth is a Cold Boot Attack? No, it is not referring to having to wear cold shoes in winter. It is actually a very interesting attack where the attacker freezes the RAM chips of a system while it is running and then shuts it down, after which they remove the RAM chip and put it in another device to read the data from it. Because the chip has been cooled significantly it retains the information even after the system is shutdown long enough for information to be extracted from it. The original cold boot attack involved freezing a laptop’s memory by inverting a can of compressed air to chill the computer’s DRAM to around -50°C so that it persists for several minutes, even after the system was powered down.

Ang Cui, founder and CEO of Red Balloon Security has created a process & robot to extract the chip from the system. The robot is a CNC machine which is has a FGPA (field-programmable gate array) connected to it. The robot chills the RAM chips one at a time, extracts them from the board and then inserts them into the FGPA that reads the contents of the chip allowing them to extract the data from it. To make it easier and allow them more time to remove the chip, the system monitors the electromagnetic emanation of the device which allows them to identify when the system is running CPU bound operations. Once they identify that, they can extract the chip when the system is using the CPU and not reading/writing to the RAM. This gives the robot a window of ~10 milliseconds to extract the chips instead of having to do it in nanoseconds.

Cui and colleagues demonstrated their robot on a Siemens SIMATIC S7-1500 PLC, from which they were able to recover the contents of encrypted firmware binaries. They also conducted a similarly successful attack on DDR3 DRAM in a CISCO IP Phone 8800 series to access the runtime ARM TrustZone memory.

They believe their technique is applicable to more sophisticated DDR4 and DDR5 if a more expensive (like, about $10,000) FPGA-based memory readout platform is used – a cost they expect will decline in time.

Cold boot attacks can be countered with physical memory encryption, Cui said.

This is not an attack the average user has to worry about but it is something that folks working on critical systems like banking servers, government systems, weapons etc need to be aware of and guard against. More details on the attack will be provided during a talk at the REcon reverse engineering conference in Canada titled “Ice Ice Baby: Coppin’ RAM With DIY Cryo-Mechanical Robot

Source: Hacker News: Robot can rip the data out of RAM chips

– Suramya

June 9, 2023

Sound based Quantum Computers are now closer to reality due to breakthrough research

We all know about the ongoing efforts to build a Quantum Computer by encoding information into quantum states of particles of light (photons), however there is a parallel effort ongoing that is trying to build Quantum Computers that are based on Sound instead of light. This effort being led by Andrew Cleland at the University of Chicago, just had a major breakthrough and created a device that is a key component in building a sound based Quantum Computer.

Phonons are the fundamental quantum vibrations within materials, with individual phonons representing the collective motion of many trillions of atoms. The team built a chip that allows them to create single phonons on demand which are about a million times higher pitched than audible sound. They then passed it into a beam splitter which consists of 16 tiny, parallel aluminium strips designed so that any sound that hits them gets reflected and transmitted in equal parts. At supercooled temperatures they found that the Phonon entered a quantum superposition state where the whole particle was simultaneously in the state of being reflected and transmitted.

Cleland says that this is exactly what they hoped would happen because this process is a necessary step for running calculations on quantum computers that rely on particles of light. To make their chip even more like a sound-based quantum computer, the researchers also successfully recreated the way two particles of light are commonly made to “talk to each other” and how their behaviour is controlled during light-based computations.

Here, they simultaneously sent two phonons from opposite directions into the beam splitter and saw their respective superposition states influence each other. In the future, they will use this procedure to implement simple operations that make up computer programs.

Dirk Bouwmeester at the University of California, Santa Barbara, says that for particles of light, procedures like quantum teleportation or creating entanglement hinge on using beam splitters, and now they could be done with particles of sound as well. “It is truly spectacular that the team could replace photons with phonons,” he says.

There are a lot of interesting applications for this technology once it matures, for example it could be used to connect computer components that are hard to connect to each other. Using sound as the carrier instead of light opens up more possibilities. Their research has been published in the Science Journal (DOI: 10.1126/science.adg8715)

Source: NewScientist: Sound-based quantum computers could be built using chip-sized device

– Suramya

May 19, 2023

KeePass exploit helps retrieve cleartext master password – Fix ETA July 2023

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 8:06 PM

Security is hard to do and no matter how careful you are while coding every software will have bugs in it and some of these bugs have major security implications. Keepass which is a very popular password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The bug is being tracked as CVE-2023-32784.

The issue was discovered by a security researcher known as ‘vdohney’ who has unfortunately also published PoC code that exploits the vulnerability called the “KeePass Master Password Dumper” on GitHub.

KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass’s memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from – can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), various crash dumps or RAM dump of the entire system. It doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.

Tested with KeePass 2.53.1 on Windows (English) and KeePass 2.47 on Debian (keepass2 package). PoC might have issues with different encodings (languages), but that’s not confirmed as of now (see issue #3). Should work for the macOS version as well. Unfortunately, enabling the Enter master key on secure desktop option doesn’t help in preventing the attack.

The attack does require either physical access to the system or the system would need to be infected with Malware that give an attacker remote access with the ability to perform thread dumps. They can also extract the password from the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system.

The fix for the problem is in the works and the initial testing looks promising. Personally I think that the security researcher should have waited to release the PoC code till the fix is available but to each their own I guess.

Source: Bleepingcomputer.com: KeePass exploit helps retrieve cleartext master password, fix coming soon

May 16, 2023

Using AI powered chatbots to answer questions about a book series

One of the things that I have been wanting for a while is the ability to look up stuff about a book or series so that when a new book in the series comes out I don’t have to re-read the old books before starting the new one. I end up doing that because otherwise since I have forgotten a large part of the backstory it would make the new book a lot less enjoyable. There are some authors who solve this problem by summarizing the backstory when the book starts and it is really useful. When ChatGPT and associated AI bots started picking up one of the ideas I came up with was to create a chatbot trained on a book series so that I can ask it a question about the book and get an answer. Would be really useful when dealing with book series with a large cast and multiple overlying stories.

Recently privateGPT showed up in my feed with the following claim: “Ask questions to your documents without an internet connection, using the power of LLMs. 100% private, no data leaves your execution environment at any point. You can ingest documents and ask questions without an internet connection!” and it seemed like it was the perfect tool for what I wanted to do so I downloaded the program from GitHub and set it up on my machine.

Once the software was installed, I copied a single book from the Mercedes Lackey Valdemar series called Darian’s Tale 01: Owlflight into a temp directory and told privateGPT to ingest the contents. The ingestion took hours even though the file was only ~600kb in size, I left it running overnight and it completed sometime during the night. Then I ran the prompt to be able to query the chatbot. The first few times I tried querying it, the app crashed because I ran out of memory. So I enabled SWAP on my system and then it finally ran the query and answered.

Unfortunately the answers I got were complete nonsense. You can see the questions I asked and the answers I got below:

Enter a query: what is a heartstone

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time =   974.77 ms /     7 tokens (  139.25 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time =   977.55 ms

A heartstone is a type of music that is typically composed in the key of F major. It is characterized by a steady rhythm and a melody that is often slow and mournful. 
Heartstones are often used in classical music and are often associated with love and loss. They are also used in some contemporary music genres, such as folk and world music.

The correct answer is (as per Valdemar Fandom Wiki):

A Heartstone is both an artificial node produced by the Tayledras and the node’s physical anchor. The knowledge of how to create a Heartstone was given to the Tayledras by the Star-Eyed after the Sundering of the Clans. She tasked the Tayledras to cleanse the untamed magic caused by the Mage Wars. A Heartstone is used as a vessel to contain the cleansed magic. Ley-Lines are re-routed by Adepts and Masters to drain entirely into the Heartstone, bringing the surrounding area back to normal. Once their work is finished at that location, the Clan will establish a new Vale and Heartstone in a new area that needs cleansing. They drain the old Heartstone entirely and transfer the energy to the new Heartstone where they will begin their work anew.

So I asked another question:

Enter a query: who are the Hertasi

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time = 26948.27 ms /     7 tokens ( 3849.75 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time = 26976.13 ms

The Herta si are a type of ghostly beings in the world of Eri. They are often associated with love and romance, and they are known for their ability to control and manipulate emotions. 
They are often depicted as beautiful, ethereal creatures, with long, flowing hair and eyes that glow with an otherworldly light. 

In this result it is talking about characters from a completely different series called the Herta. The correct answer is:

Hertasi are popularly considered to be one of the five non-human sentient races created by Urtho, but the work to “uplift” the hertasi was begun earlier, by Sorcerer-Adept Khal Herta. When he died, his work passed to Urtho.

The wild hertasi began as large, solitary lizards living in swamps, with the intelligence of a dog. They were “mild-tempered reptiles, available in large quantities, living fairly simple lives.”[1] They could have been described as semi-sentient before the Adepts took a hand. After Khal Herta’s efforts, Hertasi “had simple structures, organized hunting and fishing, and rudimentary medicine.”[1] Today, they are extremely active, intelligent, cave and tunnel-dwelling, social creatures.

Since the results were completely useless like all the other AI chatbots that I have tried so far, I have removed the software on my machine and will come back to this at somepoint later in time by when things would have hopefully improved.

– Suramya

May 15, 2023

Quickly and easily removing the background in images or videos

Filed under: Tech Related — Suramya @ 6:29 PM

At times you want to get a copy of the foreground in a given image so that you can use it in another image, however traditionally that required an expertise in photoshop and a lot of patience. Now, thanks to Johnathan Nader there is an opensource tool called backgroundremover that allows you to remove the background from any image quickly and easily.

Installing the tool was quite simple and on my Debian machine I just had to run the following command:

pip3 install backgroundremover --break-system-packages

The –break-system-packages parameter was included because otherwise Debian doesn’t let you install/update global packages using PIP. Another option to install would have been to install a virtual environment for python and update there but I don’t like doing that, and was fairly confident that this wouldn’t break anything important.

After installation the usage is quite simple, you just pass it the image or video where you want to remove the background and the output filename and the system does the rest. It does take a minute or so the first time to download the models etc but after that it is fairly quick to finish. The command to convert looks something like:

backgroundremover -i inputfile.jpg -o outputfile.jpg

Once the script finishes you have an output file without the background. In my testing if the foreground was large and the focus of the image the system was able to successfully remove the background. In some cases a bunch of background artifacts were seen in the image next to the foreground image but it was still quite good.

It would have been awesome if we could have passed a flag to the program to remove the foreground instead of the background. That would have allowed us to remove photo-bombers or random folks who walked in on a photo being taken. I know there are scripts out there that do this but haven’t really tried any of them out.

– Suramya

April 19, 2023

Finally a useful AI Implementation: Making spoken dialog easier to hear in movies and shows

Filed under: Emerging Tech,News/Articles,Tech Related — Suramya @ 6:37 PM

Finally, an AI usecase that is actually useful. There are a ton of use cases where AI seems to be shoehorned in for no reason, but this recent announcement from Amazon about Dialogue Boost which is a new function from that lets you increase the volume of dialogue relative to background music and effects to a consistent volume so you can actually hear the dialog without nearly shattering the eardrums when a sudden explosion happens.
It is something that is still in the testing phase and is only released on some of their products so far. But I am looking forward to it being in general availability.

Dialogue Boost works by analyzing the original audio in a movie or series and identifying points where dialogue may be hard to hear above background music and effects, at which point speech patterns are isolated and audio is enhanced to make the dialogue clearer. The AI targets spoken dialogue rather than a typical speaker or home theater set up that only amplifies the center channel of audio. It’s something that exists on high-end theater set-ups and certain smart TVs, but Amazon is the first streamer to roll out such a feature.

I have gotten used to having subtitles on when I watch something because that ensures that I don’t miss out on any dialogs due to the background music/sounds in the show/movie. This looks like it will alleviate that requirement. I think I will still end up keeping the subtitles on but this will certainly help.

Source: Amazon’s New Tool Adjusts Sound So You Can Actually Understand Movie and TV Dialogue
Announcement: Prime Video launches a new accessibility feature that makes it easier to hear dialogue in your favorite movies and series

– Suramya

April 14, 2023

My app that autoposts to Twitter has been suspended from accessing the Twitter API

Filed under: My Thoughts,Tech Related,Website Updates — Suramya @ 5:44 PM

Yesterday I got an email from Twitter stating the following:

Hello,

This is a notice that your app – Suramya’s Blog – has been suspended from accessing the Twitter API.

Please visit developer.twitter.com to sign up to our new Free, Basic or Enterprise access tiers.

More information can be found on our developer community forums.
Regards,
Twitter Developer Platform

The email actually looks like a really bad phishing email as it has no formatting, doesn’t give any links etc and is just a plain auto-generated email. I almost deleted it as spam but then realized that it could be a notification sent because they are forcing folks to use the new plans. Today I logged in to the Developer account and I was expecting to have an option to select one of the tiers, click save (pay if I was insane and decided to pay) and would be done with it. But that is not the case. I was greeted with the following banner when I logged in:


This App has violated Twitter Rules and policies. As a result, it can no longer be accessed. For assistance, submit a support ticket.

It looks like they couldn’t figure out how to temp block users who need to select a tier before being allowed to continue so they decided to suspend the app instead using the same process as what they would do if the app was suspended for ‘violations of Twitter Rules and policies’. Which is quite amusing because the app been used 12 times in the last 2 months to autopost links to my posts here when I create them. I did use the same app for testing a Twitter export script that I wrote a few months ago but haven’t run it in a while, either.

There is no way for me to edit/choose a tier for my app and I have no interest is spending the time to create another app just to post something on Twitter which will get about 2-10 view on an average. (Usually on the lower end of the scale). This was pretty much the last remaining vestige of my posting on Twitter and I am fine with it not working anymore.. I rather spend that time doing something more productive like watching paint dry.

– Suramya

April 4, 2023

Mastodon is so much better than Twitter, except for its search capabilities

Filed under: My Thoughts,Tech Related — Suramya @ 5:14 PM

Twitter has been slowing becoming less and less useful for getting updates from people you follow. Even my ‘Following’ tab is now showing entries from people I don’t follow and not all posts from the folks I follow show up on their either. Don’t even get me started about the ‘For You’ section which is full of nonsense that I am not really interested in. I have mostly switched over to Mastodon for updates and I see way better engagement over there. My blog auto-posts to both Mastodon and Twitter (along with LinkedIn and Facebook), on Twitter I have 84 followers and 11 followers on Mastodon (I only started posting there in 2023). My Tweets usually get between 2-10 views each and maybe 1 tweet out of 50 will get a response or like. The same post on Mastodon gets a lot more engagement, there have been posts which have had 8-10 replies and multiple likes.

However, that being said one thing that Twitter has which is missing from Mastodon is the ability to search. Earlier today I saw an article on how Twitter seems to have blocked users from authenticating to other services using their SSO offerings. I wanted to learn more about it and tried searching for it on Mastodon, and didn’t get any results (I then tried searching using a hashtag but no luck there as well). So I switched to Twitter and did a search there and immediately I got a lot of results that gave more information on the topic. I am sure that this event is being discussed in Mastodon but it is almost impossible to find because of the way the search is designed.

There is an opt-in project that allows people to opt-in to their setup to allow them to index your toots but because of the ‘amazing’ search in Mastodon, I can’t find the link to the project. 🙁 There are people working on this problem but a extremely vocal minority is hellbent against allowing people to search on Mastodon because they don’t want it. To be fair there are a lot of technical challenges in indexing all the toots across all the instances but it is not an insurmountable problem. It just needs people to look into the problem and others to let them work on the solution.

– Suramya

March 12, 2023

Researchers create mini-robot that can navigate inside blood vessels and perform surgery autonomously

Filed under: Emerging Tech,Tech Related — Suramya @ 11:13 PM

Performing surgery is a delicate task and at times it is almost impossible to reach the area we want to operate at without having to cut through other important tissues. This is even more apparent when we talk about surgery inside a blood vessel or artery, which could be the key to removing an obstruction or stitch a wound etc. Till now we didn’t have the ability to release an autonomous robot inside a blood vessel that could navigate to the correct location, perform the programmed actions (or allow the doctor to manually take over) and return.

This was only possible in the realm of Science Fiction but thanks to the efforts of Researchers at South Korea’s Hanyang University this is now actually possible in the real world. They have successfully demonstrated that their I-RAMAN (robotically assisted magnetic navigation system for endovascular intervention) robot can travel autonomously to a superficial femoral artery in a pig, deliver contrast dye, and return safely to the extraction point. Their results and paper was published on 9th Feb in IEEE Robotics and Automation Letters: Separable and Recombinable Magnetic Robot for Robotic Endovascular Intervention.

This study presents a separable and recombinable magnetic robot (SRMR) to deliver and retrieve an untethered magnetic robot (UMR) to a target vascular lesion safely and effectively for robotic endovascular intervention. The SRMR comprises a delivery catheter and UMR connected to the end of the delivery catheter by a connecting section. An external magnetic field (EMF) interacts with the permanent magnet of the UMR; it can effectively generate magnetic torque and steer the delivery catheter to reach a target lesion. Furthermore, the rotating EMF allows the UMR of the SRMR to separate from the delivery catheter and perform the tunneling task. After completing the tunneling task, the UMR can be safely recombined with the delivery catheter in the vasculature via a simultaneous application of the EMF and suction force to the delivery catheter. The SRMR functions of steering, separation, movement, tunneling, drug delivery, and recombination are validated in a mimetic vascular model with a pseudo blood clot. Finally, the SRMR is successfully validated in an in vivo experiment of a mini pig’s superficial femoral artery for contrast delivery, separation, movement, and recombination.

This is a fantastic achievement, and although there is a lot of work still left to be done before this can be deployed for actual human use we are still a step closer to truly universal repair bots. Imagine an accident victim who is bleeding internally, the doctor deploys these robots to restitch the blood vessels to stop the internal bleeding and within minutes the bleeding is stopped and the doctor can start the post-op work. I can imagine these being sold as part of the standard medkits in the future (way in the future) where you have a few pre-programmed options available and depending on the situation a person can select the correct option to deploy.

However, all is not rosy (as always). If these go into active use and become common enough to be deployed in med-kits then we would need systems to prevent these bots from being repurposed. For example, instead of being programmed to stitch blood vessels the bots are programmed to cause more damage and start internal bleeding. There are so many other scenarios where this could be misused so we would need to think of all the cases, mitigate the risk and only then deploy them into the world.

That being said, I am still excited to see the possibilities this opens up.

Source: ACM Tech News Newsletter.

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress