IoT-ify All Things: LG Has Gone Overboard

If you been following Hackaday lately, you’ve surely noticed an increased number of articles about IoT-ifying stuff. It’s a cool project to take something old (or new) and improve its connectivity, usually via WiFi, making it part of the Internet of Things. Several easy to use modules, in particular the ESP8266, are making a huge contribution to this trend. It’s satisfactory to see our homes with an ESP8266 in every light switch and outlet or to control our old stereo with our iPhone. It gives us a warm fuzzy feeling. And that’s completely fine for one’s personal projects.

But what happens when this becomes mainstream? When literally all our appliances are ‘connected’ in the near future? The implications might be a lot harder to predict than expected. The near future, it seems, starts now.

This year, at CES, LG Electronics (LG) has introduced Smart InstaView™, a refrigerator that’s powered by webOS smart platform and integrated with Amazon’s Alexa Voice Service.

… with webOS, consumers can also explore a host of WiFi-enabled features directly on the refrigerator, creating a streamlined and powerful food management system all housed directly on the front of the fridge door. Amazon’s Alexa Voice Service gives users access to an intelligent personal assistant that, in addition to searching recipes, can play music, place Prime-eligible orders from Amazon.com…

This is ‘just’ a fridge. There are other WiFi-enabled appliances by now, so what?  Apparently, during the LG press conference last Wednesday, the company marketing VP David VanderWaal said that from 2017 on, all of LG’s home appliances will feature “advanced Wi-Fi connectivity”.

Notice the word advanced, we wonder what that means? Will ‘advanced’ mean complicated? Mesh? Secure? Intelligent? Will our toaster finally break the Internet and ruin it for everyone by the end of the year? Will the other big players in the home appliances market jump in the WiFi wagon? We bet the answer is yes.

Here be dragons.

[via Ars Technica]

CES2017: Astrophotography In The Eyepiece

If you’ve never set up a telescope in your back yard, you’ve never been truly disappointed. The Hubble can take some great shots of Saturn, nebulae, and other astronomical phenomena, but even an expensive backyard scope produces only smudges. To do astronomy properly, you’ll spend your time huddled over a camera and a computer, stacking images to produce something that almost lives up to your expectations.

At CES, Unistellar introduced a device designed to fit over the eyepiece of a telescope to do all of this for you.

According to the guys at Unistellar, this box contains a small Linux computer, camera, GPS, and an LCD. Once the telescope is set up, the module takes a few pictures of the telescope’s field of view, stacks the images, and overlays the result in the eyepiece. Think of this as ‘live’ astrophotography.

In addition to making Jupiter look less like a Great Red Smudge, the Unistellar module adds augmented reality; it knows where the telescope is pointing and will add a label if you’re looking at any astronomical objects of note.

While I wasn’t able to take a look inside this extremely cool device, the Unistellar guys said they’ll be launching a crowdfunding campaign in the near future.

“Alexa, Order Everyone In San Diego A Doll House”

Every day it seems there is a new Alexa story in the news, as for the moment the Amazon voice assistant is in the ascendant over its rivals from Google, Apple, and Microsoft. Today’s slice of Alexa weirdness comes courtesy of a newsreader in San Diego, who inadvertently triggered Alexa-enabled devices within hearing distance of a television to buy doll houses when he reported on a Dallas child’s accidental purchase.

It’s unclear whether any doll houses were dispatched or whether the Echos and Dots merely started the process and asked their owners for confirmation, but we hope it serves to draw attention to the risks associated with an always-on and always-listening device. We’ve looked at how the technology has seemingly circumvented the normal privacy concerns of our own community, so it’s hardly surprising that this kind of incident catches the greater public completely unprepared. It’s one thing for the denizens of a hackspace to troll the owner of a Dot by adding embarrassing products to their wish list, but against a less-informed user who hasn’t worked out how to lock down the device’s purchasing abilities, it’s not too far-fetched to imagine a criminal attack.

Voice assistants are clearly going to become a ubiquitous feature of our lives, and it is inevitable that there will be more such unfortunate incidents which will serve to educate the public about their privacy before the technology reaches maturity. This particular story is definitely Not A Hack, though as our “Alexa” tag shows the devices have huge potential to bring a new dimension to our work. It’s up to all of us in our community to ensure that the voice assistant owners in our lives are adequately educated about them, and maybe resist the urge to say “Alexa, add all the Hackaday merchandise to my wish list!”.

CES17: Arduino Unveils LoRa Modules For The Internet Of Things

WiFi and Bluetooth were never meant to be the radios used by a billion Internet of Things hats, umbrellas, irrigation systems, or any other device that makes a worldwide network of things interesting. The best radio for IoT is something lightweight which operates in the sub-Gigahertz range, doesn’t need a lot of bandwidth, and doesn’t suck down the power like WiFi. For the last few years, a new low-power wireless communication standard has been coming on the scene, and now this protocol — LoRa — will soon be available in an Arduino form factor.

The Primo, and NRF

It’s not LoRa, but the Arduino Primo line is based on the ESP8266 WiFi chip and a Nordic nRF52832 for Bluetooth. The Primo comes in the ever-familiar Arduino form factor, but it isn’t meant to be an ‘Internet of Things’ device. Instead, it’s a microcontroller for devices that need to be on the Internet.

Also on display at CES this year is the Primo Core which we first saw at BAMF back in May. It’s a board barely larger than a US quarter that has a few tricks up its sleeve. The Primo Core is built around the nRF52832, and adds humidity, temperature, 3-axis magnetometer and a 3-axis accelerometer to a square inch of fiberglass.

The Primo Core has a few mechanical tricks up its sleeve. Those castellated pins around the circumference can be soldered to the Alice Pad, a breakout board that adds a USB port and LiPo battery charger.

LoRa

Also on deck at the Arduino suite were two LoRa shields. In collobration with Semtech, Arduino will be releasing the pair of LoRa shields later this year. The first, the Node Shield, is about as simple as it can get — it’s simply a shield with a LoRa radio and a few connectors. The second, the Gateway Shield, does what it says on the tin: it’s designed to be a gateway from other Arduino devices (Ethernet or WiFi, for example) to a Node shield. The boards weren’t completely populated, but from what I could see, the Gateway shield is significantly more capable with support for a GPS chipset and antenna.

A partnership with Cayenne and MyDevices

Of course, the Internet of Things is worthless if you can’t manage it easily. Arduino has struck up a partnership with MyDevices to turn a bunch of low-bandwidth radio and serial connections into something easy to use. Already, we’ve seen a few builds and projects using MyDevices, but the demos I was shown were extremely easy to understand, even if there were far too many devices in the room.

All of this is great news if you’re working on the next great Internet of Things thing. The Primo Core is one of the smallest wireless microcontroller devices I’ve seen, and the addition of LoRa Arduino shields means we may actually see useful low-bandwidth networks in the very near future.

2016: As The Hardware World Turns

Soon, the ball will drop in Times Square, someone will realize you can turn ‘2018’ into a pair of novelty sunglasses, and the forgotten mumbled lyrics of Auld Lang Syne will echo through New Year’s Eve parties. It’s time once again to recount the last 366 days, and what a year it’s been.

Arduino got into an argument with Arduino and Arduino won. We got new Raspberry Pis. Video cards are finally getting to the point where VR is practical. The FCC inadvertently killed security in home routers before fixing the problem. All of this is small potatoes and really doesn’t capture the essence of 2016. It’s been a weird year.

Want proof 2016 was different? This year, Microsoft announced they would provide a Linux ‘shim’ with every version of Windows. By definition, 2016 was the year of the Linux desktop. That’s how weird things have been in 2016.

Continue reading “2016: As The Hardware World Turns”

Little Bobby Tables Just Registered a Company…

Sometimes along comes a tech story that diverges from our usual hardware subject matter yet which just begs to be shared with you because we think you will find it interesting and entertaining.

XKCD 327, Exploits of a Mom (CC BY-NC 2.5).
XKCD 327, Exploits of a Mom (CC BY-NC 2.5).

You will no doubt be familiar with the XKCD cartoon number 327, entitled “Exploits of a Mom”, but familiarly referred to as “[Bobby Tables]”. In it a teacher is ringing the mother of little [Robert’); DROP TABLE Students; –], whose name has caused the loss of a year’s student records due to a badly sanitized database input. We’ve all raised a chuckle at it, and the joke has appeared in other places such as an improbably long car license plate designed to erase speeding tickets.

It's nice to see that Companies House sanitise their database inputs.
It’s nice to see that Companies House sanitise their database inputs.

Today we have a new twist on the Bobby Tables gag, for someone has registered a British company with the name  “; DROP TABLE “COMPANIES”;– LTD“. Amusingly the people at Companies House have allowed the registration to proceed, so either they get the joke too or they are unaware of the nuances of a basic SQL exploit. It’s likely that if this name leaves Her Majesty’s civil servants with egg on their faces it’ll be swiftly withdrawn, so if that turns out to be the case then at least we’ve preserved it with a screenshot.

Of course, the chances of such a simple and well-known exploit having any effect is minimal. There will always be poor software out there somewhere  that contains badly sanitized inputs, but we would hope that a vulnerability more suited to 1996 would be vanishingly rare in 2016.

If by some chance you haven’t encountered it before we’d recommend you read about database input sanitization, someday it may save you from an embarrassing bit of code. Meanwhile we salute the owner and creator of this new company for giving us a laugh, and wish them every success in their venture.

Police Want Alexa Data; People Begin to Realize It’s Listening

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.