Daily Archives: 2020-04-14

Medical device “jailbreak” could help solve the dangerous shortage of ventilators

Source: Ars Technica

Article note: Always fun to see what Trammel is up to. This week: They've PoC'd a jailbreak that unlocks all the modes on cheap Airsense CPAP machines, because the only difference between Airsense CPAP, BiPAP, BiPAP-ST, and iVAPS units is firmware lock-outs, it's all the same hardware. The strong suggestion is you shouldn't use it until the vendor and FDA weigh in, but it's amazing how much of tech's margins are pure bullshit.
Medical device “jailbreak” could help solve the dangerous shortage of ventilators

Enlarge (credit: airbreak.dev)

As infections from the ongoing COVID-19 pandemic continue to climb, hospitals around the world are struggling with a potentially fatal shortage of ventilators, the bedside machines that help patients breathe when they’re unable to do so on their own. Meanwhile, hundreds of thousands of lower-grade breathing devices known as continuous positive airway pressure machines sit idle in closets or warehouses because their manufacturers say they can’t perform the same life-saving functions.

Security researcher Trammell Hudson analyzed the AirSense 10—the world’s most widely used CPAP—and made a startling discovery. Although its manufacturer says the AirSense 10 would require “significant rework to function as a ventilator,” many ventilator functions were already built into the device firmware.

Its manufacturer, ResMed, says the $700 device solely functions as a continuous positive airway pressure machine used to treat sleep apnea. It does this by funneling air into a mask. ResMed says the device can’t work as a bilevel positive airway pressure device, which is a more advanced machine that pushes air into a mask and then pulls it back out. With no ability to work in both directions or increase the output when needed, the AirSense 10 can’t be used as the type of ventilator that could help patients who are struggling to breathe. After reverse-engineering the firmware, Hudson says the ResMed claim is simply untrue.

Read 8 remaining paragraphs | Comments

Posted in News | Leave a comment

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Source: Twitter / swiftonsecurity

Article note: Oh ed-tech carpetbaggers. You can always count on them to be incompetent regardless of scale. I'm sure they built a pile of obfuscating tooling, and someone just went ahead and serialized everything to send to the client... including which answer is correct.

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Posted in News | Leave a comment

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Source: Twitter / swiftonsecurity

Article note: Oh ed-tech carpetbaggers. You can always count on them to be incompetent regardless of scale. I'm sure they built a pile of obfuscating tooling, and someone just went ahead and serialized everything to send to the client... including which answer is correct.

“Dad, I found this ‘Inspect Element’ thing in Chrome that lets me see what the answers to the quizzes are in Schoology and Google Classrooms! “There’s this ‘if true’ thing and only one answer has 1 and the others have 0.” So proud. But mebbe the devs cudda obfuscated more?

Posted in News | Leave a comment