Botnet Recall of Things

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to 300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Etching Your Own Metal

It’s been said that with enough soap, one could blow up just about anything. A more modern interpretation of this thought is that with enough knowledge of chemistry, anything is possible. To that end, [Peter] has certainly been doing a good job of putting his knowledge to good use. He recently worked out a relatively inexpensive and easy way to etch metals using some chemistry skill and a little bit of electricity.

After preparing a set of stencils and cleaning the metal work surface, [Peter] sets his work piece in a salt solution. A metal bar is inserted in the other end of the bath, and both it and the work piece are connected to electrodes. The flow of electricity removes some metal from the exposed work surfaces, producing whatever patterns [Peter] wants.

One interesting thing that [Peter] found is that the voltage must stay under 6 volts. This is probably part of the reason it’s relatively easy to etch with even a wall wort. Above that, the iron work piece produces a different ion which can clog the work surface and create undesirable effects. Additionally, since his first experiments with this process he has upgraded the salt bath with magnetic stirrers. He also gets the best results in a very cold environment.

There are many other uses for etching metals, too. Creating your own printed circuit boards comes to mind, but there are plenty of other uses as well. What will you do with this technique?

Hackaday Prize Entry: A Cluster Of Exoskeletons

The current trend of 3D printed prosthetic hands have one rather large drawback: you can’t use them if you already have two hands. This might seem like a glib objection, but one of last week’s Hackaday Prize posts pointed this out rather well – sometimes a meat machine needs mechanical assistance.

BEOWULF, [Chad Paik]’s entry for the Hackaday Prize, is the answer to this problem. It’s a mechanical exoskeleton for grip enhancement, stroke rehabilitation, and anyone else that doesn’t have the strength they need to get through the day.

This project solves the problem of weak arm strength through – you guessed it – 3D-printed parts, a linear actuator on the forearm, and a few force sensors on the fingertips. Control is obtained through a Thalmic Labs Myo, but the team behind the BEOWULF is currently working on a custom muscle activity sensor that is more compact and isn’t beholden to VC investors. You can check out a video of this exoskeleton below.

Continue reading “Hackaday Prize Entry: A Cluster Of Exoskeletons”

A Spreadsheet For Guesswork

Ever wish you could guess more precisely? Or maybe just make your guesses look confusingly legitimate? Guesstimate could help.

It uses Monte Carlo simulations to add some legitimacy to the ranges given to it. For example, if you say the cost of lumber for your next project could be between 2 and 8 dollars a piece, you don’t typically mean that it’s equally likely to be any of those numbers. Most people mean that the boards are most likely to be around 3-5 dollars and everything lower or higher is less probable. Using different shaped distributions, Guesstimate can help include this discrepancy of thought into your pseudo-calculations.

It’s a neat bit of code with a nice interface. There is a commercial side to the project for those who want to collaborate openly or pay someone to host it privately. It has a few neat example models for those interested.

Does anyone use anything like this in their daily lives? Is there another similar project out there? This kind of thing is pretty cool!

What Does ESD Do To My Circuit and How Can I Protect Against It?

[Kevin Darrah] is risking the nerves on his index finger to learn about ESD protection. Armed with a white pair of socks, a microfiber couch, and a nylon carpet, like a wizard from a book he summons electricity from his very hands (after a shuffle around the house). His energy focused on a sacrificial 2N7000 small signal MOSFET.

So what happens to a circuit when you shock it? Does it instantly die in a dramatic movie fashion: smoke billowing towards the roof, sirens in the distance? [Kevin] set up a simple circuit to show the truth. It’s got a button, a MOSFET, an LED, and some vitamins. When you press the button the light turns off.

He shuffles a bit, and with a mini thunderclap, electrocutes the MOSFET. After the discharge the MOSFET doesn’t turn the light off all the way. A shocking development.

So how does one protect against these dark energies out to destroy a circuit. Energies that can seemingly be summoned by anyone with a Walmart gift card? How does someone clamp down on this evil?

[Kevin] shows us how two diodes and a resistor can be used to shunt the high voltage from the electrostatic discharge away from the sensitive components. He also experimentally verifies and elucidates on the purpose of each. The resistor does nothing by itself, it’s there to protect the diodes. The diodes are there to protect the MOSFET.

In the end he had a circuit that could withstand the most vigorous shuffling, cotton socks against nylon carpeting, across his floor. It could withstand the mighty electric charge that only a grown man jumping on his couch can summon. Powerful magics indeed. Video after the break.

Continue reading “What Does ESD Do To My Circuit and How Can I Protect Against It?”

A Glimpse Into The Mind Of A Robot Vacuum Cleaner

What’s going through the mind of those your autonomous vacuum cleaning robots as they traverse a room? There are different ways to find out such as covering the floor with dirt and seeing what remains afterwards (a less desirable approach) or mounting an LED to the top and taking a long exposure photo. [Saulius] decided to do it by videoing his robot with a fisheye lens from near the ceiling and then making a heatmap of the result. Not being satisfied with just a finished photo, he made a video showing the path taken as the room is being traversed, giving us a glimpse of the algorithm itself.

Looking down on the room and robot
Looking down on the room and robot

The robot he used was the Vorwerk VR200 which he’d borrowed for testing. In preparation he cleared the room and strategically placed a few obstacles, some of which he knew the robot wouldn’t get between. He started the camera and let the robot do its thing. The resulting video file was then loaded into some quickly written Python code that uses the OpenCV library to do background subtraction, normalizing, grayscaling, and then heatmapping. The individual frames were then rendered into an animated gif and the video which you can see below.

Continue reading “A Glimpse Into The Mind Of A Robot Vacuum Cleaner”

Dual-boot Your Arduino

There was a time, not so long ago, when all the cool kids were dual-booting their computers: one side running Linux for hacking and another running Windows for gaming. We know, we were there. But why the heck would you ever want to dual-boot an Arduino? We’re still scratching our heads about the application, but we know a cool hack when we see one; [Vinod] soldered the tiny surface-mount EEPROM on top of the already small AVR chip! (Check the video below.)

aAside from tiny-soldering skills, [Vinod] wrote his own custom bootloader for the AVR-based Arduino. With just enough memory to back up the AVR’s flash, the bootloader can shuffle the existing program out to the EEPROM while flashing the new program in. For more details, read the source.

While you might think that writing a bootloader is deep juju (it can be), [Vinod]’s simple bootloader application is written in C, using a style that should be familiar to anyone who has done work with an Arduino. It could certainly be optimized for size, but probably not for readability (and tweakability).

Why would you ever want to dual boot an Arduino? Maybe to be able to run testing and stable code on the same device? You could do the same thing over WiFi with an ESP8266. But maybe you don’t have WiFi available? Whatever, we like the hack and ‘because you can’ is a good enough excuse for us. If you do have a use in mind, post up in the comments!

Continue reading “Dual-boot Your Arduino”