Tag Archives: tag3

This $10 device can predict your next credit card number


MagSpoof is an ATtiny85 based device that can accurately predict your next Amex card number, disable chip-and-PIN and even spoof magnetic stripes wirelessly.


After recently losing his credit card, it wasn’t long before American Express sent Samy Kamkar a replacement. It was that moment in time that the serial hacker noticed something quite peculiar: the digits on the new card were similar to his previous ones. With a little more research, he uncovered a global pattern that would enable him to accurately predict the digits on any subsequent Amex card by knowing the preceding card’s full number.

687474703a2f2f73616d792e706c2f6d616773706f6f662f6d616773706f6f662e6a7067

“This means if I were to obtain your Amex card and you called it in as lost or stolen, the moment you get a new card, I know your new credit card number,” Kamkar explains. “I also know the new expiration date as the expiration date is fixed based on when the new card was requested, and you can determine if the new card has been requested by performing an auth on the existing card.”

Like many of his prior security-focused projects, this discovery yielded another opportunity to highlight a vulnerability. And so MagSpoof was born. Kamkar’s new $10 device is capable of emulating any magnetic stripe or credit card, entirely wirelessly, and storing more than 100 card numbers in various form factors. The unit works by generating an electromagnetic field that’s strong enough to reach a traditional reader’s sensor within close proximity, sending a signal that mimics the card being swiped.

“What’s incredible is that the magstripe reader requires no form of wireless receiver, NFC, or RFID — MagSpoof works wirelessly, even with standard magstripe readers. The stronger the electromagnet, the further away you can use it (a few inches in its current iteration),” he notes.

687474703a2f2f73616d792e706c2f6d616773706f6f662f636369726f6e2e6a7067

And that’s not all. MagSpoof features a button that employs his prediction algorithm. In order words, if a thief using the device finds out that the card they were trying to imitate had been cancelled, the gadget could instantly determine the victim’s next card number.

“As soon as the card gets declined, you press a button and it switches to the next number,” Kamkar tells WIRED. “It sucks for [Amex users], because they could have their new credit card stolen almost instantly.”

Aside from disabling chip-and-PIN protection (a function that he has since removed), accurately predicting expiration numbers and switching between different Amex cards (even when reported lost or stolen), MagSpoof can be employed for security research in any area that would traditionally require a magstripe, such as readers for drivers licenses, hotel room keys and automated parking lot tickets.

687474703a2f2f73616d792e706c2f6d616773706f6f662f6d657465722d736d616c6c322e676966

As you can tell, the MagSpoof’s hardware doesn’t look anything like a credit card, so a criminal couldn’t just simply hand it to a cashier or waiter without raising any red flags. However, Kamkar points out that he can use a digital credit card device like Coin to store the numbers that his system generates — a technique that would make his trickery much less noticeable.

Impressively, Kamkar built his prototype out of several off-the-shelf components. These included an ATtiny85, a 100mAh 3.7V LiPo battery, a motor driver, an LED, a capacitor, a resistor and some 24AWG magnet wire. He created a smaller version with an ATtiny10 as well. By simply pulsing the H-bridge and activating the coil of wire, the MagSpoof is capable of emulating the swipe of a card. MagSpoof is compatible with the Arduino framework and can work on traditional Arduino boards, as well as ATtiny chips.

According to the hacker, he has notified American Express of the issue and will not exploit their algorithm. Kamkar has made both MagSpoof’s source code and schematics available on GitHub, and elaborates upon his method on his page here.

[h/t WIRED via Samy Kamkar]

EXCLUSIVE: Ladyada shows off Adafruit’s brand-spankin’ new Feather board


The yet-to-be-unveiled Feather board features an Atmel | SMART SAM D21, built-in USB LiPoly charging and a stackable header system.


You know what’s so great about Maker Faire? Not just the showcase of pure ingenuity. Not the life-size game of Mouse Trap. Not the 30-foot-tall, fire-breathing robot. It’s the unpredictability of it all! You never truly know what’s going to happen next. Case in point: As we were biting into a few burgers on Sunday afternoon, we happened to bump into Limor Fried, who coincidentally was carrying Adafruit’s soon-to-be-launched Feather board.

“What’s the Feather?,” you ask. Top secret information, that’s what. The SAM D21 based unit features built-in USB LiPoly charging and a stackable header system that enables you to throw on various modules like an OLED display, Wi-Fi and GPS, to name a few.

CP7QSH0UYAAiSKD

Watch our exclusive interview with Ladyada as she enthusiastically shows off a few of her latest prototypes, which include a BLE version for IoT projects, a data logger and an ATmega32U4 powered GSM device. Don’t take our word for it, see it for yourself below!

How to prevent execution surprises for Cortex-M7 MCU


We know the heavy weight linked with software development, in the 60% to 70% of the overall project cost.


The ARM Cortex-A series processor core (A57, A53) is well known in the high performance market segments, like application processing for smartphone, set-top-box and networking. If you look at the electronic market, you realize that multiple applications are cost sensitive and don’t need such high performance processor core. We may call it the embedded market, even if this definition is vague. The ARM Cortex-M family has been developed to address these numerous market segments, starting with the Cortex-M0 for lowest cost, the Cortex-M3 for best power/performance balance, and the Cortex-M4 for applications requiring digital signal processing (DSP) capabilities.

For the audio, voice control, object recognition, and complex sensor fusion of automotive and higher-end Internet of Things sensing, where complex algorithms for audio and video are needed for rich audio and visual capabilities, Cortex-M7 is required. ARM offers the processor core as well as the Tightly Coupled Memory (TCM) architecture, but ARM licensees like Atmel have to implement memories in such a way that the user can take full benefit from the M7 core to meet system performance and latency goals.

Figure 1. The TCM interface provides a single 64-bit instruction port and two 32-bit data ports.

The TCM interface provides a single 64-bit instruction port and two 32-bit data ports.

In a 65nm embedded Flash process device, the Cortex-M7 can achieve a 1500 CoreMark score while running at 300 MHz, offering top class DSP performance: double-precision floating-point unit and a double-issue instruction pipeline. But algorithms like FIR, FFT or Biquad need to run as deterministically as possible for real-time response or seamless audio and video performance. How do you best select and implement the memories needed to support such performance? If you choose Flash, this will require caching (as Flash is too slow) leading to cache miss risk. Whereas SRAM technology is a better choice since it can be easily embedded on-chip and permits random access at the speed of processor.

Peripheral data buffers implemented in general-purpose system SRAM are typically loaded by DMA transfers from system peripherals. The ability to load from a number of possible sources, however, raises the possibility of unnecessary delays and conflicts by multiple DMAs trying to access the memory at the same time. In a typical example, we might have three different entities vying for DMA access to the SRAM: the processor (64-bit access, requesting 128 bits for this example) and two separate peripheral DMA requests (DMA0 and DMA1, 32-bit access each). Atmel has get round this issue by organizing the SRAM into several banks as described in this picture:

Figure 2. By organizing the SRAM into banks, multiple DMA bursts can occur simultaneously with minimal latency.

By organizing the SRAM into banks, multiple DMA bursts can occur simultaneously with minimal latency.

For a chip maker designing microcontrollers, licensing ARM Cortex-M processor core provides numerous advantages. The very first is the ubiquity of the ARM core architecture, being adopted in multiple market segments to support variety of applications. If this chip maker wants to design-in a new customer, the probability that such OEM has already used ARM-based MCU is very high, and it’s very important for this OEM to be able to reuse existing code (we know the heavy weight linked with software development, in the 60% to 70% of the overall project cost). But this ubiquity generates a challenge: how do you differentiate from the competition when competitors can license exactly the same processor core?

Selecting a more aggressive technology node and providing better performance at lower cost are an option, but we understand that this advantage can disappear as soon as the competition also move to this node. Integrating larger amount of Flash is another option, which is very efficient if the product is designed on a technology that enables it to keep the pricing low enough.

If the chip maker has designed on an aggressive technology node for higher performance and offers a larger amount of Flash than the competition, it may be enough differentiation. Completing with the design of a smarter memory architecture unencumbered by cache misses, interrupts, context swaps, and other execution surprises that work against deterministic timing allow bringing strong differentiation.

Pic

If you want to more completely understand how Atmel has designed this SMART memory architecture for the Cortex-M7, I encourage you to read this white paper from Jacko Wilbrink and Lionel Perdigon entitled “Run Blazingly Fast Algorithms with Cortex-M7 Tightly Coupled Memories.” (You will have to register.) This paper describes MCUs integrating SRAM organized into four banks that can be used as general SRAM and for TCM, showing one example of a Cortex-M7 MCU being implemented in the Atmel | SMART SAM S70, SAM E70 and SAM V70/V71 families.


This post has been republished with permission from SemiWiki.com, where Eric Esteve is a principle blogger, as well as one of the four founding members of the site. This blog was originally shared on August 6, 2015.

Going hands-on with the now-on-sale Arduino Zero


It’s official! Makers in the U.S. can now buy the 32-bit Arduino board online. 


In addition to a number of other announcements during his Maker Faire Bay Area “State of Arduino” address, Massimo Banzi had finally revealed the dates for the highly-anticipated Zero board to a standing-room only crowd. In fact, MAKE: Magazine would even go on to call it “one of the biggest pieces of news” from this year’s show and tell.

ABX00003_featured_1024x1024

And now available (as of June 15th) for purchase within the United States, here’s a quick refresher on the 32-bit Arduino unit that is bound to become a Maker hit over the summer. While its form factor may share that of the Leonardo, the Zero boasts an Atmel | SMART SAM D21 ARM Cortex-M0+ core, enabling the board to run much faster and pack more of a punch than its 8-bit counterparts.

It’s also worth mentioning that the latest device offers users the ability to easily talk to the cloud, thanks to an increase in bits and clock cycles to deal with what’s coming in and going out. This allows Makers to bring their wildest (and smartest) Internet of Things projects to life. As the Wizard of Make Bob Martin explains, “You can do this with an 8-bit microcontroller, but sometimes with data streams, it’s like drinking from a firehose.”

Ard_ZERO_back_1024x1024

Key hardware specs include 256KB of Flash, 32KB SRAM in a TQFP package and a clock speed of 48MHz. In comparison, the 8-bit Leonardo (ATmega32U4) comes with only 32KB of Flash, 2.5KB of SRAM and merely runs at 16MHz. One its other notable features is the Atmel Embedded Debugger (EDBG), which provides a full debug interface without the need for any supplemental hardware. EDBG supports a virtual COM port that can be used for device programming and traditional Arduino bootloader functionality, and is entirely compatible with Atmel Studio to give users the ability to import their sketches directly and do source-level debugging.

The Zero sports six analog and 14 digital pins, all of which except for the Rx/Tx pins can also serve as PWM pins. Meanwhile, the analog pins have a 12-bit ADC instead of the Leonardo’s 10-bit ADC, significantly improving analog resolution. Though the new board does not have EEPROM, it does support 16KB by emulation. In other words, Arduino sketches relying upon this feature will still run without any hiccups.

Zero

Upon receiving the board, a user may notice that that Zero’s silk includes an additional graphic element: the Genuino logo. (For those who may not know, Genuino — meaning “genuine” in Italian — is Arduino’s global sister brand.)

“We added the Genuino logo to the Arduino Zero to stress its authenticity, and to make it easier for the Arduino community to spot original boards. We are going to include this logo to all genuine Arduino boards from now on,” the crew says.

ZeroGenuino

In tandem with its debut on the Arduino U.S. online store, the team has unveiled the Arduino IDE 1.6.5 with a bunch of enhancements as well as support for the Zero. This version of the incredibly popular IDE will keep the serial monitor open while uploading, an “Open Recent” menu that shows the last five opened sketches and a new modern editor, among many other improved elements.

Interested? Head over to the Zero’s official page here, where the board is currently going for $49.90. As you wait for its arrival, watch below as the Wizard of Make gives MAKE’s Alasdair Allan a hands-on demonstration.

Keyboardio looks to make keyboards better and brighter


This next-gen keyboard will give your pinkies a rest and eliminate mice. 


The arrangement of characters on a QWERTY keyboard was first designed back in 1868 by Christopher Sholes, who happened to also be the inventor of the typewriter. According to popular myth, Sholes arranged the keys in their odd fashion to prevent jamming on mechanical typewriters by separating commonly used letter combinations. Other than adding a few function and arrow keys, the text entry device has remained relatively unchanged for nearly 150 years. 

20150219_165403_resized%5b1%5d

Have you ever thought about how you might improve the standard QWERTY layout? Well, Jesse Vincent and Kaia Dekker have with their butterfly-shaped keyboard that places a greater emphasis on the thumb, lessens the stress on your pinkies, and offers a more natural position for the hand and wrist — something that may prove to be a lifesaver for those suffering from carpal tunnel or arthritis.

“The traditional keyboard was designed for typewriters, not hands. Staggered columns made room for mechanical components, without concern for wrist angles or finger lengths. Shift keys were placed under the weakest fingers,” Vincent explains.

20150219_165518_resized

Instead, the aptly named Keyboardio puts keys such as control, alt, delete, shift and a new ‘function’ button under the typists’ palms, all within easy reach of the thumbs. Vincent says that the team has also been experimenting with ways to eliminate the mouse altogether by using the W, A, S and D keys for general cursor movements and other keys to tell the mouse where to go on the screen.

And, unlike its predecessors, this next-gen keyboard is Bluetooth-enabled allowing users to switch between devices and carry it from one meeting to the next. Not only does Keyboardio ship with the source code and a screwdriver, it can even be programmed to create your own shortcuts.

The modular keyboard is built around an ATmega32U4 and a pair of Semtech SX1509 IO expanders, along with some battery charging circuitry, World Semi WS2812Bs LEDs and a Bluetooth module — all housed inside a CNC-milled anodized aluminum enclosure with wood-grain hand rests. Beyond that, the keyswitches are Matias Quiet Click switches with ultra-bright, colorful LEDs located under each one.

vcrfwc1fn7ipvnaqwyva

After quite a bit of prototyping, the team has finally revealed what they’re calling the Keyboardio Model 01 — 20 of which will begin shipping in the coming weeks. Until then, Vincent and Kaia are working intensively on preparing a Kickstarter campaign that is expected to launch sometime this spring. In addition to that, the team is currently planning a “startup kit” with a set of keyboards geared towards the Maker crowd.

While Keyboardio may initially appeal to the enthusiast crowd, the open-source nature of the gadget will certainly entice a number of hardware and software fans to offer their own set of modifications as well. Interested? You can click over to its official page here.

Atmel launches next-generation CryptoAuthentication device


Atmel becomes first to ship ultra-secure crypto element enabling smart, connected and secure systems.


Just announced, the Atmel ATECC508A is the first device to integrate ECDH (Elliptic Curve Diffie–Hellman) security protocol — an ultra-secure method to provide key agreement for encryption/decryption, along with ECDSA (Elliptic Curve Digital Signature Algorithm) sign-verify authentication — for the Internet of Things (IoT) market including home automation, industrial networking, accessory and consumable authentication, medical and mobile, among many others.

Atmel_September2014_pg2

Atmel’s ATECC508A is the second integrated circuit (IC) in the CryptoAuthentication portfolio with advanced Elliptic Curve Cryptography (ECC) capabilities. With built-in ECDH and ECDSA, this device is ideal for the rapidly growing IoT market by easily providing confidentiality, data integrity and authentication in systems with MCU or MPUs running encryption/decryption algorithms (such as AES) in software. Similar to all Atmel CryptoAuthentication products, the new ATECC508A employs ultra-secure hardware-based cryptographic key storage and cryptographic countermeasures which are more secure than software-based key storage.

This next-generation CryptoAuthentication device is compatible with any microcontroller or microprocessor on the market today including Atmel | SMART and Atmel AVR MCUs and MPUs. As with all CryptoAuthentication devices, the ATECC508A delivers extremely low-power consumption, requires only a single general purpose I/O over a wide voltage range, and available in a tiny form factor, making it ideal for a variety of applications that require longer battery life and flexible form factors.

“As a leader in security, Atmel is committed to delivering innovative secure solutions to the billions of devices to be connected in the IoT market,” explained Rob Valiton, SVP and GM of Atmel’s Automotive, Aerospace and Memory Business Units. “Atmel’s newest CryptoAuthentication IC is the first of its kind to apply hardware-based key storage to provide the full complement of security capabilities, specifically confidentiality, data integrity and authentication. We are excited to continue bringing ultra-secure crypto element solutions to a wide range of applications including IoT, wireless, consumer, medical, industrial, and automotive, among others.”

CryptoSecurityALT_HPBanner_980x352_Final_v_2

Key security features of the ATECC508A include:

  • Optimized key storage and authentication
  • ECDH operation using stored private key
  • ECDSA (elliptic-curve digital signature algorithm) sign-verify
  • Support for X.509 certificate formats
  • 256-bit SHA/HMAC hardware engine
  • Multilevel RNG using FIPS SP 800-90A DRBG
  • Guaranteed 72-bit unique ID
  • I2C and single-wire interfaces
  • 2 to 5.5V operation, 150-nA standby current
  • 10.5-kbit EEPROM for secret and private keys
  • High-Endurance Monotonic Counters
  • UDFN, SOIC, and 3-lead contact packages

In the wake of recent incidents, it is becoming increasingly clear that embedded system insecurity impacts everyone and every company. The effects of insecurity may not only be personal, such as theft of sensitive financial and medical data, but a bit more profound on the corporate level. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity.

Data security is directly linked to how exposed the cryptographic key is to being accessed by unintended parties including hackers and cyber-criminals. The best solution to keeping the “secret key secret” is to lock it in protected hardware devices. That is exactly what this latest iteration of security devices have, are and will continue to do. They are an inexpensive, easy, and ultra-secure way to protect firmware, software, and hardware products from cloning, counterfeiting, hacking, and other malicious threats.

Interested in learning more? Discover the latest in hardware-based security here. Meanwhile, you may also want to browse through recent articles on the topic, including “Is the Internet of Things just a toy?,” “Greetings from Digitopia,” “What’s ahead this year for digital insecurity?,” and “Don’t be an ID-IoT.

Report: The car of 2025 will repair and drive itself


An IBM study says more intelligent cars will be commonplace by 2025, while self-driving cars may not.


With the emergence of the IoT, our world is becoming increasingly more connected. Not only is it our kitchens and living rooms, but smart “things” are beginning to infiltrate our garages and roads as well. Today, it is more apparent than ever before that consumers are more engaged, meaning they will demand a more seamlessly-integrated, personalized experience inside their ride. As more cars go online, IBM points out that the lines of the automotive industry will blur and the ecosystem will expand to include electronics and telecommunications enterprises.

auto2025-infographic-620-2

According to the company’s Automotive 2025 study — which was based on interviews from 175 automobile industry executives spanning 21 countries — 38% expect at least partial autonomous cars over the next 10 years that will be able to drive themselves in certain designated areas. While these cars will be far more digitally-savvy and connected than anything we have today, only 8% of the executives predicted entirely driverless automobiles. That isn’t to say they wouldn’t welcome them.

In fact, a vast majority (87%) of those surveyed claimed that they believe partially-automated driving, such as an expansion of today’s self-parking or lane change assist technologies, will enter a state of ubiquity in the coming years. Meanwhile, 55% said highly-automated driving, where the system recognizes its limitations and calls the driver to take control, if needed, allowing the driver to perform some non-driving tasks in the meantime, will also be adapted by 2025.

The study found that nearly one-fifth (19%) of the business leaders felt that their companies are fully prepared for the challenges of the next decade, while one-third (33%) believed their organizations are adaptable to facing those obstacles.

The IBM study goes onto reveal that by 2025, vehicles will be intelligent enough to configure themselves to a driver and other occupants. In other words, cars will be able to learn, heal, drive and socialize with other automobiles, and their surrounding environment through vehicle-to-vehicle communication. Indeed, nearly 80% of the execs believe these cognitive technologies will be a key component of how vehicles learn and reason to provide a better experience for the occupants and optimize their own performance. With the rise of V2V communication, next-gen cars will be equipped to monitor drivers with heart conditions for signs of heart attack or even repair itself without human intervention.

atmel-avantcar-2

Soon, our vehicles will be able to take on their own “digital personas” and join car-to-car “social networks,” an area in which 57% of respondents felt would come to fruition over the next decade. This would enable vehicles to share not only traffic and weather conditions, but information specific to a given automaker. The study also indicated that nearly two out of every three (63%) executives saw mobility services or ride-sharing as an area for greater collaboration with consumers, while more than half (59%) cited product design, marketing campaigns (54%) and service/after-sales (52%) as areas that the industry could tremendously benefit from working directly with drivers.

Whatever the future holds, IBM encourages that “automotive enterprises must adapt to how consumers can access vehicles in new ways and use them in their digital lives — and how cars now fit into an increasingly complex web of transportation options. Looking toward 2025, those enterprises that welcome the openness transforming the business are setting the stage for success.”

While we await 2025, Reuters has recently published their latest report on The State of Innovation in the Automotive Industry 2015. According to the global news agency, GM, Toyota and Hyundai are all making a huge investment on self-driving cars. Though Google may have gotten the lion’s share of the headlines when it comes to autonomous vehicles, a number of today’s biggest carmakers are filing the most patents in this space. GM, in particular, has shown an astonishing increase in interest with the most documents published in 2013, as the chart below demonstrates.

screen shot 2015-01-22 at 10.29.44 am.png

So, what’s next for automotive market in the forthcoming years? Whether it’s sensor-laden vehicles or flying cars, a much smarter, safer and secure future is in store. Without question, today’s drivers make demanding customers for carmakers, so automotive electronics will remain a demanding application area, an area in which we know quite a bit about. Buckle up, we’re driving the Internet of Things in the fast lane