Researchers at the University of Zurich and EPFL have created a robot that shrinks to fit through gaps, a feature that could make it perfect for search and rescue missions. The researchers initially created a drone that could assess man-made gaps and squeeze through in seconds using only one camera. This extra feature — a scissor-like system to shrink the drone in flight — makes it even more versatile and allows these drones to react to larger or smaller gaps in nature.
“The idea came up after we worked on quadrotor flight through narrow gaps,” said PhD candidate Davide Falanga. “The goal of our lab is to develop drones which can be in the future used in the aftermath of a disaster, as for example an earthquake, in order to enter building through small cracks or apertures in a collapsed building to look for survivors. Our previous approach required a very aggressive maneuver, therefore we looked into alternative solutions to accomplish a task as passing through a very narrow gap without having to fly at high speed. The solution we came up with is the foldable drone, a quadrotor which can change its shape to adapt to the task.”
The system measures the gap and changes its shape without outside processing, a feat that is quite exciting. All of the processing is done on board and it could be turned into an autonomous system if necessary. The team built the drone with off the shelf and 3D-printed parts.
“The main difference between conventional drones and our foldable drone is in the way the arms are connected to the body: each arm is connected through a servo motor, which can change the relative position between the main body and the arm. This allows the robot to literally fold the arms around the body, which means that potentially any morphology can be obtained. An adaptive controller is aware of the drone’s morphology and adapts to it in order to guarantee stable flight at all times, independently of the configuration,” said Falanga.
The team published a report on their findings in Robotics and Automation Letters. As IEEE notes, this is no flying drone dragon, but it is a far simpler, cooler and more effective product.
We were promised jetpacks, but let’s be honest, they’re just plain unsafe. So a nice …
Privacy-tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them.
The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier. The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.
“On the disk of those two servers was an OpenVPN server certificate and its private key,” a Windscribe representative wrote in the July 8 post. “Although we have encrypted servers in high-sensitivity regions, the servers in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this.”
Windscribe’s admission underscores the risks posed by an explosion of VPN services in recent years, many from businesses few people have heard of before. People use VPNs to funnel all their Internet traffic into an encrypted tunnel, to prevent people connected to the same network from being able to read or tamper with data or to detect the IP addresses of the two parties communicating. The VPN service then decrypts the traffic and sends it to its final destination.
By failing to follow standard industry practices, Windscribe largely negated those security guarantees. While the company attempted to play down the impact by laying out the requirements an attacker would have to satisfy to be successful, those conditions are precisely the ones VPNs are designed to protect against. Specifically, Windscribe said, the conditions and the potential consequences are:
The attacker has control over your network and can intercept all communications (privileged position for MITM attack)
You are using a legacy DNS resolver (legacy DNS traffic is unencrypted and subject to MITM)
The attacker has the ability to manipulate your unencrypted DNS queries (the DNS entries used to pick an IP address of one of our servers)
You are NOT using our Windscribe applications (our apps connect via IP and not DNS entries)
The potential impact for the user if all of the above conditions are true:
An attacker would be able to see unencrypted traffic inside of your VPN tunnel
Encrypted conversations like HTTPS web traffic or encrypted messaging services would not be affected
An attacker would be able to see the source and destinations of traffic
It’s important to remember that:
Most internet traffic is encrypted (HTTPS) inside of your VPN tunnel
No historical traffic is at risk thanks to PFS (perfect forward secrecy) which prevents decryption of historical traffic, even if one possesses the private key for a server
No other protocols supported by our servers are affected, only OpenVPN
Three years late
Besides the lack of encryption, the company also uses data compression to improve network performance. Research presented at the 2018 Black Hat security conference in Las Vegas disclosed an attack known as Voracle, which uses clues left behind in compression to decrypt data protected by OpenVPN-based VPNs. A few months later, OpenVPN deprecated the feature.
The privacy-tools maker said it’s in the process of overhauling its VPN offering to provide better security. Changes include:
Discontinuing use of its current OpenVPN certificate authority in favor of a new one that “follows industry best practices, including the use of an intermediate certificate authority (CA)”
Transitioning all servers to operate as in-memory servers with no hard disk backing. This means that any data the machines contain or generate, live solely in RAM and can’t be accessed once a machine has been shut off or rebooted
Implementing a forked version of Wireguard as the primary VPN protocol.
Deploying “resilient authentication backend” to allow VPN servers to function even if there is a complete outage of core infrastructure.
Enabling new application features, such as the ability to change IP addresses without disconnecting, request a specific and static IP, and “multi-hop, client side R.O.B.E.R.T. rules that are not stored in any database.”
Windscribe representatives didn’t respond to an email seeking comment for this post. It’s not clear how many active users the service has. The company’s Android app, however, lists more than 5 million installs, an indication that the user base is likely large.
The seizure of the Windscribe servers underscores the importance of the kind of basic VPN security hygiene that the company failed to follow. That, in turn, emphasizes the risks posed when people rely on little-known or untested services to shield their Internet use from prying eyes.
Apple has issued a new software update for iPhones, iPads, and Macs just a few days after the company launched macOS 10.15 and iOS/iPadOS 14.7.
The updates add no new features, but the iPhone update fixes one bug. From Apple’s release notes:
iOS 14.7.1 fixes an issue where iPhone models with Touch ID cannot unlock a paired Apple Watch using the Unlock with iPhone feature. This update also provides important security updates and is recommended for all users.
As for macOS, there are no listed changes besides security updates. And Apple lists the same security update for iOS, iPadOS, and macOS. Here are the details from Apple’s support hub:
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30807: an anonymous researcher
Last week, Apple released software updates for all its platforms, including iOS 14.7, iPadOS 14.7, and macOS 10.15. Among other things, iOS 14.7 added support for the new MagSafe Battery Pack accessory, introduced a new multiuser Apple Card Family feature, and made several small tweaks throughout the operating system. macOS 10.15 was a smaller update that came a few days later; it simply added a new way to sort shows in the Podcasts app and fixed a couple of bugs.
Apple’s software releases tend to follow a common pattern. Top-level numbers like “iOS 13” or “iOS 13” are annual releases that introduce a bunch of significant new features or changes. Then, any update with a number after one decimal point (like iOS 14.7) adds at least one new feature and a handful of bug fixes. When you see another number after another decimal point—as in this case with iOS 14.7.1—you’re usually looking at an update that targets one or two bugs or security vulnerabilities but doesn’t add new features.
Today’s follow-up software updates are available to all supported devices right now.
A new investor note from JPMorgan Chase seen by AppleInsider and MacRumors claims that Apple’s high-end iPhone models will soon use titanium alongside or instead of aluminum or stainless steel. It also provides new insights about what to expect from 2022’s iPhone lineup.
Drawing from supply line sources, the note says the materials change is coming in 2022 and that Foxconn will be Apple’s exclusive supplier for the titanium components. The Pro model phones from that year are likely to use a titanium alloy, which is stronger and more resistant to scratches than the stainless steel used in current iPhone models.
While the analyst report does not specify, it’s very likely that we’re talking about the metallic band around the edge of the iPhone, not the front and the back. The front is expected to still be glass, and given that Apple continues to introduce new MagSafe and wireless charging products and features, we expect the back to remain glass as well.
The report also says the iPhone 14 will see more significant changes than the iPhone 13, suggesting that this year’s new iPhones will be spec bumps with minor new features akin to past iPhone launches with an “-S” appended to the products’ names. Meanwhile, the iPhone 14 in 2022 will bring with it a redesign of sorts and major new features, akin to the iPhone X or iPhone 12.
Additionally, JPMorgan Chase corroborates another recent report that Apple will not produce an iPhone 14 mini. That report, from Nikkei Asia, claimed that Apple will sometime in 2022 introduce a 5G iPhone SE with the latest, fastest CPU and the same look and feel as the current iPhone SE—but that this will be a death knell for the iPhone mini, which was introduced as part of the iPhone 12 lineup in 2020 but which has failed to meet sales expectations.
Currently, Apple offers two options for users of small, one-handed phones. There’s the iPhone SE, which emphasizes low cost by using older technologies like an LCD display and the home button. And there’s the iPhone 12 mini, which places the latest chip, screen, and camera tech Apple has to offer in a smaller chassis at a price close to that of the other flagships.
Based on the insights from Nikkei and JPMorgan Chase, it appears that Apple will soon relegate small phones to the budget bin (or midrange bin, you could really argue), with the most expensive flagships with the latest features staying big.