Hacker Uncovers Security Holes at CSL Dualcom

CSL Dualcom, a popular maker of security systems in England, is disputing claims from [Cybergibbons] that their CS2300-R model is riddled with holes. The particular device in question is a communications link that sits in between an alarm system and their monitoring facility. Its job is to allow the two systems to talk to each other via internet, POT lines or cell towers. Needless to say, it has some heavy security features built in to prevent alarm_01tampering. It appears, however, that the security is not very secure. [Cybergibbons] methodically poked and prodded the bits and bytes of the CS2300-R until it gave up its secrets. It turns out that the encryption it uses is just a few baby steps beyond a basic Caesar Cipher.

A Caesar Cipher just shifts data by a numeric value. The value is the cipher key. For example, the code IBDLBEBZ is encrypted with a Caesar Cipher. It doesn’t take very much to see that a shift of “1” would reveal HACKADAY. This…is not security, and is equivalent to a TSA lock, if that. The CS2300-R takes the Caesar Cipher and modifies it so that the cipher key changes as you move down the data string. [Cybergibbons] was able to figure out how the key changed, which revealed, as he put it – ‘the keys to the kingdom’.

There’s a lot more to the story. Be sure to read his detailed report (pdf) and let us know what you think in the comments below.

We mentioned that CSL Dualcom is disputing the findings. Their response can be read here.

Fight Frost with an Internet of Things Fridge Alarm

It has been incredibly humid around these parts over the last week, and there seems to be something about these dog days that makes you leave the fridge or freezer door open by mistake. [pnjensen] found this happening all too often to the family chill chest, with the predictable accretion of frost on the coils as the water vapor condensed out of the entrained humid air and froze. The WiFi-enabled fridge alarm he built to fight this is a pretty neat hack with lots of potential for expansion.

Based on a Sparkfun ESP8266 Thing and home-brew door sensors built from copper tape, the alarm is rigged to sound after 120 seconds of the door being open. From the description it seems like the on-board buzzer provides a periodic reminder pip while the door is open before going into constant alarm and sending an SMS message or email; that’s a nice touch, and having the local alarm in addition to the text or email is good practice. As a bonus, [pjensen] also gets a log of each opening and closing of the fridge and freezer. As for expansion, the I2C header is just waiting for more sensors to be added, and the built-in LiPo charger would provide redundancy in a power failure.

If frost buildup is less a problem for you than midnight snack runs causing another kind of buildup, you might want to check out this willpower-enhancing IoT fridge alarm.

Saving an Alarm System Remote and $100

[Simon] has been using his home alarm system for over six years now. The system originally came with a small RF remote control, but after years of use and abuse it was finally falling apart. After searching for replacement parts online, he found that his alarm system is the “old” model and remotes are no longer available for purchase. The new system had similar RF remotes, but supposedly they were not compatible. He decided to dig in and fix his remote himself.

He cracked open the remote’s case and found an 8-pin chip labeled HCS300. This chip handles all of the remote’s functions, including reading the buttons, flashing the LED, and providing encoded output to the 433MHz transmitter. The HCS300 also uses KeeLoq technology to protect the data transmission with a rolling code. [Simon] did some research online and found the thew new alarm system’s remotes also use the same KeeLoq technology. On a hunch, he went ahead and ordered two of the newer model remotes.

He tried pairing them up with his receiver but of course it couldn’t be that simple. After opening up the new remote he found that it also used the HCS300 chip. That was a good sign. The manufacturer states that each remote is programmed with a secret 64-bit manufacturer’s code. This acts as the encryption key, so [Simon] would have to somehow crack the key on his original chip and re-program the new chip with the old key. Or he could take the simpler path and swap chips.

A hot air gun made short work of the de-soldering and soon enough the chips were in place. Unfortunately, the chips have different pinouts, so [Simon] had to cut a few traces and fix them with jumper wire. With the case back together and the buttons in place, he gave it a test. It worked. Who needs to upgrade their entire alarm system when you can just hack the remote?

Alarm Notifies the Office When the Coffee is Ready

[Stian] thought it would be nice if his coworkers could be electronically notified when the latest batch of coffee is ready. He ended up building an inexpensive coffee alarm system to do exactly that. When the coffee is done, the brewer can press a giant button to notify the rest of the office that it’s time for a cuppa joe.

[Stian’s] first project requirement was to activate the system using a big physical button. He chose a button from Sparkfun, although he ended up modifying it to better suit his needs. The original button came with a single LED built-in. This wasn’t enough for [Stian], so he added two more LEDs. All three LEDs are driven by a ULN2003A NPN transistor array. Now he can flash them in sequence to make a simple animation.

This momentary push button supplies power to a ESP8266 microcontroller using a soft latch power switch. When the momentary switch is pressed, it supplies power to the latch. The latch then powers up the main circuit and continues supplying power even when the push button is released. The reason for this power trickery is to conserve power from the 18650 li-on battery.

The core functionality of the alarm uses a combination of physical hardware and two cloud-based services. The ESP8266 was chosen because it includes a built-in WiFi chip and it only costs five dollars. The microcontroller is configured to connect to the WiFi network with the push of a button. The device also monitors the giant alarm button.

When the button is pressed, it sends an HTTP request to a custom clojure app running on a cloud service called Heroku. The clojure app then stores brewing information in a database and sends a notification to the Slack cloud service. Slack is a sort of project management app that allows multiple users to work on projects and communicate easier over the internet. [Stian] has tapped into it in order to send the actual text notification to his coworkers to let them know that the coffee is ready. Be sure to watch the demo video below. Continue reading “Alarm Notifies the Office When the Coffee is Ready”

Prefix Your Phone Alarm with a Desk Lamp

If you are like [Gbola], then you have a hard time waking up during the winter months. Something about the fact that it’s still dark outside just makes it that much more difficult to get out of bed. [Gbola] decided to build his own solution to this problem, by gradually waking himself up with an electric light. He was able to do this using all off-the-shelf components and a bit of playing around with the Tasker Android application.

[Gbola] started out with a standard desk lamp. He replaced the light bulb with a larger bulb that simulates the color temperature of natural daylight. He then switched the lamp on and plugged it into a WeMo power switch module. A WeMo is a commercial product that attempts to make home automation accessible for consumers. This particular module allows [Gbola] to control the power to his desk lamp using his smart phone.

[Gbola] mentions that the official WeMo Android application is slow and includes no integration with Tasker. He instead decided to use the third-party WeMoWay application, which does include Tasker support. Tasker is a separate Android application that allows you to configure your device to perform a set task or series of tasks based on a context. For example you might turn your phone to silent mode when your GPS signal shows you are at work. WeMoWay allows [Gbola] to interact with his WeMo device based on any parameter he configures.

On top of all of that, [Gbola] also had to install three Tasker plugins. These were AutoAlarm, Taskkill, and WiFi Connect. He then got to work with Tasker. He configured a custom task to identify when the next alarm was configured on the phone. It then sets two custom variables, one for 20 minutes before the alarm (turn on the lamp) and one for 10 minutes after (turn it off).

[Gbola] then built a second task to actually control the lamp. This task first disconnects and reconnects to the WiFi network. [Gbola] found that the WeMoWay application is buggy and this “WiFi reset” helps to make it more reliable. It then kills the WeMoWay app and restarts it. Finally, it executes the command to toggle the state of the lamp. The project page has detailed instructions in case anyone wants to duplicate this. It seems like a relatively painless way to build your own solution for less than the cost of a specialized alarm clock lamp.

Motion Activated Alarm for your Bag

Many of us carry around a bag with our expensive personal belongings. It can be a pain to carry a bag around with you all day though. If you want to set it down for a while, you often have to try to keep an eye on it to ensure that no one steals it. [Micamelnyk] decided to build a solution to this problem in the form of a motion sensing alarm.

The device is built around a Trinket Pro. The Trinket Pro is a sort of break out board for the ATMega328. It’s compatible with the Arduino IDE and also contains a USB port for easy programming. The Trinket is hooked up to a GY-521 accelerometer, which allows it to detect motion. When the Trinket senses that the device has been moved, it emits a loud high-pitched whine from a piezo speaker.

To arm the device, the user first holds the power button for 3 seconds. Then the user has ten seconds to enter their secret code. This ensures that the device is never armed accidentally and that the user always remembers the code before arming the device. The code is entered via four push buttons mounted to a PCB. The code and code length can both be easily modified in the Trinket software.

Once the code is entered, the status LED will turn solid. This indicates to the user that the device must be placed stationary. The LED will turn off after 20 seconds, indicating that the alarm is now armed. If the bag is moved for more than five seconds at a time, the alarm will sound. The slight delay gives the user just enough time to disarm the alarm. This parameter can also be easily configured via software.

Adding WiFi and SMS to an Alarm System

[Don] wanted to bring his alarm system into the modern age. He figured that making it more connected would do the trick. Specifically, he wanted his alarm system to send him an SMS message whenever the alarm was tripped.

[Don] first had to figure out a way to trigger an event when the alarm sounds. He found a screw terminal that lead to the siren. When the alarm is tripped, this screw terminal outputs 12V to enable the siren. This would be a good place to monitor for an alarm trip.

[Don] is using an Arduino nano to monitor the alarm signal. This meant that the 12V signal needed to be stepped down. He ran it through a resistor and a Zener diode to lower the voltage to something the Arduino can handle. Once the Arduino detects a signal, it uses an ESP8266 WiFi module to send an email. The address [Don] used is the email-to-SMS address which results in a text message hitting his phone over the cell network.

The Arduino also needed power. [Don] found a screw terminal on the alarm system circuit board that provided a regulated 12V output. He ran this to another power regulator board to lower the voltage to a steady 5V. This provides just the amount of juice the Arduino needs to run, and it doesn’t rely on batteries. [Don] provides a good explanation of the system in the video below. Continue reading “Adding WiFi and SMS to an Alarm System”