Fingerprint Garage Door Won’t Open Every Time A Neighbor Microwaves a Burrito

With three kids, including himself, [Dave] faced the very real likelihood of someone absent-mindedly leaving the garage door open and being robbed blind. Rather than installing some plebeian solution, he compiled a feature list. And what a feature list it is!

The garage door needed to notify him of its status with strategically placed LEDs around the house, and give him full control on his devices. He wanted to open and close it using his existing key-code entry system. Lastly, it would be extra-cool if he could add some biometrics to it; in this case, a fingerprint sensor.

The core hardware is the staple Arduino augmented with a fingerprint module, a touch screen, some vitamins, and a WiFi break-out. He also worked up some casings in tinkercad: one for the indoor hardware, another with a flip cover for the outdoor fingerprint scanner.

We think [Dave] has accomplished what he set out to. We can just picture the would-be-thief staring at the finger print scanner and moving their operation one house over where the world is simpler. Video after the break.

Continue reading “Fingerprint Garage Door Won’t Open Every Time A Neighbor Microwaves a Burrito”

App Control With Ease Using Blynk

App development is not fun for everyone, and sometimes you just want to control a device from your phone with minimal work. Blynk appears to be a fairly put-together library for not only hooking up any Arduino or esp8266 to a phone through WiFi, but also through the net if desired.

Install the app onto your iPhone or Android device. Install the libraries on your computer. Next, modify your Arduino source to either pass direct control of a pin to Blynk, or connect Blynk to a virtual pin inside your code for more advanced control. If you want to go the easy route, create an account, log into the app, and drag and drop the interface you’d like. If the idea of letting some corporation host your Arduino project sends shivers down your spine, there is also an option to host your own server. (Editorial snark: Yes, it requires a server. That’s the cost of “simplicity”.)

There have been a few times where we’ve wished we could add app control to our projects, but installing all the libraries and learning a new language just to see a button on a screen didn’t seem worth it. This is a great solution. Have any of you had experience using it?

String Racing Robots are Here !

This could be the start of a new thing. [HarpDude] showed off his String Car Racers over on the Adafruit forum. It’s like a small model cable car on caffeine. String up enough of them and go head to head racing with others.

A motor with a small pulley runs over a length of string stretched between 2 posts. Below the pulley, acting as a counterweight balance, is the rest of the racer. A Trinket board, motor driver, 9V battery and a pair of long lever micro switches to detect end of travel. The switches also help reverse the motor. A piece of galvanized wire acts as a guide preventing the String Car from jumping off the string. And discovering the benefits of a micro-controller design, as against discrete TTL/CMOS, old timer [HarpDude] added two operational modes via software. “Pong”, where the String Car keeps going back and forth over the string until it stops of (battery) exhaustion. The other mode is “Boomerang” – a single return trip back and forth.

We are guessing the next upgrade would be to add some kind of radio on the car (ESP8266 perhaps) and build an app to control the String Car. That’s when gaming could become fun as it opens up possibilities. One way to improve performance would be to add two “idler” pulleys in line with the main drive pulley, and then snake the string through the three of them. Now you know what to do with all of those old motors you’ve scavenged from tape drives, CD drives and printers. Let the Games begin!

Thanks [Mike Stone] for tipping us off on this.

On Your Phone While Driving an Electric Skateboard

Skateboards are fun, but you have to do all that pesky kicking in order to get anywhere. That’s why [Nick] decided to build his own electric skateboard. Not only is the skateboard powered with an electric motor, but the whole thing can be controlled from a smart phone.

[Nick] started out with a long board deck that he had made years ago. After cleaning it up and re-finishing it, the board was ready for some wheels. [Nick] used a kit he found online that came with the trucks, wheels, and a belt. The trucks have a motor mount welded in place already. [Nick] used a Turnigy SK3 192KV electric motor to drive the wheels. He also used a Turnigy electronic speed controller to make sure he could vary the speed of the board while riding.

Next [Nick] needed some interface between a smart phone and the motor controller. He chose to use an Arduino Nano hooked up to a Bluetooth module. The Nano was able to directly drive the motor controller, and the Bluetooth module made it easy to sync up to a mobile phone. The Android app was written using MIT’s App Inventor software. It allows for basic control over the motor speed so you can cruise in style. Check out the video below for a slide show and some demonstration clips.

It’s a popular project, and eerily similar to the one we saw a couple months back.

Continue reading “On Your Phone While Driving an Electric Skateboard”

Remote Controlled Wildlife Camera with Raspberry Pi

If you are interested in local wildlife, you may want to consider this wildlife camera project (Google cache). [Arnis] has been using his to film foxes and mice. The core components of this build are a Raspberry Pi and an infrared camera module specifically made for the Pi. The system runs on a 20,000 mAh battery, which [Arnis] claims results in around 18 hours of battery life.

[Arnis] appears to be using a passive infrared (PIR) sensor to detect motion. These sensors work by detecting sudden changes in the amount of ambient infrared radiation. Mammals are good sources of infrared radiation, so the sensor would work well to detect animals in the vicinity. The Pi is also hooked up to a secondary circuit consisting of a relay, a battery, and an infrared light. When it’s dark outside, [Arnis] can enable “night mode” which will turn on the infrared light. This provides some level of night vision for recording the furry critters in low light conditions.

[Arnis] is also using a Bluetooth dongle with the Pi in order to communicate with an Android phone. Using a custom Android app, he is able to connect back to the Pi and start the camera recording script. He can also use the app to sync the time on the Pi or download an updated image from the camera to ensure it is pointed in the right direction. Be sure to check out the demo video below.

If you like these wildlife cameras, you might want to check out some older projects that serve a similar purpose. Continue reading “Remote Controlled Wildlife Camera with Raspberry Pi”

Exposing Private Facebook Photos with a Malicious App

[Laxman] is back again with another hack related to Facebook photos. This hack revolves around the Facebook mobile application’s “sync photos” function. This feature automatically uploads every photo taken on your mobile device to your Facebook account. These photos are automatically marked as private so that only the user can see them. The user would have to manually update the privacy settings on each photo later in order to make them available to friends or the public.

[Laxman] wanted to put these privacy restrictions to the test, so he started poking around the Facebook mobile application. He found that the Facebook app would make an HTTP GET request to a specific URL in order to retrieve the synced photos. This request was performed using a top-level access token. The Facebook server checked this token before sending down the private images. It sounds secure, but [Laxman] found a fatal flaw.

The Facebook server only checked the owner of the token. It did not bother to check which Facebook application was making the request. As long as the app had the “user_photos” permission, it was able to pull down the private photos. This permission is required by many applications as it allows the apps to access the user’s public photos. This vulnerability could have allowed an attacker access to the victim’s private photos by building a malicious application and then tricking victims into installing the app.

At least, that could have been the case if Facebook wasn’t so good about fixing their vulnerabilities. [Laxman] disclosed his finding to Facebook. They had patched the vulnerability less than an hour after acknowledging the disclosure. They also found this vulnerability severe enough to warrant a $10,000 bounty payout to [Laxman]. This is in addition to the $12,500 [Laxman] received last month for a different Facebook photo-related vulnerability.

Stumbling Upon an Uber Vulnerability

[Nathan] is a mobile application developer. He was recently debugging one of his new applications when he stumbled into an interesting security vulnerability while running a program called Charles. Charles is a web proxy that allows you to monitor and analyze the web traffic between your computer and the Internet. The program essentially acts as a man in the middle, allowing you to view all of the request and response data and usually giving you the ability to manipulate it.

While debugging his app, [Nathan] realized he was going to need a ride soon. After opening up the Uber app, he it occurred to him that he was still inspecting this traffic. He decided to poke around and see if he could find anything interesting. Communication from the Uber app to the Uber data center is done via HTTPS. This means that it’s encrypted to protect your information. However, if you are trying to inspect your own traffic you can use Charles to sign your own SSL certificate and decrypt all the information. That’s exactly what [Nathan] did. He doesn’t mention it in his blog post, but we have to wonder if the Uber app warned him of the invalid SSL certificate. If not, this could pose a privacy issue for other users if someone were to perform a man in the middle attack on an unsuspecting victim.

[Nathan] poked around the various requests until he saw something intriguing. There was one repeated request that is used by Uber to “receive and communicate rider location, driver availability, application configurations settings and more”. He noticed that within this request, there is a variable called “isAdmin” and it was set to false. [Nathan] used Charles to intercept this request and change the value to true. He wasn’t sure that it would do anything, but sure enough this unlocked some new features normally only accessible to Uber employees. We’re not exactly sure what these features are good for, but obviously they aren’t meant to be used by just anybody.