HackPhx Winter 2014 Hackathon Winners

HackPhx 2014

The HackPhx Winter 2014 hackathon was held at Heatsync Labs hackerspace in Mesa, Arizona, USA. The advertised theme was “Arduino Wearables”. Participating attendees were randomly placed on teams evenly distributed by their disclosed skills across all teams. There were 10 teams with 4 to 5 members per team competing for two winning spots.

Each team had to build an amazing wearable project utilizing the secret ingredient which was Seedstudio’s Arduino-compatible Xadow wearable platform and add-ons. The Xadow is similar to the Arduino Leonardo and participants used an Arduino cross compatibility and pin mapping chart to assist in development.

Top prize was the Judges’ prizes for the best completed and documented Xadow wearable team project. The second prize was the Jury’s prize given to the team project that the other teams liked the most regardless of event criteria.

Read more about the winning teams and watch their presentations after the break.

Continue reading “HackPhx Winter 2014 Hackathon Winners”

Use Your Smartphone as a Microscope for Less Than $10

FY4TBHSHMMFBB4V.LARGE[Yoshinok] recently posted an Instructable on doing a $10 smartphone-to-microscope conversion. The hack isn’t so much a conversion as just a handy jig, but it’s still interesting. The basic idea is to set up a platform for the slides, and to mount the smartphone directly above. The trick, and the reason this can be called a microscope, is that [Yoshinok] embeds the lens from a cheap laser pointer into the smartphone holder. He is able to get 40x optical magnification with the lens, and even though it sacrifices quality, he uses the built-in digital zoom to get up to 175x magnification.

By itself, you could use this with a light source to magnify 3D objects. [Yoshinok] demonstrates this with a dime. But since the slide holder is made of clear acrylic, he mounted a cheap LED flashlight in the base to serve as through-sample lighting. Using this setup, he was able to observe the process of plasmolysis.

If you have kids, this is certainly a project to do with them, but we can’t help but think it will be useful for non-parents alike. This sort of magnification is good enough for simple lab experiments, and given that most Hack-a-Day readers have these parts lying around, we figure the cost is closer to $0. If you give it a try, let us know your results in the comments!

Continue reading “Use Your Smartphone as a Microscope for Less Than $10″

Blackhat: iOS device charger exploit installs and activates malware


A team of researchers from Georgia Tech unveiled their findings yesterday at the Blackhat conference. Their topic is a power charger exploit that installs malware on iOS devices. Who would have thought that there’d be a security hole associated with the charging port on a device? Oh wait, after seeing hotel room locks exploited through their power jack this is an avenue that should be examined with all device security.

The demonstration used a charger and an BeagleBoard. Plugging in the charger is not enough to trigger the exploit, the user must unlock the screen while charging for it to go into action. But once that’s done the game is over. Their demo removes the Facebook app and replaces it with an infected impostor while leaving the icon in the same place on your home screen. They notified Apple of their findings and a patch will roll out with iOS7. So when would you plug your device into an untrusted charger? Their research includes a photo from an airport where an iPad is connected to the USB port of a public charging station.

The summary on the Blackhat site has download icons for the white paper and presentation slides. At the time of writing we had a hard time getting them to download but succeeded after several tries.

Headless tethering between Raspberry Pi and iPhone


This hack doesn’t necessarily have a target application. But there’s a lot of potential. It’s a headless setup for tethering your Raspberry Pi to an iPhone. Building sensor arrays that upload to the Internet (live or just to dump its logs)  immediately comes to mind. But we’re sure there are a ton of other applications just waiting to be thought of.

Tethering is pretty simple with the Raspberry Pi. Just install a few packages that are available in the repositories and make a quick configuration file tweak to allow hot-plugging. But this is dependent on the iPhone being mounted and that task is normally only automatic if the GUI is running. To get by without the X desktop [Dave Controy] walks through the ifuse setup to mount the phone from command line. The result is that your RPi will establish a network connect whenever the iPhone is plugged into it, without any intervention from you.

[Thanks Michael]

iOS keyboard exploit allows brute force iPad lock screen attack

It’s quite common to have a timed lockout after entering several bad passwords. This simple form of security makes automated brute force attacks unfeasible by ballooning the time it would take to try every possible permutation. The lock screen on iOS devices like iPad and iPhone have this built in. Enter your code incorrectly several times and the system will make you wait 1, 5, 15, and 60 minutes between entries as you keep inputting the wrong code. But there is an exploit that gets around this. [Pierre Dandumont] is showing off his hardware-based iPad lock screen attack in the image above.

He was inspired to try this out after reading about some Mac EFI attacks using the Teensy 3. That approach used the microcontroller to spoof a keyboard to try every PIN combination possible. By using the camera kit for iPad [Pierre] was able to do the same. This technique lets you connect wired keyboards to the iPad, but apparently not the iPhone. A bluetooth keyboard can also be used. These external keyboards get around the timing lockout associated with the virtual lockscreen keyboard.

We’re of the opinion that this is indeed a security vulnerability. If you forget your passcode you can simply restore the device to remove it. That wipes all of your personal data which can then be loaded from an iTunes backup. Lockscreens are paramount if a device is stolen. They will give you the time you need to change any online credentials which might be remembered by the device.

Continue reading “iOS keyboard exploit allows brute force iPad lock screen attack”

Complicated iPhone garage door opener


The round-about way this iPhone garage door opener was put together borders on Rube Goldberg. But it does indeed get the job done so who are we to judge? Plus you have to consider that the Apple products aren’t quite as hacker friendly as, say, Android phones — so this may have been the easiest non-Jailbreak way.

The main components that went into it are the iPhone, a Wemo WiFi outlet, and a 110V rated mechanical relay. But wait, surely it can’t be that simple? You’re correct, just for added subterfuge [Tall-drinks] rolled IFTTT into the mix.

You may remember hearing about If This Then That from the Alert Tube project. It’s a web-based natural language scripting service. Throw everything together and it works like this: The iPhone sends a text message which IFTTT converts to a Wemo command. A power cord connects the Wemo outlet to the 110V electrodes on the relay. The normally open connection of the relay is attached to the same screw terminals of the garage door opener as the push button that operates it. When the relay closes, the garage door goes up or down.

The biggest problem we have with this is the inability to know if your garage door is open or closed.

Vine app hack on iPhone makes time-lapse movies


The Vine app is all the rage these days. It lets you shoot six-second videos on your iPhone and easily post them on the Internet. The problem is that [Sean Hodgins] doesn’t find the time limit to be useful for traditional video. But you can cram a lot more info into a half-dozen seconds if you make it a time-lapse video. The rig above is his solution to making the Vine app act as a time-lapse recorder.

The trick is in how the app itself works. It only records video when you’re touching the screen. So you record one second of video, then remove your finger and it ‘pauses’ the recording until you’re ready for the next scene. [Sean] automated this by adding a servo motor and a stylus. An Arduino drives the servo, making quick taps on the screen to get as many different frames into the six seconds as possible. He had a bit of trouble registering quick taps at first. His solution was to inject 3.3V into the stylus he gutted for the project. Click through the link above to see some example videos, or watch this embedded video to see the hardware at work:

Continue reading “Vine app hack on iPhone makes time-lapse movies”