Amazon Gets a Patent For Parachute Labels

Delivery by drone is a reality and Amazon has been pursuing better and faster methods of autonomous package delivery. The US Patent and Trademark Office just issued a patent to Amazon for a shipping label that has an embedded parachute to ensure soft landings for future deliveries.

The patent itself indicates the construction consisting of a set of cords and a harness and the parachute itself is concealed within the label. The label will come in various shapes and sizes depending upon the size of the package and is designed to “enable the workflow process of shipping and handling to remain substantially unchanged”. This means they are designed to look and be used just like a normal printed label.

The objective is to paradrop your next delivery and by the looks of the patent images, they plan to use it for everything from eggs to the kitchen sink. Long packages will employ multiple labels with parachutes which will then be monitored using the camera and other sensors on the drone itself to monitor descent.

The system will reduce the time taken per delivery since the drone will no longer have to land and take off. Coupled with other UAV delivery patents, Amazon may be looking at more advanced delivery techniques. With paradrops, the drone need not be a multi rotor design and the next patent may very well be a mini trajectory correction system for packages.

If they come to fruition we wonder how easy it will be to get your hands on the labels. Materials and manufacture should both be quite cheap — this has already been proven by the model rocket crowd, and to make the system viable for Amazon it would have to be put into widespread use which brings to bear an economy of scale. We want to slap them on the side of beer cans as an upgrade to the catapult fridge.

Formlabs Announces a Desktop SLS 3D Printer

Formlabs have just announced the Fuse 1 — a selective laser sintering (SLS) 3D printer that creates parts out of nylon. Formlabs is best known for their Form series of resin-based SLA 3D printers, and this represents a very different direction.

SLS printers, which use a laser to sinter together models out of a powder-based material, are not new but have so far remained the domain of Serious Commercial Use. To our knowledge, this is the first time an actual SLS printer is being made available to the prosumer market. At just under 10k USD it’s definitely the upper end of the prosumer market, but it’s certainly cheaper than the alternatives.

The announcement is pretty light on details, but they are reserving units for a $1000 deposit. A few things we can throw in about the benefits of SLS: it’s powder which is nicer to clean up than resin printers, and parts should not require any kind of curing. The process also requires no support material as the uncured powder will support any layers being cured above it. The Fuse 1’s build chamber is 165 x 165 x 320 mm, and can be packed full of parts to make full use of the volume.

In the past we saw a detailed teardown of the Form 2 which revealed excellent workmanship and attention to detail. Let’s hope the same remains true of Formlabs’ newest offering.

Impression Products V. Lexmark International: A Victory For Common Sense

A few months ago we reported on a case coming before the United States Supreme Court that concerned recycled printer cartridges. Battling it out were Impression Products, a printer cartridge recycling company, and Lexmark, the printer manufacturer. At issue was a shrinkwrap licence on inkjet cartridges — a legal agreement deemed to have been activated by the customer opening the cartridge packaging — that tied a discounted price to a restriction on the cartridge’s reuse.

It was of concern to us because of the consequences it could have had for the rest of the hardware world, setting a potential precedent such that any piece of hardware could have conditions still attached to it when it has passed through more than one owner, without the original purchaser being aware of agreeing to any legal agreement. This would inevitably have a significant effect on the work of most Hackaday readers, and probably prohibit many of the projects we feature.

We are therefore very pleased to see that a few days ago the Supremes made their decision, and as the EFF reports, it went in favor of Impression Products, and us, the consumer.  In their words, when a patent owner:

…chooses to sell an item, that product is no longer within the limits of the monopoly and instead becomes the private individual property of the purchaser, with the rights and benefits that come along with ownership.

In other words, when you buy a printer cartridge or any other piece of hardware, it is yours to do with as you wish. Continue reading “Impression Products V. Lexmark International: A Victory For Common Sense”

Hijacking the Sonoff OTA Mechanism

ITEAD’s Sonoff line is a range of Internet-of-Things devices based around the ESP8266. This makes them popular for hacking due to their accessibility. Past projects have figured out how to reflash the Sonoff devices, but for [mirko], that wasn’t enough – it was time to reverse engineer the Sonoff Over-The-Air update protocol.

[mirko]’s motivation is simple enough – a desire for IoT devices that don’t need to phone home to the corporate mothership, combined with wanting to avoid the labor of cracking open every Sonoff device to reflash it with wires like a Neanderthal. The first step involved connecting the Sonoff device to WiFi and capturing the traffic. This quickly turned up an SSL connection to a remote URL. This was easily intercepted as the device doesn’t do any certificate validation – but a lack of security is sadly never a surprise on the Internet of Things.

After capturing the network traffic, [mirko] set about piecing together the protocol used to execute the OTA updates. After a basic handshake between client and server, the server can ask the client to take various actions – such as downloading an updated firmware image.  After determining the messaging format, [mirko] sought to create a webserver in Python to replicate this behaviour.

There are some pitfalls – firmware images need to be formatted slightly differently for OTA updates versus the usual serial upload method, as this process leaves the stock bootloader intact. There’s also the split-partition flash storage system to deal with, which [mirko] is still working on.

Nevertheless, it’s great to see hackers doing what they do best – taking control over hardware and software to serve their own purposes. To learn more, why not check out how to flash your Sonoff devices over serial? They’re just an ESP8266 inside, after all.

Microchip’s PIC32MZ DA — The Microcontroller With A GPU

When it comes to displays, there is a gap between a traditional microcontroller and a Linux system-on-a-chip (SoC). The SoC that lives in a smartphone will always have enough RAM for a framebuffer and usually has a few pins dedicated to an LCD interface. Today, Microchip has announced a microcontroller that blurs the lines between what can be done with an SoC and what can be done with a microcontroller. The PIC32MZ ‘DA’ family of microcontrollers is designed for graphics applications and comes with a boatload of RAM and a dedicated GPU.

The key feature for this chip is a boatload of RAM for a framebuffer and a 2D GPU. The PIC32MZ DA family includes packages with 32 MB of integrated DRAM designed to be used as framebuffers. Support for 24-bit color on SXGA (1280 x 1024) panels is included. There’s also a 2D GPU in there with support for sprites, blitting, alpha blending, line drawing, and filling rectangles. No, it can’t play Crysis — just to get that meme out of the way — but it is an excellent platform for GUIs.

Continue reading “Microchip’s PIC32MZ DA — The Microcontroller With A GPU”

Radio Controlled Pacemakers Are Easily Hacked

Doctors use RF signals to adjust pacemakers so that instead of slicing a patient open, they can change the pacemakers parameters which in turn avoids unnecessary surgery. A study on security weaknesses of pacemakers (highlights) or full Report (PDF) has found that pacemakers from the main manufacturers contain security vulnerabilities that make it possible for the devices to be adjusted by anyone with a programmer and proximity. Of course, it shouldn’t be possible for anyone other than medical professionals to acquire a pacemaker programmer. The authors bought their examples on eBay.

They discovered over 8,000 known vulnerabilities in third-party libraries across four different pacemaker programmers from four manufacturers.  This highlights an industry-wide problem when it comes to security. None of the pacemaker programmers required passwords, and none of the pacemakers authenticated with the programmers. Some home pacemaker monitoring systems even included USB connections in which opens up the possibilities of introducing malware through an infected pendrive.

The programmers’ firmware update procedures were also flawed, with hard-coded credentials being very common. This allows an attacker to setup their own authentication server and upload their own firmware to the home monitoring kit. Due to the nature of the hack, the researchers are not disclosing to the public which manufacturers or devices are at fault and have redacted some information until these medical device companies can get their house in order and fix these problems.

This article only scratches the surface for an in-depth look read the full report. Let’s just hope that these medical companies take action as soon as possible and resolve these issue’s as soon as possible. This is not the first time pacemakers have been shown to be flawed.

Hacked by Subtitles

CheckPoint researchers published in the company blog a warning about a vulnerability affecting several video players. They found that VLC, Kodi (XBMC), Popcorn-Time and strem.io are all vulnerable to attack via malicious subtitle files. By carefully crafting a subtitles file they claim to have managed to take complete control over any type of device using the affected players when they try to load a video and the respective subtitles.

According to the researchers, things look pretty grim:

We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years. (…) Each of the media players found to be vulnerable to date has millions of users, and we believe other media players could be vulnerable to similar attacks as well.

One of the reasons you might want to make sure your software is up to date is that some media players download subtitles automatically from several shared online repositories. An attacker, as the researchers proved, could manipulate the website’s ranking algorithm and not only would entice more unsuspecting users to manually download his subtitles,  but would also guarantee that his crafted malicious subtitles would be those automatically downloaded by the media players.

No additional details were disclosed yet about how each video player is affected, although the researchers did share the details to each of the software developers so they can tackle the issue. They reported that some of the problems are already fixed in their current versions, while others are still being investigated. It might be a good idea to watch carefully and update your system before the details come out.

Meanwhile, we can look at the trailer:

Continue reading “Hacked by Subtitles”