These days displays are increasingly expected to be bidirectional devices, accepting not only touch inputs, but also to integrate fingerprint sensing and even somehow combine a camera with a display without punching a hole through said display. Used primarily on smartphone displays, these attempts have been met with varying degrees of success, but a recently demonstrated version in Nature Communications which combines an OLED with photosensors in the same structure might provide a way to make such features much more effective.

The article by [Chul Kim] and colleagues of the Samsung Display Research Center in South Korea the construction of these bidirectional OLED displays is described, featuring the standard OLED pixels as well as an organic photodiode (OPD) placed side-by-side. Focusing on the OLED’s green light for its absorption characteristics with the human skin, the researchers were able to use the produced OLED/OPD hybrid display for fingerprint recognition, as well as a range of cardiovascular markers, including heart rate, blood pressure, etc.

The basic principle behind these measurements involves photoplethysmography, which is commonly used in commercially available pulse oximeters. Before these hybrid displays can make their way into commercial devices, there are still a few technical challenges to deal with, in particular electrical and optical leakage. The sample demonstrated appears to work well in this regard, but the proof is always in the transition from the lab to mass-production. We have to admit that it would be rather cool to have a display that can also handle touch, fingerprints and record PPG data without any special layers or sensor chips.

hackaday.com/2024/10/24/using-…

Automating tasks with a robot sounds appealing, but not everyone has the budget for an Aismo or Kuka. [FABRI Creator] has a great tutorial on how to build your own mini robotic arm for small, repeatable tasks.

Walking us through the entire build, step-by-step, [FABRI Creator] shows us how to populate the custom-designed PCB and where to put every servo motor and potentiometer to bring the creation to life. This seems like a great project to start with if you haven’t branched out into motion systems before since it’s a useful build without anything too complicated to trip up the beginner.

Beyond the usual ability to use the arm to perform tasks, this particular device uses an Arduino Nano to allow you to record a set of positions as you move the arm and to replay it over and over. The video shows the arm putting rings on a stand, but we can think of all kinds of small tasks that it could accomplish for us, letting us get back to writing or hacking.

If controlling a robot arm with potentiometers sounds familiar, maybe you remember this robot arm with an arm-shaped controller.

youtube.com/embed/cWuJPlkmxCE?…

hackaday.com/2024/10/24/mini-r…

For those of us devoted to keeping an older vehicle on the road, the struggle is real. We know that at some point, a part will go bad and we’ll learn that it’s no longer available from the dealer or in the aftermarket, at least at a reasonable cost. We might get lucky and find a replacement at the boneyard, but if not — well, it was nice knowing ya, faithful chariot.

It doesn’t have to be that way, though, at least if the wonky part is one of the many computer modules found in most cars made in the last few decades. Sometimes they can be repaired, as with this engine control module from a Ford F350 pickup. Admittedly, [jeffescortlx] got pretty lucky with this module, which with its trio of obviously defective electrolytics practically diagnosed itself. He also had the advantage of the module’s mid-90s technology, which still relied heavily on through-hole parts, making the repair easier.

Unfortunately, his luck stopped there, as the caps had released the schmoo and corroded quite a few traces on the PCB. Complicating the repair was the conformal coating on everything, a common problem on any electronics used in rough environments. It took a bit of probing and poking to locate all the open traces, which included a mystery trace far away from any of the leaky caps. Magnet wire was used to repair the damaged traces, the caps were replaced with new ones, and everything got a fresh coat of brush-on conformal coating.

Simple though they may be, we really enjoy these successful vehicle module repairs because they give us hope that when the day eventually comes, we’ll stand a chance of being able to perform some repair heroics. And it’s nice to know that something as simple as fixing a dead dashboard cluster can keep a car out of the crusher.

youtube.com/embed/wCSN0tkegLQ?…

hackaday.com/2024/10/24/simple…

Fundamentally, an artificial intelligence (AI) is nothing more than a system that takes a series of inputs, makes some prediction, and then outputs that information. Of course, the types of AI in the news right now can handle a huge number of inputs and need server farms’ worth of compute to generate outputs of various forms, but at a basic level, there’s no reason a purpose-built AI can’t run on much less powerful hardware. As a demonstration, and to win a bet with a friend, [mondal3011] got an artificial intelligence up and running on an Arduino.

This AI isn’t going to do anything as complex as generate images or write clunky preambles to every recipe on the Internet, but it is still a functional and useful piece of software. This one specifically handles the brightness of a single lamp, taking user input on acceptable brightness ranges in the room and outputting what it thinks the brightness of the lamp should be to match the user’s preferences. [mondal3011] also builds a set of training data for the AI to learn from, taking the lamp to various places around the house and letting it figure out where to set the brightness on its own. The training data is run through a linear regression model in Python which generates the function that the Arduino needs to automatically operate the lamp.

Although this isn’t the most complex model, it does go a long way to demonstrating the basic principles of using artificial intelligence to build a useful and working model, and then taking that model into the real world. Note also that the model is generated on a more powerful computer before being ported over to the microcontroller platform. But that’s all par for the course in AI and machine learning. If you’re looking to take a step up from here, we’d recommend this robot that uses neural networks to learn how to walk.

hackaday.com/2024/10/24/artifi…

The Vectrex was a unique console from the early 1980s. Developed by a company you’ve probably never heard of—Smith Engineering—it was put into production by General Consumer Electronics, and later sold by Milton Bradley. It was an outright commercial failure, but it’s remembered for its sharp vector display and oddball form factor.

The Vectrex was intended for tabletop use in a home environment. However, [Jeroen Domburg], also known as [Sprite_tm], decided to set about building a portable version. This wasn’t easy, but that just makes the development process a more interesting story. Thankfully for us, [Sprite_tm] was kind enough to tell the tale at the 2023 Hackaday Supercon.

Vectorlicious

youtube.com/embed/zBVmCFS2sYs?…
Vector graphics were the thing that set the Vectrex apart.
[Sprite] starts by introducing the audience to the Vectrex, just to make sure everyone understands what was special about this thing. For comaprison’s sake, he lines it up against its contemporaries. Back in the early 1980s, the Atari 2600 and the Intellivision had incredibly low resolution video output with big ugly pixels. In contrast, the Vectrex could draw clean, sharp lines with its inbuilt vector-style display.

Basically, instead of coloring in individual pixels, the Vectrex instead drew lines from point to point on the screen. It was an entirely different way of doing graphics—fast, tidy, and effective—and it was popular in early video arcade games, too. Some Vectrex games even came with plastic overlays to create the impression of color on the screen. Unlike pixel displays, though, this technology didn’t really scale well to prettier, more lifelike graphics. Thus after the Vectrex, no other mainstream consoles adopted this technique.
The talk cites the awesome Scopetrex project, which lets you play Vectrex games on an oscilloscope.
From there, [Sprite_tm] walks the audience through the hardware of the Vectrex. The architecture is fairly simple, based around a 68A09 CPU, which is a Motorola CPU with some improvements over the earlier 6502. It’s paired with some ROM, RAM, and I/O glue logic, and it loads its games off cartridges. Then there’s the audio hardware, a digital-to-analog converter for video output, and all the subsequent analog electronics for driving the vector CRT display.

Unlike a modern console, what’s inside the box is no secret. Datasheets and full schematics are publicly available that lay out exactly how the whole thing works. This is hugely valuable for anyone looking to repair a Vectrex—or make a portable one. You don’t need to reverse engineer much, since it’s all laid out for you. Indeed, as [Sprite_tm] notes, a replica motherboard already exists that lets you play Vectrex games on an oscilloscope’s XY input.

Building the Portable

Some people have built small Vectrexes before, by going the emulator route with a Raspberry Pi and a small LCD display. [Sprite] wasn’t a fan of this route, as modern pixel LCDs make for jagged diagonal lines because they’re not proper vector displays like the original Vectrex CRT. Thus, to build a more authentic portable Vectrex, [Sprite_tm]’s build needed certain parts. On top of replicating the CPU and logic of the Vectrex, he needed to find a small CRT that operate as a proper vector display. Plus, he wanted to build something properly portable—”I wanna sit on the bus and then whip it out and play it,” he explains.

Obviously, finding a suitable CRT was the first big hurdle to clear. [Sprite_tm] mused over using a tube from a Sony Watchman handheld portable TV, but decided against it. He notes that these are fairly rare and valuable, and he didn’t want to destroy one for his project. But he still needed a small CRT in a practical form factor, and he found the perfect donor. In the 90s, LCDs were pretty crap and expensive, so apartment video intercoms relied on CRTs instead. Now, these systems are all largely defunct, and he notes you can find old examples of these answerphones for a few dollars online.
Pretty tidy.
Of course, these answerphone CRTs weren’t designed for vector operation. However, [Sprite_tm] teaches us how you can convert one to draw straight lines on command instead of scanning like a TV. You can get legit vector operation just by squirting the right voltages into the deflection coils. Of course, getting it to work in practice is a lot harder than you might think, but perseverance got the job done in the end. Understanding the physics involved is useful, too, and [Sprite_tm] explains the theory with an apt comparison between coils and a pig.

From there, the talk explains how the rest of the hardware came together. [Sprite_tm] elected to stuff all the Vectrex magic into an FPGA, which felt cooler than software emulation but was more compact than using all-original chips on a replica mainboard. It lives on a custom PCB that also carries all the necessary electronics to drive the CRT in the desired vector mode.

The build also has a cartridge port for playing original Vectrex games. However, for ease of use, [Sprite] also fitted a RISC V CPU, some RAM, and a microSD card for loading ROMs for games that he doesn’t own in physical format. Everything was then wrapped up in a custom 3D-printed case that’s roughly twice as large as the Nintendo Game Boy Color in length and width—and about four times thicker.

[Jeroen] built two examples. They’re very fully featured—they can play both real carts and ROMs off a microSD card.The final result? It’s a retrogaming triumph. The display isn’t perfect—it’s flickery, it’s a little skewed—but that’s not so different from the original Vectrex anyway. This thing is portable, it’s playable, and the vector CRT looks absolutely glorious, as does the case design. These things don’t make sense to make, as [Sprite] notes, but we agree with his ultimate assessment—this is art.

[Sam Battle] is no stranger to these pages, nor is his Museum is not Obsolete. The museum was recently gifted an enormous Nixie tube created by Dalibor Farný, a B-grade (well, faulty) unit that could not be used in any of their commissioned works but was perfectly fine for displaying in the museum’s retro display display. This thing is likely the largest Nixie tube still being manufactured; although we read that it’s probably not the largest ever made, it’s still awesome.
Every hacker should have their own museum.
It is fairly simple to use, like all Nixie tubes, provided you’re comfortable with relatively high DC voltages, albeit at a low current. They need a DC voltage because if you drive the thing with AC, both the selected cathode digit plate and the anode grid will glow, which is not what you need.

Anyway, [Sam] did what he does best, clamped the delicate tube in some 3D printed mounts and hooked up a driver made from stuff he scraped out of a bin in the workshop. Obviously, for someone deeply invested in ancient electromagnetic telephone equipment, a GPO (British General Post Office, now BT) uniselector was selected, manually advanced with an arcade-style push button via a relay. This relay also supplies the ~140 V for the common anode connection on the Nixie tube. The individual digit cathodes are grounded via the uniselector contacts. A typically ancient GPO-branded snubber capacitor prevents the relay contacts from arcing over and ruining the display unit. There isn’t much more to it, so if you’re in the Ramsgate, UK, area anytime soon, you can pop in and play with it for yourself.

Nixies are cool, we’ve covered Nixie projects for years, like this DIY project from ages ago. Bringing such things into the modern area is the current specialty of Dalibor Farný, with this nice video showing some of the workmanship involved. By the way — the eagle-eyed will have noticed that we covered this particular Nixie tube before, shown in the format of a large art installation. But it doesn’t hurt to get close up and play with it on the bench.\

youtube.com/embed/HE9XS6gJHA0?…

hackaday.com/2024/10/24/hands-…

Gli specialisti della sicurezza informatica hanno scoperto una nuova famiglia di malware per macOS in grado di crittografare i file. Il nome NotLockBitderiva dal fatto che tenta di impersonare il ransomware LockBit.

Il malware è scritto in Go e prende di mira i sistemi che eseguono Windows e macOS. Come altre minacce simili, NotLockBit utilizza tattiche di doppia estorsione, ovvero prima ruba i dati della vittima, quindi crittografa i file ed elimina le copie shadow. Pertanto, gli aggressori possono richiedere un riscatto sia per decrittografare i dati sia per non “far trapelare” le informazioni rubate nel pubblico dominio (o per non venderle ad altri criminali).

Come accennato in precedenza, la caratteristica distintiva di NotLockBit è che il malware tenta di impersonare il noto ransomware LockBit, con il quale in realtà non ha nulla a che fare. Secondo gli analisti di SentinelOne, il malware è distribuito sotto forma di file binari x86_64, il che suggerisce che funzioni solo su dispositivi macOS basati su processori Intel e Apple su cui è installato un emultare.

Durante l’attacco, NotLockBit raccoglie informazioni sul sistema e utilizza la chiave pubblica per crittografare una chiave master generata casualmente, che viene utilizzata durante la crittografia dei file. L’uso della crittografia RSA asimmetrica garantisce che la chiave principale non venga decrittografata senza la chiave privata degli aggressori.

NotLockBit aggiunge un’estensione .abcd ai file crittografati, inserisce una richiesta di riscatto in ogni cartella crittografata e quindi tenta di sostituire lo sfondo del desktop con un banner LockBit 2.0.

In un rapporto pubblicato la scorsa settimana , i ricercatori di Trend Micro che hanno studiato anche NotLockBit hanno notato che prima che inizi il processo di crittografia, il ransomware trasferisce i dati delle sue vittime in un bucket Amazon S3 controllato dagli aggressori utilizzando credenziali hardcoded di AWS.

“Crediamo che l’autore del ransomware stia utilizzando il proprio account AWS o un account compromesso. Abbiamo trovato più di trenta campioni, probabilmente creati dallo stesso autore, che indicano lo sviluppo e il test attivi di questo ransomware”, aveva avvertito Trend Micro.

Gli esperti hanno affermato di aver informato di questa attività dannosa i rappresentanti di AWS, che hanno già bloccato le chiavi di accesso AWS rilevate e l’account ad esse associato. Secondo SentinelOne, NotLockBit è la prima famiglia di ransomware veramente funzionale destinata a macOS. In precedenza, gli specialisti della sicurezza informatica si imbattevano solo in prototipi e vari proof-of-concept.

L'articolo Arriva NotLockBit! Una reale minaccia per Windows e Apple macOS proviene da il blog della sicurezza informatica.

The software and hardware worlds have overlaps, and it’s worth looking over the fence to see if there’s anything you missed. You might’ve already noticed that we hackers use PCB modules and devboards in the same way that programmers might use libraries and frameworks. You’ll find way more parallels if you think about it.

Building blocks are about belonging to a community, being able to draw from it. Sometimes it’s a community of one, but you might just find that building blocks help you reach other people easily, touching upon common elements between projects that both you and some other hacker might be planning out. With every building block, you make your or someone else’s next project quicker, and maybe you make it possible.

Sometimes, however, building blocks are about being lazy.

Just Throw Pin Headers

Back when I was giving design review on a LVDS driver board for a Sony Vaio display, there was a snag – the display used, doesn’t generate its own backlight voltage, so you have to bring your own backlight driver. Well, I didn’t want to bother designing the backlight driver portion of the circuit.

The way I justified it, adding that circuit to the board didn’t make much sense – the entire board was an experimental circuit, and adding one more experiment onto it would result in extra board revisions and reassemblies. Honestly, though, I just really didn’t want to design the LED driver circuit at the time – it didn’t feel as interesting.

So, I had an easy-to-follow proposal – let’s put all backlight-driver-related signals onto three pin headers, forming a “module” footprint of sorts, and then develop the module separately! The hacker agreed, and in the meantime, used a spare panel’s LED backlight to test the display in the meantime – way more accessible of a solution. The pin headers remained, at the time, bound to be unpopulated for, at least, until the next PCB order.

New revisions of the module came and went, now bearing a HDMI port and a whole new ASIC – easy to design, because, again, the hacker didn’t have to worry about the backlight circuit, and just kept the module footprint from the previous design. Was the backlight driver module PCB designed yet? Well, simply put, no.

A friend of mine, just a month later, was designing a motherboard replacement for a tablet computer, and she asked me for advice on how to power the backlight. I thought for a second, and, I had an easy answer for her – use the module footprint. At that point, I still haven’t designed the module, but I didn’t have to mention that. She rejoiced, put the module footprint onto the board, even designed her own neat symbol for it, and then promptly went on to lay out diffpairs and reverse-engineer pinouts, both significantly more fun activities than designing a backlight driver with zero experience in design of backlight drivers.

Some time later, I started getting insistent messages from the original hacker, about needing a backlight driver. The funny part is that by that point, I have already had designed a backlight driver circuit for my own Vaio motherboard, but I never felt engaged enough to turn it into a module. A different friend of mine was looking for small projects, however. I gave her the task: here’s a footprint for a module, here’s a circuit that goes onto the module, and we need a module. Indeed, she has delivered a module – by that point, a module we could put onto three different PCBs.

Building Blocks

The entire occasion definitely helped cement my reputation as someone who delivers, eventually – with big emphasis on eventually. It also brought four people and three projects together, and it let us order the first revision PCB way sooner than otherwise, all because we set out to eventually add the backlight circuit as a module. Now, this module is a building block in our projects – whenever one of us, or maybe one of you, needs a backlight driver, we know that we have an option handy.

I have some unique experiences with PCB modules as building blocks – at one point, I’ve built an entire phone out of them, and I still build devices heavily based on modules. Whenever I’d have the occasion, I’d throw a TP4056 module footprint onto a board instead of reimplementing the whole circuit from scratch. In 2022, I designed a module with a RP2040 and the FUSB302 USB-PD PHY – it was the building block that led to my USB-C series on Hackaday, and eventually helped me, my friends, and other hackers develop a whole lineup of unique USB-C devices.

Building block use and design is the fun way, and it’s the lazy way, and it’s the friendly way – would you believe me if I told you it’s also the safe way? Say, does your circuit need a custom DC-DC, or can you slap a few pads onto the board to connect a commonplace generic module? If you can afford the increased space, might as well make your board as simple as it goes – if there’s less to test and bringup, you’ll get to your project’s finish line earlier, and have less hurdles to jump over.

The Practical Aspects

There are a few techniques you can use if you want to make a building block – pin headers are the simple obvious one. Castellations is a fun one, and here’s a trick – you don’t have to pay JLCPCB for castellated holes, as long as you are fine getting dirty ones, which are still wonderful for prototyping. If you’re using Aisler, you can get perfect castellated holes, though – good for scaling up a module of yours after you’ve verified the design. Don’t be scared of turning through-holes into castellations – it works, and it’s super easy if your board is thin enough. Oh, and you might just be able to get castellations through V-Cuts!

Got an Eastern or Western module, and it doesn’t quite use pin headers? Get out the calipers, measure its pads, and create a footprint for it – you will thank yourself later. I’ve done just once for a 5 V boost module, stocking up on them and putting them onto a bunch of boards. It’s not like I’d feel comfortable designing 5 V boost regulators at the time, so the module has bought me a couple years of worrying about something else instead. The modules have since vanished from the market, but, today I’ve got a few 5 V boost designs I can easily make modules out of. Now, it looks like I can even upgrade my own old boards that are still in use!

When designing your own boards, try to put all pin headers on a grid, 2.54 mm (0.1in) is a must – only use an integer millimeter grid or pin headers if you have no other options. Such a module isn’t just solderable – it’s breadboardable, which helps a ton when you’re trying to figure out an especially daring circuit technique. Castellated modules can be breadboardable, too, if you make sure to concentrate the core necessary signals on two opposite sides!

Are you designing a new module for your own use? See if there’s a footprint you can copy, or an unspoken standard you can follow. Boards speak about themselves through their looks, and footprints convey a purpose through their layout. Look at the boards above- it’s pretty easy to notice that they are TP4056 style battery chargers, but all of them upgraded in their own way. If you follow an existing footprint when designing your own board, it’s going to look more familiar for a newcomer hacker, channeling the power of skeuomorphism where you might not have expected to find it.

The Looks Make The Module

Looking for a PCB form-factor? Going with a Dangerous Prototypes-blessed one brings you a ton of benefits, e.g., pre-made lasercut cases.
Board formats are underrated when it comes to accidentally creating building blocks. Sparkfun has example layouts for QWIIC devices – follow it, plop a JST-SH connector on, maybe order your PCB in red for a change, and your sensor PCB will shine in a whole new way in your eyes. Dangerous Prototypes, on the other hand, suggests a set of PCB formats known as Sick of Beige that work with existing enclosures and lasercut templates – that’s the surface-level benefit, the real deal is that these footprints also talk the Dangerous Prototypes language. If your programmer board feels like a generic rectangle, putting it into the frame of BusPirate fame will give it the air of hacker-oriented tooling. With both of these formats, you get mounting holes – mark of a hacker who knows what’s good.
Looking for a ToF sensor? Looking at this picture, you can instantly tell that this one‘s I2C and 3.3V – chances are, it will fit wonderfully into your project.
Interconnect standards go hand in hand with making your building blocks’ features recognizable without reading the silkscreen – it’s why I talk so much about QWIIC, and a JST-SH connector is always a welcome addition on my boards. Adding a well-recognized standard connector makes your board recognizable as a potential building block. Now, the board looks interoperable if you just give it a chance, equipped with a familiar socket, and perhaps, you won’t feel as much need for designing a new one – quite likely, building a new device in a single day instead of two weeks’ time.

Sometimes, your board will be split apart into building blocks without your involvement whatsoever. Publishing a design that goes beyond connecting a button to an LED? Try to fill in the blanks – it’s about helping the hacker that follows in your footsteps. Sometimes it’s a highschool kid trying to put together a design, and sometimes it’ll be you again, just a couple years later. So, note down the part number of that switcher inductor in the schematic, and fill in the values of the resistor divider while you’re at it – and if you’re revisiting a board of yours where you haven’t done that, do it, then git commit and git push.

Beyond The Ordinary

There’s building blocks everywhere for those with the eyes to see. A single-board computer is one, I’d argue – a SoM in a DDR footprint is one without a doubt. An engineer once showed me a technique for creating building blocks out of thin air – taking unpopulated leftover large project PCBs, then sawing out the section with the circuit you need. Sometimes, you really only need a single piece of that one Ethernet transceiver circuit, and you need it now – you might have not planned for it, but the Dremel tool forgives all.

Circuit blocks are an often requested feature in KiCad. At the moment, you can copy-paste portions of a schematic between projects – which is more than good enough for many circuits. It’s not as great for switching regulators or MCUs, however, and we can’t help but hope to see new advancements in the field soon. Perhaps, one day, you’ll be able to click a few buttons and turn your favourite USB hub into a circuit block – and from there, who knows, maybe you can fill the void that the NanoHub’s eternal out-of-stock state has left in our hearts!

Nonostante il clamore suscitato dal furto delle email dello staff di Hillary Clinton nel 2016, che avrebbe dovuto rappresentare un monito, sembra che l’insegnamento non sia stato recepito. infatti usare l’email istituzionale per registrarsi a siti di incontri ancora imperversa nei parlamentari italiani.

Secondo un’indagine condotta dalla Fondazione Proton insieme a Constella Intelligence, le credenziali di accesso, incluse email ufficiali e password, di ben 91 parlamentari italiani sono ora disponibili nel dark web.

73 deputati e 18 senatori hanno utilizzato i propri indirizzi di posta elettronica istituzionali per iscriversi a una varietà di servizi online, tra cui siti di incontri, utilizzando gli account ufficiali della Camera dei Deputati e del Senato. Tuttavia, questi siti sono stati successivamente hackerati, e i dati raccolti dai cybercriminali sono stati esposti nel dark web.

Tra le piattaforme violate che hanno contribuito a questa fuga di dati ci sono nomi noti come LinkedIn, Adobe, Dropbox e Dailymotion, oltre a servizi di incontri come Badoo. Il risultato è preoccupante: 195 password, di cui 188 in chiaro, legate a parlamentari italiani, sono ora liberamente accessibili nel dark web. Inoltre, le email istituzionali di questi politici sono state ripetutamente divulgate, con 402 segnalazioni di esposizione dei dati.

Fondazione Proton, dopo aver identificato i politici coinvolti, ha tentato di contattarli per avvertirli della situazione e consigliarli di aggiornare le proprie password e le informazioni di accesso. Tuttavia, sorprendentemente, nessuno dei destinatari ha risposto all’appello, lasciando intatte le credenziali compromesse.

Il rischio di queste violazioni è tutt’altro che teorico. Gli esperti di sicurezza informatica avvertono che, qualora uno dei servizi compromessi contenesse anche informazioni di pagamento, le conseguenze potrebbero includere frodi finanziarie. Inoltre, il furto di identità è un’altra minaccia seria: con le credenziali rubate, un malintenzionato potrebbe facilmente impersonare un parlamentare e accedere a informazioni sensibili o persino utilizzarle per scopi illeciti.

In conclusione, l’uso inappropriato degli account istituzionali espone non solo i singoli parlamentari, ma anche le istituzioni che rappresentano, a rischi considerevoli. Una maggiore consapevolezza sulla sicurezza digitale e l’adozione di pratiche più sicure sono ormai indispensabili per proteggere i dati sensibili e mantenere l’integrità delle istituzioni.

L'articolo Le Password di 91 Parlamentari Italiani Finiscono nel Dark Web: Coinvolti Anche Siti di Incontri! proviene da il blog della sicurezza informatica.

Over at the University of Wisconsin’s Undergraduate Projects Lab (UPL) there’s been a way to check whether this room is open for general use by CS undergraduates and others practically for most of the decades that it has existed. Most recently [Andrew Moses] gave improving on the then latest, machine vision-based iteration a shot. Starting off with a historical retrospective, the 1990s version saw a $15 camera combined with a Mac IIcx running a video grabber, an FTP server and an HP workstation that’d try to fetch the latest FTP image.

As the accuracy of this system means the difference between standing all forlorn in front of a closed UPL door and happily waddling into the room to work on some projects, it’s obvious that any new system had to be as robust as possible. The machine vision based version that got installed previously seemed fancy: it used a Logitech C920 webcam, a YOLOv7 MV model to count humanoids and a tie into Discord to report the results. The problem here was that this would sometimes count items like chairs as people, and there was the slight issue that people in the room didn’t equate an open door, as the room may be used for a meeting.

Thus the solution was changed to keeping track of whether the door was open, using a sensor on the two doors into the room. Sadly, the captive-portal-and-login-based WiFi made the straightforward approach with a reed sensor, a magnet and an ESP32 too much of a liability. Instead the sensor would have to communicate with a device in the room that’d be easier to be updated, ergo a Zigbee-using door sensor, Raspberry Pi with Zigbee dongle and Home Assistant (HA) was used.

One last wrinkle was the need to use a Cloudflare-based tunnel add-on to expose the HA API from the outside, but now at long last the UPL door status can be checked with absolute certainty that it is correct. Probably.

Featured image: The machine vision-based room occupancy system at UoW’s UPL. (Credit: UPL, University of Wisconsin)

hackaday.com/2024/10/24/keepin…

In un mondo sempre più connesso e dipendente dalla tecnologia, non c’è nulla di più frustrante che vedere il proprio dispositivo andare in crash senza preavviso. Ed è esattamente ciò che sta succedendo a molti utenti che hanno provato a installare l’aggiornamento Windows 11 24H2 sui loro laptop ASUS, modelli X415KA e X515KA. Questo non è solo un semplice malfunzionamento: si tratta di veri e propri crash che causano il temuto Blue Screen of Death (BSOD), bloccando i dispositivi in modo definitivo.

Microsoft ha prontamente bloccato l’aggiornamento su questi modelli, segnalando un grave problema di compatibilità hardware che sta portando questi sistemi a un collasso totale. Questa decisione non è stata presa alla leggera: è un tentativo disperato di salvare gli utenti da ore di frustrazione, tentativi falliti di ripristino e potenziali perdite di dati critici.

Il problema non si limita ai soli modelli ASUS, ma coinvolge anche altri dispositivi con driver simili o software specifici che, a causa di incompatibilità, causano il blocco del sistema. Tra i casi riportati, emergono problematiche con app di personalizzazione del wallpaper e altre utility integrate, che possono generare gravi malfunzionamenti. Non si tratta di semplici errori occasionali, ma di una vera e propria carrellata di errori critici, che possono compromettere gravemente il funzionamento dei dispositivi, rendendoli potenzialmente inutilizzabili. Per mitigare il danno, Microsoft ha dovuto adottare una misura estrema: un “safeguard hold”, un blocco preventivo che impedisce temporaneamente l’aggiornamento su dispositivi vulnerabili, per evitare che ulteriori utenti affrontino questi gravi problemi.

Ma perché siamo arrivati a questo punto? Un aggiornamento che avrebbe dovuto portare innovazione e miglioramenti, invece, si è trasformato in un vero incubo per molti utenti. Non è la prima volta che un aggiornamento di Microsoft crea problemi, ma mai così diffusi e devastanti. Gli utenti sono lasciati a chiedersi: vale davvero la pena aggiornare?

Le conseguenze di questi crash non sono da sottovalutare. Per chi usa il PC per lavoro, studio o comunicazione, la perdita dell’accesso al proprio dispositivo è un colpo devastante. E il gigante della tecnologia di Redmond, nonostante le promesse di risoluzione, non ha ancora dettagliato un piano preciso per il rilascio della correzione.

In attesa di una soluzione definitiva, il messaggio è inequivocabile: non aggiornate! Se possedete uno dei modelli ASUS colpiti, evitare l’aggiornamento è cruciale. E se avete già aggiornato, il consiglio è uno solo: ripristinate immediatamente la versione precedente di Windows 11. La situazione va ben oltre un semplice problema tecnico su pochi dispositivi, si tratta di un vero e proprio segnale d’allarme per tutti.

Questa vicenda ci ricorda che, per quanto le nuove versioni del software possano promettere innovazioni e miglioramenti, la stabilità e la sicurezza del sistema devono sempre venire prima di ogni aggiornamento.

L'articolo Microsoft blocca l’aggiornamento Windows 11 24H2 su ASUS: un disastro evitato! proviene da il blog della sicurezza informatica.

Recentemente, Fortinet ha divulgato una vulnerabilità critica, identificata come CVE-2024-47575, che colpisce i sistemi FortiManager.

Si tratta di una vulnerabilità di missing authentication per funzioni critiche [CWE-306] nel demone fgfmd di FortiManager, che potrebbe consentire a un aggressore remoto non autenticato di eseguire codice o comandi arbitrari tramite richieste appositamente predisposte.

Con un punteggio CVSS pari a 9.8, questa falla rappresenta una minaccia significativa per le organizzazioni che utilizzano questi sistemi.

Tale vulnerabilità da quanto emerso dal bollettino di Fortinet, sembrerebbe sia stata sfruttata attivamente dagli attori malevoli. Nel bollettino di Fortinet sono presenti anche specifici indicatori di compromissione IoC.

Fortinet ha rilasciato aggiornamenti di sicurezza per mitigare questa vulnerabilità. Gli utenti sono fortemente incoraggiati a passare alle versioni aggiornate di FortiManager per ridurre il rischio di sfruttamento. Gli aggiornamenti sono fondamentali non solo per correggere le vulnerabilità conosciute, ma anche per garantire una protezione continua contro future minacce.

In aggiunta agli aggiornamenti, Fortinet raccomanda di monitorare attentamente i log di sistema visto che tale falla risulta sotto sfruttamento attivo. Un’analisi attenta può aiutare a rilevare attività sospette che potrebbero indicare un tentativo di sfruttamento della vulnerabilità.

È fondamentale che le aziende comprendano l’importanza di mantenere aggiornati i propri sistemi e di adottare misure proattive per prevenire attacchi informatici. La gestione delle vulnerabilità deve essere parte integrante della strategia di sicurezza informatica di ogni organizzazione, considerando il panorama delle minacce in continua evoluzione.

Infine, Fortinet ha creato una pagina dedicata alla vulnerabilità, dove gli utenti possono trovare ulteriori dettagli e risorse utili. Per maggiori informazioni, puoi visitare il sito di FortiGuard qui.

L'articolo Fortinet Emette un Bollettino per un Bug Critico da 9.8 su FortiManager sotto sfruttamento Attivo proviene da il blog della sicurezza informatica.

What does it take to make decent tires for your projects? According to this 3D printed tire torture test, it’s actually pretty easy — it’s more a question of how well they work when you’re done.

For the test, [Excessive Overkill] made four different sets of shoes for his RC test vehicle. First up was a plain PLA wheel with a knobby tread, followed by an exact copy printed in ABS which he intended to coat with Flex Seal — yes, that Flex Seal. The idea here was to see how well the spray-on rubber compound would improve the performance of the wheel; ABS was used in the hopes that the Flex Seal solvents would partially dissolve the plastic and form a better bond. The next test subjects were a PLA wheel with a separately printed TPU tire, and a urethane tire molded directly to a PLA rim. That last one required a pretty complicated five-piece mold and some specialized urethane resin, but the results looked fantastic.

Non-destructive tests on the tires included an assessment of static friction by measuring the torque needed to start the tire rolling against a rough surface, plus a dynamic friction test using the same setup but measuring torque against increasing motor speed. [Overkill] threw in a destructive test, too, with the test specimens grinding against a concrete block at a constant speed to see how long the tire lasted. Finally, there was a road test, with a full set of each tire mounted to an RC car and subjected to timed laps along a course with mixed surfaces.

Results were mixed, and we won’t spoil the surprise, but suffice it to say that molding your own tires might not be worth the effort, and that Flex Seal is as disappointing as any other infomercial product. We’ve seen other printed tires before, but hats off to [Excessive Overkill] for diving into the data.

youtube.com/embed/A5z4tklTvMQ?…

hackaday.com/2024/10/24/3d-pri…

Recentemente, Fortinet ha divulgato una vulnerabilità critica, identificata come CVE-2023-29163, che colpisce i suoi sistemi operativi FortiOS e FortiProxy.

Si tratta di una vulnerabilità di missing authentication per funzioni critiche [CWE-306] nel demone fgfmd di FortiManager, che potrebbe consentire a un aggressore remoto non autenticato di eseguire codice o comandi arbitrari tramite richieste appositamente predisposte.

Con un punteggio CVSS pari a 9.8, questa falla rappresenta una minaccia significativa per le organizzazioni che utilizzano questi sistemi.

La vulnerabilità è stata scoperta durante le analisi di sicurezza condotte dal team FortiGuard Labs. Tale vulnerabilità da quanto emerso dal bollettino di Fortinet, sembrerebbe sia stata sfruttata attivamente dagli attori malevoli. Nel bollettino di Fortinet sono presenti anche specifici indicatori di compromissione IoC.

Fortinet ha rilasciato aggiornamenti di sicurezza per mitigare questa vulnerabilità. Gli utenti sono fortemente incoraggiati a passare alle versioni patchate di FortiOS (7.2.5, 7.0.12 e altre) per ridurre il rischio di sfruttamento. Gli aggiornamenti sono fondamentali non solo per correggere le vulnerabilità conosciute, ma anche per garantire una protezione continua contro future minacce.

In aggiunta agli aggiornamenti, Fortinet raccomanda di monitorare attentamente i log di sistema visto che tale falla risulta sotto sfruttamento attivo. Un’analisi attenta può aiutare a rilevare attività sospette che potrebbero indicare un tentativo di sfruttamento della vulnerabilità.

È fondamentale che le aziende comprendano l’importanza di mantenere aggiornati i propri sistemi e di adottare misure proattive per prevenire attacchi informatici. La gestione delle vulnerabilità deve essere parte integrante della strategia di sicurezza informatica di ogni organizzazione, considerando il panorama delle minacce in continua evoluzione.

Infine, Fortinet ha creato una pagina dedicata alla vulnerabilità, dove gli utenti possono trovare ulteriori dettagli e risorse utili. Per maggiori informazioni, puoi visitare il sito di FortiGuard qui.

L'articolo Fortinet Emette un Bollettino per un Bug Critico da 9.8 su FortiOS e FortiProxy sotto sfruttamento Attivo proviene da il blog della sicurezza informatica.

Da quasi 24 ore, il sito ufficiale 112.gov.it, dedicato al numero unico di emergenza europeo, è inaccessibile. La causa è legata a un problema con un certificato SSL scaduto, un aspetto che mette in evidenza come anche i sistemi critici possano essere vulnerabili a errori di gestione tecnica.

Ricordiamo che il 112 o centododici, è ufficialmente il numero unico di emergenza europeo (NUE), è il numero telefonico per contattare i servizi di emergenza all’interno dell’Unione europea, attivo (almeno parzialmente) in tutti gli Stati dell’UE.

Questo caso ricorda episodi analoghi, come il recente blocco del servizio di emergenza 112 in Italia, anch’esso dovuto a certificati non aggiornati, come riportato in un articolo di Red Hot Cyber.

Attualmente, il sito 112.gov.it risulta ancora non disponibile, ma il certificato presentato è cambiato nelle ultime ore.

Nonostante la data di emissione rimanga la stessa, lunedì 23 ottobre 2023 alle 10:05:05, il thumbprint del certificato è diverso. Questo nuovo certificato non è stato emesso dalla Certificate Authority R3 di Let’s Encrypt, ma risulta essere un certificato self-signed, ovvero firmato localmente e non da un’autorità di certificazione pubblica.

Il precedente certificato emesso dalla R3può essere visionato qui: crt.sh/?id=10870364701.

Un altro dettaglio interessante riguarda il campo CN (Common Name) del nuovo certificato, che potrebbe rivelare il serial number di un apparato di rete Fortigate, identificato come FG1K2DT918801630.

È possibile che, nel tentativo di ripristinare l’operatività del sito, sia stato caricato un certificato self signed in attesa del rilascio dell’originale da R3, esponendo involontariamente queste informazioni. Sebbene non sembri costituire una vulnerabilità di sicurezza significativa, resta comunque un’informazione potenzialmente sensibile, indice di una gestione non ottimale del ripristino.

Gestione dei certificati web: l’importanza di un approccio rigoroso

La gestione dei certificati SSL/TLS è un aspetto cruciale per la sicurezza e l’affidabilità di un sito web, soprattutto per piattaforme critiche come 112.gov.it, che gestiscono servizi essenziali come il numero unico di emergenza. Un certificato scaduto può portare a interruzioni dei servizi e compromettere la fiducia degli utenti, oltre a esporre il sistema a potenziali attacchi.

Per evitare episodi come quello che ha coinvolto il sito del 112, è fondamentale adottare un approccio rigoroso alla gestione dei certificati. Ecco alcune best practices per garantire una corretta gestione dei certificati web:

1. Monitoraggio automatico della scadenza dei certificati: Utilizzare strumenti che monitorano costantemente i certificati e inviano notifiche automatiche prima della loro scadenza. In questo modo, si può intervenire per tempo senza rischio di downtime imprevisti.
2. Automatizzazione del rinnovo: Integrare soluzioni che supportano il rinnovo automatico dei certificati. Questo processo riduce al minimo l’intervento umano e il rischio di errori, garantendo che i certificati siano sempre aggiornati.
3. Verifica rigorosa dei certificati utilizzati: Assicurarsi che i certificati installati siano quelli corretti e validi. L’uso accidentale di certificati self-signed o errati può esporre informazioni sensibili e compromettere la sicurezza del sistema.
4. Documentazione e audit periodici: Tenere una documentazione aggiornata di tutti i certificati in uso, comprese le date di scadenza e le CA di emissione, e condurre audit regolari per verificare che tutto sia conforme agli standard di sicurezza.
5. Implementazione di certificati con chiavi robuste: Utilizzare certificati che seguono le ultime raccomandazioni di sicurezza, come chiavi crittografiche con lunghezza sufficiente (ad esempio RSA a 2048 bit o superiore) e algoritmi di hashing sicuri come SHA-256.
6. Certificati wildcard o SAN (Subject Alternative Name): Per semplificare la gestione di più domini o sottodomini, l’uso di certificati wildcard o SAN può ridurre il numero di certificati da gestire, mantenendo un alto livello di sicurezza.

Adottando queste pratiche, è possibile evitare interruzioni prolungate dei servizi web e garantire un livello adeguato di sicurezza per i siti critici.

L'articolo Continua l’Emergenza al Sito Web delle Emergenze Europeo 112.gov.it! proviene da il blog della sicurezza informatica.

Gli analisti di Zimperium hanno scoperto 40 nuove versioni del trojan bancario Android TrickMo. Queste varianti sono associate a 16 dropper, 22 diverse infrastrutture di gestione e presentano nuove funzionalità progettate per rubare i codici PIN agli utenti.

Ricordiamo che il malware TrickMo è stato documentato per la prima volta dagli specialisti IBM X-Force nel 2020, ma poi si è ipotizzato che fosse stato utilizzato negli attacchi contro gli utenti Android almeno dal settembre 2019.

Le caratteristiche principali delle nuove versioni di TrickMo sono: intercettazione di password monouso (OTP), registrazione dello schermo, furto di dati, controllo remoto di un dispositivo infetto e molto altro. Il malware tenta di utilizzare il servizio di accessibilità per concedersi ulteriori autorizzazioni e fare clic automaticamente su vari elementi sullo schermo secondo necessità.

Poiché TrickMo è ancora un trojan bancario, utilizza overlay di phishing per imitare le schermate di accesso di varie applicazioni bancarie e finanziarie per rubare le credenziali delle vittime, consentendo così ai suoi operatori di effettuare transazioni non autorizzate.

Va notato che gli overlay TrickMo coprono non solo le applicazioni bancarie, ma anche VPN, piattaforme di streaming, e-commerce, trading, social network, reclutamento e piattaforme aziendali.

Sempre tra gli overlay gli analisti di Zimperium hanno scoperto una schermata di sblocco che imita quella di un dispositivo Android. È progettato per rubare il PIN o la sequenza di un utente.

“Non si tratta di altro che una pagina HTML ospitata su un sito web esterno e visualizzata a schermo intero sul dispositivo, facendolo sembrare uno schermo reale. Quando l’utente inserisce il codice PIN o la sequenza per sbloccare, la pagina trasmette i dati intercettati agli aggressori, nonché un identificatore univoco del dispositivo (ID Android), utilizzando uno script PHP”, scrivono i ricercatori.

Gli analisti hanno spiegato che il furto dei codici PIN consente agli hacker di sbloccare i dispositivi delle vittime quando gli utenti non possono vederli (ad esempio di notte) e commettere attività fraudolente.

I ricercatori hanno scoperto che l’infrastruttura di controllo di TrickMo non era adeguatamente protetta. Grazie a ciò è stato possibile stabilire che almeno 13.000 persone sono già diventate vittime di malware, la maggior parte delle quali vive in Canada, Emirati Arabi Uniti, Turchia e Germania. Va notato che il numero totale delle vittime di TrickMo è probabilmente molto più elevato.

“La nostra analisi ha mostrato che il file dell’elenco degli indirizzi IP viene aggiornato ogni volta che il malware riesce a rubare le credenziali”, ha affermato Zimperium. “Abbiamo trovato milioni di voci in questi file, indicando un gran numero di dispositivi compromessi e una quantità significativa di dati sensibili a cui hanno avuto accesso gli aggressori.”

Attualmente, TrickMo viene distribuito tramite truffe di phishing, quindi gli esperti consigliano di evitare di scaricare file APK da URL ricevuti tramite SMS o messaggi di messaggistica istantanea da sconosciuti.

L'articolo 13.000 Vittime Del Trojan TrickMo: ll Trojan Bancario che Ruba PIN e le Credenziali proviene da il blog della sicurezza informatica.

Molte popolari app iOS e Android contengono credenziali hardcoded e non crittografate per i servizi cloud, inclusi Amazon Web Services (AWS) e Microsoft Azure Blob Storage, avverte Symantec. Di conseguenza, i dati utente e il codice sorgente sono vulnerabili a potenziali aggressori.

I ricercatori spiegano che la fuga di tali chiavi potrebbe fornire agli aggressori l’accesso non autorizzato allo spazio di archiviazione e ai database contenenti dati sensibili e costituisce generalmente una grave violazione della sicurezza. Si noti che le chiavi generalmente finiscono nelle basi di codice dell’applicazione a causa di errori, negligenza e cattive pratiche degli sviluppatori.

“Questa è una situazione pericolosa perché chiunque abbia accesso al codice binario o sorgente delle applicazioni sarà in grado di estrarre queste credenziali e usarle per manipolare o rubare dati, portando a gravi violazioni della sicurezza“, affermano gli esperti.

Gli esperti hanno trovato credenziali dei servizi cloud nelle seguenti applicazioni nel Google Play Store:

• Pic Stitch (oltre 5 milioni di download) – Credenziali Amazon hardcoded;
• Meru Cabs (oltre 5 milioni di download) – Credenziali Amazon hardcoded;
• ReSound Tinnitus Relief (oltre 500.000 download) – Credenziali di archiviazione BLOB di Microsoft Azure codificate;
• Saludsa (oltre 100.000 download): credenziali di archiviazione BLOB di Microsoft Azure hardcoded;
• Chola Ms Break In (oltre 100.000 download) – Credenziali hardcoded di Microsoft Azure Blob Storage;
• EatSleepRIDE GPS per moto (oltre 100.000 download) – credenziali Twilio hardcoded;
• Beltone Tinnitus Calmer (oltre 100.000 download) – Credenziali di archiviazione BLOB di Microsoft Azure hardcoded.

Il codice Pic Stitch
Un problema simile è stato riscontrato in una serie di applicazioni popolari nell’Apple App Store:

• Crumbl (oltre 3,9 milioni di download): credenziali Amazon hardcoded;
• Eureka: guadagna denaro con i sondaggi (oltre 402.100 download) – credenziali Amazon codificate;
• Videoshop – Editor video (oltre 357.900 download) – Credenziali Amazon hardcoded;
• Solitaire Clash: vinci denaro reale (oltre 244.800 download) – Credenziali Amazon hardcoded;
• Zap Surveys – Guadagna denaro facile (oltre 235.000 download) – Credenziali Amazon hardcoded.

Vale la pena notare che l’App Store non elenca il numero di download, ma il numero di download solitamente supera il numero di valutazioni elencate.

I ricercatori spiegano che l’installazione di tali applicazioni, ovviamente, non compromette automaticamente il dispositivo, ma esiste il rischio che gli hacker si impossessino dei dati sensibili degli utenti se gli sviluppatori delle applicazioni non agiscono e risolvono il problema.

Allo stesso tempo, non è la prima volta che gli specialisti Symantec mettono in guardia da questo pericolo. Quindi, nel 2022, i ricercatori hanno scritto di aver scoperto più di 1.800 applicazioni per iOS e Android, il cui codice conteneva le credenziali AWS. Inoltre nel 77% dei casi si trattava di token di accesso validi.

L'articolo Le App Più Popolari contengono le Credenziali di accesso in chiaro dei servizi Cloud! proviene da il blog della sicurezza informatica.

[Sebastian Mihai] is a prolific programmer and hacker with a particular focus on retrocomputing and period games, and this latest hack, adding new gameplay elements to Capcom’s Street Fighter II – Champion Edition, is another great one. [Sebastian] was careful to resist changing the game physics, as that’s part of what makes this game ‘feel’ the way it does, but added some fun extra elements, such as the ability to catch birds, lob barrels at the other player, and dodge fire. The title screen was updated for each of the different versions, so there is no doubt about which was being played. This work was based on their previous hacks to Knights of the Round. Since both games shared the same Capcom CPS-1 hardware, the existing 68000 toolchain could be reused, reducing the overhead for this new series of hacks.
Binary modification program flow
Obviously, without access to the game’s source code, the hacks (all seven of them!) were made by binary modification, first learning about how the original program stores aspects of the game and hacking in a little hand-grafted assembly here and there to sneak in the extra elements without interfering too much with the original code operation. [Sebastian] stripped out some title screen effects to speed boot time and removed some in-game graphics, such as the score and the ‘insert coin’ images, to free up some graphical tiles to reuse for the new elements. [Sebastian] first needed to understand the game code, which meant disassembly and hand annotation of the entire binary, which was done using the MAME debugger. As the linked article demonstrates, saying this is a big task is somewhat of an understatement.

A simple approach was taken to the mods consisting of three types of binary patches. The first, or ‘short circuit’, are simple NOPs inserted to disable subroutine calls or RTS to force an early return in a subroutine. The second type is a blob of code residing in some unused ROM space and storing state in a spare section of RAM. This is where the main parts of the new code reside. Finally, hooks are injected into the code at key locations, which jump into the binary blob where modified behaviour is required. This can do any needed initialisation before returning to the main game logic. Making significant changes to the game would be very hard without any spare space in the system, but we guess you could do it by stripping out other game elements, but [Sebastian] didn’t need to go there. If you’re into retro gaming and particularly modding, then going deeper into [Sebastian]’s homepage will reveal an astonishing number of projects and hacks.

Sometimes, our fond memories of games of old are skewed a little over the years, and the gameplay wasn’t that great in reality. So, what can we do? How about a little Redux, Zelda II style? If you’re really down the rabbit hole of retro hardware, then dealing with all those pesky EPROM chips is getting more difficult these days. To help with that, here’s a modern take on the necessary hardware.

youtube.com/embed/in9bT4JC7k4?…

hackaday.com/2024/10/23/seven-…

The proposed AAPowerLink transmission line between Darwin (Australia) and Singapore. (Credit: Sun Cable)
Recently Singapore’s Energy Market Authority (EMA) granted Sun Cable conditional approval for its transmission line with Australia. Singapore has been faced for years now with the dilemma that its population’s energy needs keep increasing year-over-year, while it has very little space to build out its energy-producing infrastructure, least of all renewables with their massive footprints. This has left Singapore virtually completely dependent on natural gas-burning thermal plants.

With no nearby countries to obtain excess power from as is common in e.g. the EU’s integrated energy market, an idea was floated in 2020 by Australian company Sun Cable for the project, called the Australia-Asia Power Link (AAPL). This would entail two transmission lines:

• the 800 km long DarwinLink to a yet-to-be-built multi-GW, 12,400 hectares solar farm in the Barkly Region of the Northern Territory. This link would be rated for 4 GW of transmission capacity.
• the 4300 km long SingaporeLink HVDC line from Darwin to Singapore, rated for 2 GW (1.75 GW after losses).

Back in 2023 Sun Cable went into voluntary administration after the two billionaires providing venture capital for Sun Cable had disagreements about the company’s ‘funding and direction’. It’s unknown in how far these issues are resolved, even as Singapore’s EMA seems to have given conditional approval to the SingaporeLink transmission line. This comes against the background of Singapore having signed a 30-year nuclear power deal with the US and is exploring the eventual deployment of nuclear power as well as the importing of large quantities of ammonia and (green) hydrogen.

The current planning for the whole Sun Cable project is set for completion by 2035, with construction yet to begin on all three components. There are still many uncertainties to be resolved, as the 1.75 GW that would be provided 24/7 to Singapore would have to be backed up by significant grid-level storage on both sides, which is not an easy problem to solve.

If completed, it would be the world’s longest electricity transmission line, providing enough power for ~9% of Singapore’s 2024 energy needs, and likely far below that by 2035. Naturally, all of these projections are eerily reminiscent of the EU’s continuously revived plans to import solar power and hydrogen from Africa.

Featured image: Senoko natural gas and oil-fired power station, Singapore in 2007. (Credit: Terence Ong)

hackaday.com/2024/10/23/singap…