“Alexa, Order Everyone In San Diego A Doll House”

Every day it seems there is a new Alexa story in the news, as for the moment the Amazon voice assistant is in the ascendant over its rivals from Google, Apple, and Microsoft. Today’s slice of Alexa weirdness comes courtesy of a newsreader in San Diego, who inadvertently triggered Alexa-enabled devices within hearing distance of a television to buy doll houses when he reported on a Dallas child’s accidental purchase.

It’s unclear whether any doll houses were dispatched or whether the Echos and Dots merely started the process and asked their owners for confirmation, but we hope it serves to draw attention to the risks associated with an always-on and always-listening device. We’ve looked at how the technology has seemingly circumvented the normal privacy concerns of our own community, so it’s hardly surprising that this kind of incident catches the greater public completely unprepared. It’s one thing for the denizens of a hackspace to troll the owner of a Dot by adding embarrassing products to their wish list, but against a less-informed user who hasn’t worked out how to lock down the device’s purchasing abilities, it’s not too far-fetched to imagine a criminal attack.

Voice assistants are clearly going to become a ubiquitous feature of our lives, and it is inevitable that there will be more such unfortunate incidents which will serve to educate the public about their privacy before the technology reaches maturity. This particular story is definitely Not A Hack, though as our “Alexa” tag shows the devices have huge potential to bring a new dimension to our work. It’s up to all of us in our community to ensure that the voice assistant owners in our lives are adequately educated about them, and maybe resist the urge to say “Alexa, add all the Hackaday merchandise to my wish list!”.

Air Conditioner Speaks Serial, Just Like Everything Else

Like so many other home appliances, it’s likely that even your air conditioner has a serial interface buried inside it. If you’re wondering why, it’s because virtually every microcontroller on the planet has a UART built in, and it’s highly useful for debugging during the development process, so it makes sense to use it. Thus, it was only a matter of time before we saw a hacked airconditioner controlled by a Raspberry Pi.

[Hadley] was growing frustrated with the IR remote for his Mitsubishi air conditioner; it can issue commands, but it’s a one way interface – there’s no feedback on current status or whether commands are received, other then the occasional beep or two. Deciding there had to be a better way, [Hadley] grabbed a Saleae Logic Analyser and started probing around, determining that the unit spoke 5 V TTL at 2400 bps with even parity. The next step was to start talking back.

Continue reading “Air Conditioner Speaks Serial, Just Like Everything Else”

Modified Baby Monitor Interrupts Your Groove in Case of Emergency

You try to be good, but the temptation to drown out the noise of parenthood with some great tunes is just too much to resist. The music washes over you, bringing you back to simpler times. But alas, once you plug in the kids started running amok, and now the house is on fire and there’s the cleaning up to do and all that paperwork. Maybe you should have tried modifying a baby monitor to interrupt your music in case of emergency?

Starting with an off-the-shelf baby monitor, [Ben Heck] takes us through the design goals and does a quick teardown of the circuit. A simple audio switching circuit is breadboarded using an ADG436 dual SPDT chip to allow either the baby monitor audio or music fed from your favorite source through to the output. [Ben] wisely chose the path of least resistance to detecting baby noise by using the volume indicating LEDs on the monitor. A 555 one-shot trips for a few seconds when there’s enough noise, which switches the music off and lets you listen in on [Junior]. The nice touch is that all the added components fit nicely in the roomy case and are powered off the monitor’s supply.

Maybe you’d prefer listening to the nippers less than watching them? In that case, this impromptu eye-in-the-sky baby camera might be a better choice.

Continue reading “Modified Baby Monitor Interrupts Your Groove in Case of Emergency”

Humidity Sensor Shootout

If you want to measure humidity (and temperature, and maybe even barometric pressure) in a device that you’re building, have a look at this comprehensive test of seven different options. We’re going to summarize the results here, but you’ll really want to read up on the testing methodology — it’s great science hacking. Did you know about using saturated salt solutions to produce constant humidity levels for calibration? We didn’t.

The eBay hacker favorite, the so-called DHT22 module, doesn’t fare all that well, with one of six that [Robert] tested being basically horrible, and three of them breaking within two years of use. The one that works well, however, is pretty good. Feeling lucky?

The Bosch BME280 looks great. It costs a bit more as a bare part, and a few times more than that when it is mounted on a friendly module, but it seems to be very reliable. And you get a barometer thrown in for the extra work. Indeed, it performed so well that Hackaday contributor [Nava Whiteford] put the part under a scanning electron microscope to figure out what’s going on.

The other sensors were fine, with the HTU21D and SHT71 being standouts for their ultra-fast response. For the full details, go click on that link at the top. Having just installed a sextet of DHT22s in our house last year, we’re left with that sinking feeling that we may have gotten what we paid for, which wasn’t much. At least they’re all still running.

Thanks to [Dodutils] and [mac012345] via comments in another thread.

OWL Insecure Internet of Energy Monitors

[Chet] bought an electricity monitor from OWL, specifically because it was open and easy to hack on at him within the confines of his home network. Yay! Unfortunately, it also appears to be easy to hack read outside of his home network too, due to what appears to be extraordinarily sloppy security practices.

The short version of the security vulnerability is that the OWL energy monitors seem to be sending out their data to servers at OWL, and this data is then accessible over plain HTTP (not HTTPS) and with the following API: http://beta.owlintuition.com/api/electricity/history_overview.php?user=&nowl=&clientdate=. Not so bad, right? They are requiring username and password, plus the ID number of the device. Maybe someone could intercept your request and read your meter remotely, because it’s not encrypting the transaction?

Nope. Much worse. [Chet] discovered that the username and password fields appear not to be checked, and the ID number is the device’s MAC address which makes is very easy to guess at other device IDs. [Chet] tried 256 MACs out, and got 122 responses with valid data. Oh my!

Take this as a friendly reminder and a cautionary tale. If you’re running any IoT devices, it’s probably worth listening to what they’re saying and noting to whom they’re saying it, because every time you send your data off to “the cloud” you’re trusting someone else to have done their homework. It is not a given that they will have.

Comfort Thermometer With Impressive LED Display

A frequent early project for someone learning to use a microcontroller such as an Arduino board involves hooking up a temperature sensor and an LCD display to make a digital thermometer. Not many components are involved, but it provides a handy practical introduction to interfacing peripherals. Once you’ve passed that step in your tech education, do you ever return to thermometers? Probably not, after all what can you add to a thermometer but a sensor and a display?

Perhaps if you have asked yourself that question you might be interested in [Richard Stevens]’s thermometer project, as he refers to it, a Comfort Thermometer Display. It takes the form of an Ikea Ribba frame inset with 517 LEDs arranged as a central set of seven segment displays, a ring of bar graphs, and an outer ring of RGB LEDs. Behind the scenes is a mass of cabling, and four shaped pieces of stripboard to fit the area around the LEDs. The display cycles through readings for temperature, heat index, and humidity.

Powering it all are a brace of microcontrollers: an ATMega328 for the 7-segments and a range of PICs controlling the bar graphs and RGB LEDs. Another PIC handles RF communication with the sensors, which are housed in a remote box. We’ve embedded the video of the device in operation below the break, and we’re sure you’ll agree it’s an impressive piece of work.

Continue reading “Comfort Thermometer With Impressive LED Display”

SST Is A Very Tidy ESP8266 Smart Thermostat

The smart thermostat has become in a way the public face of the Internet of Things. It’s a demonstration that technological uptake by the general public is driven not by how clever the technology is, but by how much use they can see in it. A fridge that offers your recipes or orders more eggs may be a very neat idea, but at street level a device allowing you to turn your heating on at home before you leave work is much cooler. Products like Nest or Hive have started to become part of normal suburban life.

There is no reason though for an IoT thermostat to be a commercial product like the two mentioned. Our subject today demonstrates this; SST is a Wi-Fi smart thermostat using an ESP8266 that can be controlled by an app, thanks to its use of the open-source Souliss IoT Framework.

The build is very well finished, with PCBs, colour display and other components in a neat 3D-printed box. It’s a project that you could put in front of an end-user, it’s finished to such a high standard. Physical entity files are available from the hackaday.io page linked above, while its firmware is available in a GitHub repository. THere is a video showing some of the device’s capabilities, which we’ve put below the break.

Continue reading “SST Is A Very Tidy ESP8266 Smart Thermostat”