Car Idle Alarm Helps You Stop Wasting Gas While Tweeting

[TVMiller] has a bone to pick with you if you let your car idle while you chat or text on your phone. He doesn’t like it, and he wants to break you of this wasteful habit – thus the idle-deterrence system he built that he seems to want on every car dashboard.

In the video below, the target of his efforts is clear – those who start the car then spend time updating Twitter or Instagram. His alarm is just an Arduino Nano that starts a timer when the car is started. Color-coded LEDs mark the time, and when the light goes red, an annoying beep starts to remind you to get on with the business of driving. The device also includes an accelerometer that resets the timer when the vehicle is in motion; the two-minute timeout should keep even the longest stop light from triggering the alarm.

[TVMiller] plans an amped-up version of the device built around an MKR1000 that will dump idle to moving ratios and other stats to the cloud. That’s a little too Big Brother for our tastes, but we can see his point about how wasteful just a few minutes of idling can be when spread over a huge population of vehicles. This hack might make a nice personal reminder to correct wasteful behavior. It could even be rolled into something that reads the acceleration and throttle position directly from the OBD port, like this Internet of Cars hack we featured a while back.

Continue reading “Car Idle Alarm Helps You Stop Wasting Gas While Tweeting”

Breaking SimpliSafe Security Systems With Software Defined Radio

The SimpliSafe home security system is two basic components, a keyboard and a base station. Sensors such as smoke detectors, switches, and motion sensors can be added to this system, all without a wired installation. Yes, this security system is completely wireless. Yes, you can still buy a software defined radio for ten dollars. Yes, the device has both “simple” and “safe” in its name. We all know where this is going, right?

Last week, [Andrew Zonenberg] at IOActive published a security vulnerability for the SimpliSafe wireless home security system. As you would expect from an off-the-shelf, wireless, DIY security system, the keypad and base station use standard 433 MHz and 315 MHz ISM band transmitters and receivers. [Dr. Zonenberg]’s attack on the system didn’t use SDR; instead, test points on the transmitters were tapped and messages between the keypad and base station were received in cleartext. When the correct PIN is entered in the keypad, the base station replies with a ‘PIN entered’ packet. Replaying this packet with a 433 MHz transmitter will disable the security system.

[Michael Ossmann] took this one step further with a software defined radio. [Ossmann] used a HackRF One to monitor the transmissions from the keypad and turned to a cheap USB SDR dongle to capture packets. Replaying keypad transmissions were easy, but with a little bit more work new attacks can be found. The system can be commanded to enter test mode even when the system is armed bypassing notifications to the owner.

It’s a hilarious failure of wireless security, especially given the fact that this exploit can be performed by anyone with $100 in equipment. With a little more effort, an attacker can execute a PIN replay from a mile away. Sadly, failures of security of this magnitude are becoming increasingly common. There will assuredly be more attacks of this kind in the future, at least until hardware manufacturers start taking the security (of their security products) seriously.

Puzzle Alarm Clock Gets Couple Up In The Morning

[BrittLiv] and her boyfriend got in one too many fights about who set the alarm. It’s the only argument they seem to repeat. So, true to her nature as an engineer, she over-engineered. The result was this great puzzle alarm clock.

The time displayed on the front is not the current time. Since the argument was about alarm times in the first place, [BrittLiv] decided the most prominent number should be the next alarm. To hear the time a button (one of the dots in the colon) must be pressed on the front of the clock. To set the alarm, however, one must manually move the magnetized segments to the time you’d like to get up. Processing wise, for a clock, it’s carrying some heat. It runs on an Intel Edison, which it uses to synthesize a voice for the time, news, weather, and, presumably, tweets. It sounds great, check it out after the break.

All in all the clock looks great, and works well too. We hope it brought peace to [BrittLiv]’s household.

Continue reading “Puzzle Alarm Clock Gets Couple Up In The Morning”

Hacker Uncovers Security Holes at CSL Dualcom

CSL Dualcom, a popular maker of security systems in England, is disputing claims from [Cybergibbons] that their CS2300-R model is riddled with holes. The particular device in question is a communications link that sits in between an alarm system and their monitoring facility. Its job is to allow the two systems to talk to each other via internet, POT lines or cell towers. Needless to say, it has some heavy security features built in to prevent alarm_01tampering. It appears, however, that the security is not very secure. [Cybergibbons] methodically poked and prodded the bits and bytes of the CS2300-R until it gave up its secrets. It turns out that the encryption it uses is just a few baby steps beyond a basic Caesar Cipher.

A Caesar Cipher just shifts data by a numeric value. The value is the cipher key. For example, the code IBDLBEBZ is encrypted with a Caesar Cipher. It doesn’t take very much to see that a shift of “1” would reveal HACKADAY. This…is not security, and is equivalent to a TSA lock, if that. The CS2300-R takes the Caesar Cipher and modifies it so that the cipher key changes as you move down the data string. [Cybergibbons] was able to figure out how the key changed, which revealed, as he put it – ‘the keys to the kingdom’.

There’s a lot more to the story. Be sure to read his detailed report (pdf) and let us know what you think in the comments below.

We mentioned that CSL Dualcom is disputing the findings. Their response can be read here.

Fight Frost with an Internet of Things Fridge Alarm

It has been incredibly humid around these parts over the last week, and there seems to be something about these dog days that makes you leave the fridge or freezer door open by mistake. [pnjensen] found this happening all too often to the family chill chest, with the predictable accretion of frost on the coils as the water vapor condensed out of the entrained humid air and froze. The WiFi-enabled fridge alarm he built to fight this is a pretty neat hack with lots of potential for expansion.

Based on a Sparkfun ESP8266 Thing and home-brew door sensors built from copper tape, the alarm is rigged to sound after 120 seconds of the door being open. From the description it seems like the on-board buzzer provides a periodic reminder pip while the door is open before going into constant alarm and sending an SMS message or email; that’s a nice touch, and having the local alarm in addition to the text or email is good practice. As a bonus, [pjensen] also gets a log of each opening and closing of the fridge and freezer. As for expansion, the I2C header is just waiting for more sensors to be added, and the built-in LiPo charger would provide redundancy in a power failure.

If frost buildup is less a problem for you than midnight snack runs causing another kind of buildup, you might want to check out this willpower-enhancing IoT fridge alarm.

Saving an Alarm System Remote and $100

[Simon] has been using his home alarm system for over six years now. The system originally came with a small RF remote control, but after years of use and abuse it was finally falling apart. After searching for replacement parts online, he found that his alarm system is the “old” model and remotes are no longer available for purchase. The new system had similar RF remotes, but supposedly they were not compatible. He decided to dig in and fix his remote himself.

He cracked open the remote’s case and found an 8-pin chip labeled HCS300. This chip handles all of the remote’s functions, including reading the buttons, flashing the LED, and providing encoded output to the 433MHz transmitter. The HCS300 also uses KeeLoq technology to protect the data transmission with a rolling code. [Simon] did some research online and found the thew new alarm system’s remotes also use the same KeeLoq technology. On a hunch, he went ahead and ordered two of the newer model remotes.

He tried pairing them up with his receiver but of course it couldn’t be that simple. After opening up the new remote he found that it also used the HCS300 chip. That was a good sign. The manufacturer states that each remote is programmed with a secret 64-bit manufacturer’s code. This acts as the encryption key, so [Simon] would have to somehow crack the key on his original chip and re-program the new chip with the old key. Or he could take the simpler path and swap chips.

A hot air gun made short work of the de-soldering and soon enough the chips were in place. Unfortunately, the chips have different pinouts, so [Simon] had to cut a few traces and fix them with jumper wire. With the case back together and the buttons in place, he gave it a test. It worked. Who needs to upgrade their entire alarm system when you can just hack the remote?

Alarm Notifies the Office When the Coffee is Ready

[Stian] thought it would be nice if his coworkers could be electronically notified when the latest batch of coffee is ready. He ended up building an inexpensive coffee alarm system to do exactly that. When the coffee is done, the brewer can press a giant button to notify the rest of the office that it’s time for a cuppa joe.

[Stian’s] first project requirement was to activate the system using a big physical button. He chose a button from Sparkfun, although he ended up modifying it to better suit his needs. The original button came with a single LED built-in. This wasn’t enough for [Stian], so he added two more LEDs. All three LEDs are driven by a ULN2003A NPN transistor array. Now he can flash them in sequence to make a simple animation.

This momentary push button supplies power to a ESP8266 microcontroller using a soft latch power switch. When the momentary switch is pressed, it supplies power to the latch. The latch then powers up the main circuit and continues supplying power even when the push button is released. The reason for this power trickery is to conserve power from the 18650 li-on battery.

The core functionality of the alarm uses a combination of physical hardware and two cloud-based services. The ESP8266 was chosen because it includes a built-in WiFi chip and it only costs five dollars. The microcontroller is configured to connect to the WiFi network with the push of a button. The device also monitors the giant alarm button.

When the button is pressed, it sends an HTTP request to a custom clojure app running on a cloud service called Heroku. The clojure app then stores brewing information in a database and sends a notification to the Slack cloud service. Slack is a sort of project management app that allows multiple users to work on projects and communicate easier over the internet. [Stian] has tapped into it in order to send the actual text notification to his coworkers to let them know that the coffee is ready. Be sure to watch the demo video below. Continue reading “Alarm Notifies the Office When the Coffee is Ready”