#qi-hardware IRC log for Tuesday, 2014-02-18

wpwraknicksydney: well, about one hour by train. by australian standards, that's next-door neighbours (or closer), right ? :)00:05
nicksydneywpwrak: as  long as in one continent everybody is our next-door neighbours :)00:06
nicksydney1hr train ride is very close :)00:06
nicksydneyi hope too that they can work it out and neo900 will keep on going as it is a big project that people can learn from 00:07
nicksydneywpwrak: have you come across supplier selling nordic chip like the one used in this http://www.ebay.com/itm/17083837317100:10
wpwrakhttp://www.digikey.com/product-search/en/rf-if-and-rfid/rf-transceivers/3539948?k=NRF24L01 ?00:19
CYB3RIs it possible to enter usbboot mode without nand?00:25
wpwrakCYB3R: since it's used to bring up the NAND from scratch, i'd think so :)00:31
whitequarkI think you enter usbboot mode via BOOT[01] pins00:32
CYB3Rwhitequark: I mean stage2 boot00:33
nicksydneywpwrak: wonder why i didn't find it yesterday when looking for it :(01:09
wpwrakif neo900 is still alive, then this should be fun news: https://www.schneier.com/blog/archives/2014/02/picasso_nsa_exp.html04:15
nicksydneywpwrak: man feel so naked after reading that link :)05:14
whitequarkthat one seems to be not for spying, but for undercover agents though05:15
whitequarkthe "S" instead of "TS" designation kinda confirms05:15
wpwrakin the comments someone offered a good explanation: it's for both agents and their marks05:25
whitequarkeither way this is something that probably should exist and doesn't worry me too much.05:27
wpwrakconsider that this probably requires the cooperation of the phone makers05:30
wpwraknow, who says this isn't a standard feature by now, ready to be activated by a suitable code ?05:30
whitequarkif you use gsm, you're pwned by default. almost all that info can be extracted without any cooperation with phone05:32
wpwrakvoice recording ?05:32
whitequarkreally, I bet SIM itself can do everything except voice recording, it's powerful enough and it can send SMS whenever it wants05:33
whitequarkand voice... well, you'd have to collect voice from the network05:33
whitequarkhow exactly are they sending voice via SMS?05:34
wpwrakyeah, i kinda wonder05:35
wpwrakmaybe MMS. they can be pretty large.05:36
whitequarkthat requires GPRS already05:36
whitequarkhm... C140 has GPRS but not MMS05:36
whitequarkanyway. I bet you don't even need vendor cooperation today05:37
whitequarkif all RILs are written like the one in SGS2, they can be remotely exploited by a toddler05:37
whitequarkcode like char number[18]; strcpy(number, sms.number);05:37
whitequarkand of course RIL runs effectively under root05:38
whitequarkapart from the fact that outdated linux usually has a dozen of easy local vulnerabilities05:39
DocScrutinizer05they don't send voice via SMS. they instruct the ME to initiate a stealth phonecall (or, for calls, redirect the call to a "proxy" that recors stuff and forwards the call to original destination). And none of all that needs any special hw support, it's a "standard" feature of "standard" spyware you can buy for almost every phone, for a few 1000 bucks, form non-government providers of such security software06:58
DocScrutinizer05agencies probably can remote-install such stuff meanwhile to any phone they like (except a very few ones that don't allow such exploits by design)07:00
DocScrutinizer05as mentioned in another comment, meanwhile improved spyware may record hours of audio and then send it in burst via GPRS/UMTS data link07:01
DocScrutinizer05or even via HSCSD07:01
DocScrutinizer05at least for HSCSD a minimum cooperation from network carrier is needed07:02
DocScrutinizer05no so for the whole rest of this type of attack07:03
DocScrutinizer05except for installing OTA07:03
DocScrutinizer05this also would need support from carrier07:03
DocScrutinizer05well, unless they found a nice service SMS that makes the phone download the malware from some URL07:04
nicksydneywpwrak: http://www.cnx-software.com/2014/02/18/stmicro-unveils-10-mbed-enabled-and-arduino-compatible-nucleo-development-boards/07:08
nicksydneyanybody going to Embedded World 2014 in Germany  ...they can get the board for FREE :) register here http://www.st.com/web/en/support/nucleo_ew14_registration.html?icmp=reg-form-nucleo_pron_pr-nucleo_feb2014 :)07:09
nicksydneyhmm.......they rush in releasing the website ..can you spot the problem07:10
nicksydneyRegistration procedure: in order to get your free STM32 Nucleo board from STs booth at embedded world 2013, fill in the form below and submit it. You will receive a personalized voucher to the email address specified in the form. Please show up with the voucher on STs booth to claim your discovery kit. 07:10
nicksydneywpwrak:  wish Germany was like 1hr by train  : )07:11
nicksydneyi can call as neighbour :)07:11
DocScrutinizer05>>in order to get your free STM32 Nucleo board from STs booth at embedded world 2013<< MHM07:21
larschm, the terms and conditions are an empty page08:01
DocScrutinizer05great! :-P No terms and conditions, no obligations. No wasted times to read them09:28
DocScrutinizer05WTF?! the difference between http://www.st.com/web/catalog/tools/FM116/SC959/SS1532/LN1847/PF259997 and http://www.st.com/web/catalog/tools/FM116/SC959/SS1532/LN1847/PF260000 is exactly only the color of that "Nucleo" cricle (pink vs yellow)??09:31
DocScrutinizer05ooh, http://www.st.com/web/catalog/tools/FM116/SC959/SS1532/LN1847/PF259997 comes with "STSW-STM32143HAL library for STM32 Nucleo with application examples" (last link on page)09:33
DocScrutinizer05aaah, now! one has 32k, one 64k, one 512k flash09:36
nicksydneyDocScrutinizer05: yes :)09:56
nicksydneylarsc: yeah they printed as 2013 instead of 201409:56
nicksydneyfound out that the shipping cost for a $10 board is using FedEx that can cost close to $30...FAIL !09:57
wpwraknicksydney: mbed ... cloud-based development. what could possibly go wrong ? ;-)12:18
Action: lekernel remembers having once paid 80¬ shipping for 15¬ worth of goods12:20
nicksydneywpwrak: its in the cloud so everything is safe :)12:27
nicksydneywpwrak: unless you like to be 'looked' at ;)12:27
nicksydneyprice of sophisticated silicons are dropping like a fly but shipping cost never goes down !12:28
larsctime for DIY fabs12:31
wpwraktime for Courier It Yourself :)12:36
larsclets see if my drone can do germany <-> australia without any stops ;)12:39
nicksydneylarsc: if that's possible you will be the next Google's of Drone :)12:40
nicksydneywpwrak: CIY ? :) not CNY :)12:40
larscthe problem is I guess that it is still more cost effective to transport a lot of packages in one big vehicle rather than in a lot of small verhicles12:46
nicksydneythe best thing to do for large corporation is to send packages from China as shipping cost is darn good there12:54
wpwrakdon't they have some old icbms in russia ? much more efficient than a drone13:05
larscif you have 20 mio, no problem13:08
wpwrakah, you already inquired :)13:54
larscwell at least that's what it was a couple of years ago13:56
larscyou can probably get one for a couple of bit coins today13:56
wpwraka anonymous coin could also work for the CIY network: let each "node" advertize the nodes it connects to, with cost, typical delay, and any other restrictions (e.g., maximum declared value and such). then you can find the optimum path through the network.15:18
wpwrakattach a QR code to each shipment so each node can do "tracking"15:18
--- Wed Feb 19 201400:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!