Jukebox Gets Raspberry Pi Update, but It’s Not for Streaming

Here’s a retro-electronic rehab with a twist. Normally we’d expect a jukebox Raspberry Pi project to replace the obsolete electromechanical guts with streamed music, but an intact jukebox with a Raspberry Pi remote control is a nice change.

Old-time jukes like [revnhoj]’s 1954 AMI F120 are electromechanical marvels. Stocked with 60 45-rpm discs in a horizontal rack, an arm mounted on a track would retrieve the correct disc and place it on the turntable to play the selected song. The unit in the video below was the main jukebox, which supported “wall boxes” mounted at booths so patrons could select tunes without leaving their tables. [revnhoj] simulated a wall box with a Raspberry Pi connected to the original wall box interface through relays. The Pi serves up a GUI that can be accessed via a tablet, the correct contacts are tickled, and [revnhoj]’s collection of 45s is played through the original mechanism and amplifier, in all its “Sonoramic Sound” majesty. It’s a pretty neat hack that adds new functionality while being true to the original platform.

The chatter on the reddit thread where we spotted this hack was trending toward adding streaming audio, but we truly hope the juke stays intact and serving only vinyl. We’ve seen jukeboxes gutted before, and while it might make sense for some, we like the old school approach better.

Continue reading “Jukebox Gets Raspberry Pi Update, but It’s Not for Streaming”

33C3: Understanding Mobile Messaging and its Security

If you had to explain why you use one mobile messaging service over another to your grandmother, would you be able to? Does she even care about forward secrecy or the difference between a private and public key is? Maybe she would if she understood the issues in relation to “normal” human experiences: holding secret discussions behind closed doors and sending letters wrapped in envelopes.

Or maybe your grandmother is the type who’d like to completely re-implement the messaging service herself, open source and verifiably secure. Whichever grandma you’ve got, she should watch [Roland Schilling] and [Frieder Steinmetz]’s talk where they give both a great introduction into what you might want out of a secure messaging system, and then review what they found while tearing apart Threema, a mobile messaging service that’s popular in Germany. Check out the slides (PDF). And if that’s not enough, they provided the code to back it up: an open workalike of the messaging service itself.

This talk makes a great introduction, by counterexample, to the way that other messaging applications work. The messaging service is always in the middle of a discussion, and whether they’re collecting metadata about you and your conversations to use for their own marketing purposes (“Hiya, Whatsapp!”) or not, it’s good to see how a counterexample could function.

The best quote from the talk? “Cryptography is rarely, if ever, the solution to a security problem. Cryptography is a translation mechanism, usually converting a communications security problem into a key management problem.” Any channel can be made secure if all parties have enough key material. The implementation details of getting those keys around, making sure that the right people have the right keys, and so on, are the details in which the devil lives. But these details matter, and as mobile messaging is a part of everyday life, it’s important that the workings are transparently presented to the users. This talk does a great job on the demystification front.

Adding MIDI Out to the Casio PX410R

Since the 1980s, MIDI has been a great way to send data between electronic musical instruments. Beginning as a modified serial interface running through optoisolaters and DIN sockets, these days, your hardware is more likely to carry its MIDI data over USB instead. This is great if you want to hook up to a computer without a cumbersome interface, but not so great when you want to connect a bunch of instruments to each other.

The Roland Integra 7 is a rack mount synthesizer with classic MIDI ports. [adriangin] wanted to control the synthesizer over MIDI, but their Casio keyboard only had MIDI over USB available. To get around this, [adriangin] set out to add a standard MIDI Out port to the Casio PX410R.

Continue reading “Adding MIDI Out to the Casio PX410R”

33C3: Breaking IoT Locks

Fast-forward to the end of the talk, and you’ll hear someone in the audience ask [Ray] “Are there any Bluetooth locks that you can recommend?” and he gets to answer “nope, not really.” (If this counts as a spoiler for a talk about the security of three IoT locks at a hacker conference, you need to get out more.)

btle_lockUnlocking a padlock with your cellphone isn’t as crazy as it sounds. The promise of Internet-enabled locks is that they can allow people one-time use or limited access to physical spaces, as easily as sending them an e-mail. Unfortunately, it also opens up additional attack surfaces. Lock making goes from being a skill that involves clever mechanical design and metallurgy, to encryption and secure protocols.

master_jtagIn this fun talk, [Ray] looks at three “IoT” locks. One, he throws out on mechanical grounds once he’s gotten it open — it’s a $100 lock that’s as easily shimmable as that $4 padlock on your gym locker. The other, a Master lock, has a new version of a 2012 vulnerability that [Ray] pointed out to Master: if you move a magnet around the outside the lock, it actuates the motor within, unlocking it. The third, made by Kickstarter company Noke, was at least physically secure, but fell prey to an insecure key exchange protocol.

Along the way, you’ll get some advice on how to quickly and easily audit your own IoT devices. That’s worth the price of admission even if you like your keys made out of metal instead of bits. And one of the more refreshing points, given the hype of some IoT security talks these days, was the nuanced approach that [Ray] took toward what counts as a security problem because it’s exploitable by someone else, rather than vectors that are only “exploitable” by the device’s owner. We like to think of those as customization options.

Open Source Art Encourages Society to Think Inclusively

Kate Reed has a vision for elevating the less talked about parts of ourselves, and of society. Through her art, she wants people to think about a part of themselves that makes them feel invisible, and to anonymously share that with the community around them. The mechanism for this is Invisible, a campaign to place translucent sculptures in public places around the world. The approach that she has taken to the project is very interesting — she’s giving the art away to empower the campaign. Check out her talk from the Hackaday SuperConference.

Continue reading “Open Source Art Encourages Society to Think Inclusively”

Review: Digilent Analog Discovery 2

I recently opened the mailbox to find a little device about the size of White Castle burger. It was an “Analog Discovery 2” from Digilent. It is hard to categorize exactly what it is. On the face of it, it is a USB scope and logic analyzer. But it is also a waveform generator, a DC power supply, a pattern generator, and a network analyzer.

I’ve looked at devices like this before. Some are better than others, but usually all the pieces don’t work well at the same time. That is, you can use the scope or you can use the signal generator. The ones based on microcontrollers often get worse as you add channels even. The Analog Discovery 2 is built around an FPGA which, if done right, should get around many of the problems associated with other small instrumentation devices.

I’d read good things about the Discovery 2, so I was anxious to put it through its paces. I will say it is an impressive piece of gear. There are a few things that I was less happy with, though, and I’ll try to give you a fair read on what I found both good and bad.

Continue reading “Review: Digilent Analog Discovery 2”

Police Want Alexa Data; People Begin to Realize It’s Listening

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.