Hackaday Links: March 3, 2024

Who’d have thought that $30 doorbell cameras would end up being security liabilities? That’s the somewhat obvious conclusion reached by Consumer Reports after looking at some entry-level doorbell cameras available through the usual outfits and finding glaring security gaps which are totally not intentional in any way.

All these cameras appear to be the same basic hardware inside different enclosures, most supporting the same mobile app. Our favorite “exploit” for these cameras is the ability to put them into a pairing mode with the app, sometimes by pressing a public-facing button. Slightly more technically challenging would be accessing images from the app using the camera’s serial number, or finding file names being passed in plain text while sniffing network traffic. And that’s just the problems CR identified; who knows what else lurks under the covers? Some retailers have stopped offering these things, others have yet to, so buyer beware.

Speaking of our techno-dystopian surveillance state, if you’ve had it with the frustrations and expense of printers, has Hewlett-Packard got a deal for you. They want you to never own a printer again, preferring that you rent it from them instead. Their “All-In Plan” launched this week, which for $6.99 a month will set up up with an HP Envy inkjet printer, ink deliveries, and 24/7 tech support. It doesn’t appear that paper is included in the deal, so you’re on your own for that, but fear not — you won’t go through much since the entry-level plan only allows 20 prints per month. Plans scale up to 700 prints per month from an OfficeJet Pro for the low, low price of $36. The kicker, of course, is that your their printer has to be connected to the Internet, and HP can pretty much brick the thing anytime they want to. The terms of service also explicitly state that they’ll be sending your information to advertising partners, so that’ll be fun. This scheme hearkens back to the old pre-breakup days of AT&T, where you rented your phone from the phone company. That model made a lot more sense when the phone (probably) wasn’t listening in on everything you do. This just seems like asking for trouble.

<img decoding="async" data-attachment-id="666076" data-permalink="https://hackaday.com/2024/03/03/hackaday-links-march-3-2024/ghlcvkdxqaacwqk/" data-orig-file="https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg" data-orig-size="474,314" data-comments-opened="1" data-image-meta="{"aperture":"0","credit":"","camera":"","caption":"","created_timestamp":"0","copyright":"","focal_length":"0","iso":"0","shutter_speed":"0","title":"","orientation":"0"}" data-image-title="GHLcvKDXQAAcwqK" data-image-description data-image-caption="

Credit: NASA/JPL-Caltech/LANL/CNES/IRAP/Simeon Schmauß

” data-medium-file=”https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg?w=400″ data-large-file=”https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg?w=474″ class=” wp-image-666076″ src=”https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg” alt width=”356″ height=”236″ srcset=”https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg 474w, https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg?resize=250,166 250w, https://hackaday.com/wp-content/uploads/2024/03/GHLcvKDXQAAcwqK-e1709349875621.jpeg?resize=400,265 400w” sizes=”(max-width: 356px) 100vw, 356px”>

“Enhance, enhance…” Credit: NASA/JPL-Caltech/LANL/CNES/IRAP/Simeon Schmauß

It’s been a while since Ingenuity‘s final rough landing on Mars permanently grounded the overachieving helicopter, long enough that it’s time for the post-mortem analyses to begin. The first photographic evidence we had was a shadowgram from one of the helicopter’s navigational cameras, showing damage to at least one of the rotor tips, presumably from contact with the ground. Then we were treated to a long-distance shot from Ingenuity‘s rover buddy Perseverance, which trained its MASTCAM instruments on the crash zone and gave us a wide view of its lonely resting place.

Now, geovisual design student [Simeon Schmauβ] has taken long shots made with the rover’s SuperCam instrument and processed them into amazingly detailed closeups, which show just how extensive the damage really is. One rotor blade sheared clean off on contact, flying 15 meters before gouging a hole in the regolith. Another blade looks to be about half gone, while the remaining two blades show the damaged tips we’ve already seen. That the helicopter is still on its feet given the obvious violence of the crash is amazing, as well as an incredible piece of luck, since it means the craft’s solar panel is pointing in roughly the right direction to keep it powered up.

You know things are getting weird in the world when the US government starts talking about memory-safe programming. That’s what happened this week, and we’re still trying to wrap our heads around this. Luckily, Maya Posch did an in-depth look at the proposal from the White House Office of the National Cyber Director — you know it’s important because “cyber” is right in the name. Her take is switching from C/C++ to inherently memory-safe languages wouldn’t really have that much of an impact, because not a lot of vulnerabilities are coming from that direction anymore. Granted, there was a time when CVEs that boiled down to buffer overflows were coming fast and furious, but most of those bugs seem to have been shaken out. Infosec pro [lcamtuf] largely seems to agree that memory safety issues are no longer low-hanging fruit, making the great point that the combination of PHP, SQL, and JavaScript has probably done far more damage than all the buffer overflow exploits ever found combined.

And finally, if you’ve got an hour to spare, you’d do worse than to spend it watching Animagraffs latest video, which is an up close and personal tour of the greatest airplane ever made: the SR-71 Blackbird (fight me). The 3D renders in this video are fantastic, and the level of detail, especially in the cockpit, is just astonishing. We never knew the Blackbird wasn’t a fly-by-wire plane; we just figured something that cool and futuristic-looking wouldn’t have cables and bellcranks connecting the stick and rudder pedals to the control surfaces. Sure, there are hydraulic actuators back on the elevons and rudders, and the mechanical mixer is a work of art, but the pilot being physically connected to the control surfaces is pretty amazing.

This post was originally published on this site