Control Alexa Echo from anywhere in the World

If you are not within ear-shot of your Alexa Echo, Dot or Tap device and need to command it from anywhere in the world, you’d most likely use the handy mobile app or web interface to control it. For some strange reason, if you’d rather use voice commands from anywhere in the world, you can still do it using apps such as Alexa Listens or Reverb, among many others. We’d be the first ones to call these out and say “It’s not a hack”. But [pat dhens] approach is above reproach! He has posted details on how to Remote Control the Alexa Echo from Anywhere in the World. Short version of the hack — he’s using a Raspberry Pi with a speaker attached to it which commands his Alexa Tap using a text-to-speech converter program.

The long version is short as well. The user uses a VPN, such as OpenVPN, to log in to their home network where the Alexa device is located. Then, use VNC to connect to the Raspberry Pi to access its shell. Finally, the user issues a text command which is converted to speech by the ‘festival‘ program on the Raspberry Pi. The output goes to an external speaker via the Raspberry Pi’s 3.5 mm audio out jack. And that’s all there is to it. You’ve just issued a voice command to your Alexa from across the world.

Maybe it will save your vocal chords from damage due to excessive hollering, we guess. He’s even made a short video to prove that it works. Now all it needs is a microphone to listen to Alexa, convert speech-to-text, and then transmit it back to you across the world to complete the cycle.

We’re not sure, but he thinks this hack will lead him to world domination. Good Luck with that.

Continue reading “Control Alexa Echo from anywhere in the World”

Point and Click to an IoT Button

The availability of cheap WiFi boards like the ESP8266 and others means you can inexpensively put projects on the network. But there is still the problem of how to connect these devices to other places reliably. An Open Source project that attempts to make that whole effort point and click is Mongoose OS. The open source system works with the ESP8266, ESP32, and several other platforms. It is well integrated with Amazon’s IoT backend, but it isn’t locked to it.

Everyone wants to be your IoT broker and we see products appear (and disappear) regularly aimed at capturing that market. One common way to send and receive messages from a tiny device to a remote server is MQTT, an ISO standard made with resource-limited devices in mind. Many IoT services speak this protocol, including Amazon’s IoT offering. You can see how quick it is to flash an ESP8266 to make an Amazon IoT button in the video below. Although the video example uses Amazon, you can configure the system to talk to any public or private MQTT broker.

Continue reading “Point and Click to an IoT Button”

Dash With Arduino

Amazon Dash is a handy service, and when Amazon released their AWS IoT platform, [Brian Carbonette] felt that it left out all the hardware hackers from the tinkering fun. Seeking justice, he put together a guide for an Arduino Dash button aimed at hardware hackers and those who are still easing into the world.

For his build, [Carbonette] used an Arduino MKR1000, laying out a few different configuration options for building your button. He has also gone to great lengths to help all comers tackle the Arduino-Dash API communication process by building an AmazonDRS Arduino Library, which handles all the “boring details,” so you can focus on the hardware. With the warning that the software-side setup is tedious the first time around, [Carbonette] has included a detailed manual for setting up the aforementioned AmazonDRS library, some example code, and a breakdown thereof. He also suggests implementing other features — such as a notification if the item is out of stock on Amazon — to tie the project together.

Continue reading “Dash With Arduino”

33C3: Hunz Deconstructs the Amazon Dash Button

The Amazon Dash button is now in its second hardware revision, and in a talk at the 33rd Chaos Communications Congress, [Hunz] not only tears it apart and illuminates the differences with the first version, but he also manages to reverse engineer it enough to get his own code running. This opens up a whole raft of possibilities that go beyond the simple “intercept the IP traffic” style hacks that we’ve seen.

dash_block_diagramJust getting into the Dash is a bit of work, so buy two: one to cut apart and locate the parts that you have to avoid next time. Once you get in, everything is tiny! There are a lot of 0201 SMD parts. Hidden underneath a plastic blob (acetone!) is an Atmel ATSAMG55, a 120 MHz ARM Cortex-M4 with FPU, and a beefy CPU all around. There is also a 2.4 GHz radio with a built-in IP stack that handles all the WiFi, with built-in TLS support. Other parts include a boost voltage converter, a BTLE chipset, an LED, a microphone, and some SPI flash.

The strangest part of the device is the sleep mode. The voltage regulator is turned on by user button press and held on using a GPIO pin on the CPU. Once the microcontroller lets go of the power supply, all power is off until the button is pressed again. It’s hard to use any less power when sleeping. Even so, the microcontroller monitors the battery voltage and presumably phones home when it gets low.
Continue reading “33C3: Hunz Deconstructs the Amazon Dash Button”

Shmoocon 2017: The Ins And Outs Of Manufacturing And Selling Hardware

Every day, we see people building things. Sometimes, useful things. Very rarely, this thing becomes a product, but even then we don’t hear much about the ins and outs of manufacturing a bunch of these things or the economics of actually selling them. This past weekend at Shmoocon, [Conor Patrick] gave the crowd the inside scoop on selling a few hundred two factor authentication tokens. What started as a hobby is now a legitimate business, thanks to good engineering and abusing Amazon’s distribution program.

The product in question is the U2F Zero, an open source U2F token for two-factor authentication. It’s built around the Atmel/Microchip ATECC508A crypto chip and is, by all accounts, secure enough. It’s also cheap at about $0.70 a piece, and the entire build comes to about $3 USD. All of this is hardware, and should be extremely familiar to the regular Hackaday reader. This isn’t the focus of [Conor]’s talk though. The real challenge is how to manufacture and sell these U2F dongles, a topic we looked in on back in September.

The circuit for this U2F key is basically just a crypto chip and a USB microcontroller, each of which needs to be programmed separately and ideally securely. The private key isn’t something [Conor] wants to give to an assembly house, which means he’s programming all these devices himself.

For a run of 1100 units, [Conor] spent $350 on PCB, $3600 for components and assembly, $190 on shipping and tariffs from China, and an additional $500 for packaging on Amazon. That last bit pushed the final price of the U2F key up nearly 30%, and packaging is something you have to watch if you ever want to sell things of your own.

For distribution, [Conor] chose Fulfillment By Amazon. This is fantastically cheap if you’re selling a product that already exists, but of course, [Conor]’s U2F Zero wasn’t already on Amazon. A new product needs brand approval, and Amazon would not initially recognize the U2F Zero brand. The solution to this was for [Conor] to send a letter to himself allowing him to use the U2F Zero brand and forward that letter to the automated Amazon brand bot. Is that stupid? Yes. Did it work? Also yes.

Sales were quiet until [Conor] submitted a tip to Hacker News and sold about 70 U2F Zeros in a day. After that, sales remained relatively steady. The U2F Zero is now a legitimate product. Even though [Conor] isn’t going to get rich by selling a dozen or so U2F keys a day, it’s still an amazing learning experience and we’re glad to have sat in on his story of bootstrapping a product, if only for the great tip on getting around Amazon’s fulfillment policies.

Police Want Alexa Data; People Begin to Realize It’s Listening

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

Controlling a Game Room with Amazon Echo

If there are two things we love here at Hackaday, it’s games and automating mundane tasks by adding a lot of electronics and voice control. A game room is, therefore, the perfect sandbox for projects that get us excited in all of the right ways. Liberty Games, a UK-based games room company, already had a really impressive game room (as you might expect). They’ve just posted an awesome build log showcasing how they went about automating mundane game room tasks by adding a lot of electronics and voice control.

There were four tasks that Liberty Games wanted to be able to complete with voice control: releasing billiards balls on their pool table, adding credits to an arcade machine, releasing pinballs on a pinball machine, and control of a CD jukebox. For all of these tasks, they used an Amazon Echo, which already has built-in support for adding new “skills” (Amazon’s term for user-created Alexa commands). These skills allow the Echo to communicate with other devices using JavaScript Object Notation (JSON).

Continue reading “Controlling a Game Room with Amazon Echo”