Printer Vulnerabilites Almost as Bad as IoT

Recently ZDNet and Gizmodo published articles outlining a critical flaw in a large array of personal printers. While the number of printers with this flaw is staggering, the ramifications are even more impressive. Ultimately, any of these printers could have documents sent to them stolen even if the document was only intended to be printed as a hard copy.

Luckily the people responsible for this discovery are white-hat in nature, and the release of this information has been made public so the responsible parties can fix the security flaws. Whether or not the “responsible party” is the manufacturer of the printer, though, is still somewhat unclear because part of the exploit takes advantage of a standard that is part of almost all consumer-grade printers. The standard itself may need to be patched.

Right now, however, it doesn’t seem clear exactly how deep the rabbit hole goes. We all remember the DDoS attack that was caused by Internet of Things devices that were poorly secured, and it seems feasible that networked printers could take some part in a similar botnet if a dedicated user really needed them. At the very least, however, your printed documents might not be secure at all, and you may be seeing a patch for your printer’s firmware in the near future.

 

Reverse Engineering Ikea’s New Smart Bulbs

Over in Sweden, Czech, Italy, and Belgium, Ikea is launching a new line of ‘smart’ light bulbs. These countries are apparently the test market for these bulbs, and they’ll soon be landing on American shores. This means smart Ikea bulbs will be everywhere soon, and an Internet of Light Bulbs is a neat thing to explore. [Markus] got his hands on a few of these bulbs, and is now digging into their inner workings (German Make Magazine, with a Google Translate that includes the phrase, ‘capering the pear’).

There are currently four versions of these Ikea bulbs, ranging from a 400 lumen bulb designed for track lights to a 980 lumen bulb that will probably work in an American Edison lamp socket. These lights are controlled via a remote, with each individual bulb paired to the remote by turning the lamp on, holding the remote close to the bulb, and pressing a button.

Inside these bulbs is a Silicon Labs microcontroller with ZigBee support, twelve chip LEDs, and associated electronics that look like they might pass the bigclivedotcom smoke test. After tearing apart this bulb and planting the wireless module firmly in a breadboard, [Markus] found he could dim a pair of LEDs simply by clicking on the remote. Somewhere in these bulbs, there’s a possibility of doing something.

As with all Internet of Things, we must ask an important question: will it become part of Skynet and shut down the Internet, like webcams did last summer? These Ikea bulbs look pretty safe in that regard, as the bulb is inexorably tied to the remote and must be paired by holding it close to the bulb. We’re sure there are a few more interesting exploits for these bulbs, so once they’re released in the US we’ll take a look at them.

Dash With Arduino

Amazon Dash is a handy service, and when Amazon released their AWS IoT platform, [Brian Carbonette] felt that it left out all the hardware hackers from the tinkering fun. Seeking justice, he put together a guide for an Arduino Dash button aimed at hardware hackers and those who are still easing into the world.

For his build, [Carbonette] used an Arduino MKR1000, laying out a few different configuration options for building your button. He has also gone to great lengths to help all comers tackle the Arduino-Dash API communication process by building an AmazonDRS Arduino Library, which handles all the “boring details,” so you can focus on the hardware. With the warning that the software-side setup is tedious the first time around, [Carbonette] has included a detailed manual for setting up the aforementioned AmazonDRS library, some example code, and a breakdown thereof. He also suggests implementing other features — such as a notification if the item is out of stock on Amazon — to tie the project together.

Continue reading “Dash With Arduino”

Open Your Garage Door With Your Smartphone

The eternal enemy of [James Puderer]’s pockets is anything that isn’t his smartphone. When the apartment building he resides in added a garage door, the forces of evil gained another ally in the form of a garage door opener. So, he dealt with the insult by rigging up a Raspberry Pi to act as a relay between the opener and his phone.

The crux of the setup is Firebase Cloud Messaging (FCM) — a Google service that allows messages to be sent to devices that generally have dynamic IP addresses, as well as the capacity to send messages upstream, in this case from [Puderer]’s cell phone to his Raspberry Pi. After whipping up an app — functionally a button widget — that sends the command to open the door over FCM, he set up the Pi in a storage locker near the garage door and was able to fish a cable with both ethernet and power to it. A script running on the Pi triggers the garage door opener when it receives the FCM message and — presto — open sesame.

Continue reading “Open Your Garage Door With Your Smartphone”

Servo-Controlled IoT Light Switches

The Internet of Things is fun to play with; there’s all manner of devices to automate and control remotely. It can be sketchy, though — make a mistake when coding your automatic plant watering system and you could flood your house. Make a mistake with a space heater and you could burn it down. Combine these risks with the fact that many people live in rental properties, and it can be a difficult proposition to bring the Internet of Things to your home.

[Suyash] came up with a way around this by building 3D printed light switch covers that add servo control. It’s a great solution that it doesn’t require the modification of any mains wiring, and interfaces with the standard switches in the normal way. It makes it a lot safer this way — there are municipal wiring codes for a reason. This is a great example of what you can do with a 3D printer, above and beyond printing out Yoda heads and keychains.

The backend of things is handled by the venerable ESP8266, with [Suyash]’s custom IoT library known as conduit doing the heavy lifting. The library is a way to quickly build IoT devices with web interfaces, and [Suyash] claims it’s possible to be blinking an LED from the cloud within 5 minutes using the tool.

For another take on an IoT light switch, check out this Hackaday Prize entry from 2016.

IoT-ify All Things: LG Has Gone Overboard

If you been following Hackaday lately, you’ve surely noticed an increased number of articles about IoT-ifying stuff. It’s a cool project to take something old (or new) and improve its connectivity, usually via WiFi, making it part of the Internet of Things. Several easy to use modules, in particular the ESP8266, are making a huge contribution to this trend. It’s satisfactory to see our homes with an ESP8266 in every light switch and outlet or to control our old stereo with our iPhone. It gives us a warm fuzzy feeling. And that’s completely fine for one’s personal projects.

But what happens when this becomes mainstream? When literally all our appliances are ‘connected’ in the near future? The implications might be a lot harder to predict than expected. The near future, it seems, starts now.

This year, at CES, LG Electronics (LG) has introduced Smart InstaView™, a refrigerator that’s powered by webOS smart platform and integrated with Amazon’s Alexa Voice Service.

… with webOS, consumers can also explore a host of WiFi-enabled features directly on the refrigerator, creating a streamlined and powerful food management system all housed directly on the front of the fridge door. Amazon’s Alexa Voice Service gives users access to an intelligent personal assistant that, in addition to searching recipes, can play music, place Prime-eligible orders from Amazon.com…

This is ‘just’ a fridge. There are other WiFi-enabled appliances by now, so what?  Apparently, during the LG press conference last Wednesday, the company marketing VP David VanderWaal said that from 2017 on, all of LG’s home appliances will feature “advanced Wi-Fi connectivity”.

Notice the word advanced, we wonder what that means? Will ‘advanced’ mean complicated? Mesh? Secure? Intelligent? Will our toaster finally break the Internet and ruin it for everyone by the end of the year? Will the other big players in the home appliances market jump in the WiFi wagon? We bet the answer is yes.

Here be dragons.

[via Ars Technica]

3D Printed Mini-Printer Enables Obsession With Lists

When going about a busy day, a hard copy listing all your tasks helps if you aren’t inclined to pull up a notepad — or whatever app you use — on your phone each time; doubly so if you want to pin it up in one place to refer to. Besides, using a full sheet of paper for a few items is impractical — and wasteful. To that end, [Jed Hodson] has concocted a mini printer for all your listing needs.

[Hodson] designed and 3D printed the case, making the files available for download and instructions on how to assemble it. Being an IoT device, the printer uses a Photon board to connect to the Internet, wherein Microsoft Flow is used to liaise between the Adafruit printer and Wunderlist — the list app [Hodson]’s chosen for this project.

Continue reading “3D Printed Mini-Printer Enables Obsession With Lists”