On Practical Machinst, there's a fascinating thread about the manufacturer's lockdown on a high-priced, high-end Mori Seiki NV5000 A/40 CNC mill. The person who started the thread owns the machine outright, but has discovered that if he moves it at all, a GPS and gyro sensor package in the machine automatically shuts it down and will not allow it to restart until they receive a manufacturer's unlock code.
Effectively, this means that machinists' shops can't rearrange their very expensive, very large tools to improve their workflow from job to job without getting permission from the manufacturer (which can take a month!), even if their own the gear.
According to posts in the thread, many manufacturers have introduced this lockdown feature because their goods have found their way into Iran, violating the embargo. So now these machines can't be moved at all without the manufacturer's knowledge and consent, a situation that the manufacturers have turned into a business-opportunity by using the technology to assist in repossessing machines from delinquent lease-payers -- and requiring permission for privilege of deciding where to place their key capital assets.
I'm interested in the security implications of this. Malware like Stuxnet attacked embedded systems on computerized machines, causing them to malfunction in subtle ways. A subtly weakened or defective part from a big mill like the NV5000 might find its way into a vehicle or a high-speed machine, with disastrous consequences.
And since the mills are designed to be opaque to their owners, and to actively prevent their owners from reverse-engineering them (lest they disable the gyro/GPS), an infection would be nearly impossible to detect. Criminals and saboteurs are a lot less worried about voiding the warranty on your $100K business-asset than you are, and that asymmetry, combined with the mandate for opacity in the operations, presents a serious risk to machine shops and their customers (and their customers' users -- that is, everyone).
Thread: Mori/Ellison gyroscope unlocking
In 2014, IKEA, the Swedish-based global furniture company, sent a cease-and-desist letter to a blogger by the name of Jules Yap. Yap ran the extremely popular website IKEAhackers.net, which helped people “hack” IKEA furniture into new, creative, and unexpected designs. The site was already almost a decade old when IKEA’s lawyers demanded that Yap hand over the URL. What follows is a case study from Superfandom: How Our Obsessions are Changing What We Buy and Who We Are.
CSIR-Tech is the commercial arm of the Indian government’s Council of Scientific and Industrial Research; after spending ₹50 crore (about USD7.6M) pursuing more than 13,000 “bio-data patents” (patents of no real value save burnishing the credentials of the scientists whose names appear on them), they have run out of money and shut down.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers’ data; undersecured it; and then failed to warn their customers that they were at risk.
What could be more fun than a slingshot that shoots tiny airplanes? A slingshot that shoots tiny glowing airplanes of course! These toy planes are outfitted with ultra-bright LEDs, so you can fly all night without losing them in the trees.Whether you are a regular-sized child, or an overgrown adult one, these light-up flyers offer […]
You know the drill. You go to the dentist and they ask you how often you floss. You lie through your teeth and say, “every day!” (Bonus points if you have some cilantro or chives stuck in your gums from lunch). You don’t want to keep up the charade any longer, but rubbing that tiny strand […]
The Raspberry Pi Foundation has done outstanding work packing a fully capable desktop computer into a package the size of a deck cards—especially one that only costs $35. But if you already have a working laptop, why should you care? Oh, how much you have to learn. Besides operating well as a compact digital media hub, […]