Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.

This is quite disturbing, What if someone left a tea towel on the hob or some other flammable material before leaving for work, only to come back to a pile of ashes?  This is a six-gazillion BTU stove and oven, after all. It just seems the more connected we are in this digital age the more we end up vulnerable to attacks, companies seem too busy trying to push their products out the door to do simple security checks.

Before disclosing the vulnerability, [Pen Test Partners] tried to contact AGA through Twitter and ended up being blocked. They phoned around trying to get in contact with someone who even knew what IoT or security meant. This took some time but finally they managed to get through to someone from the technical support. Hopefully AGA will roll out some updates soon. The company’s reluctance to do something about this security issue does highlight how sometimes disclosure may not be enough.

[Via Pen Test Partners]

Fully 3D Printed Snow Blower

For anyone living in cooler climates, the annual onslaught of snow means many hours shoveling driveways and sidewalks. After a light snow, shoveling might seem a waste of time, while a snow blower would be overkill. If only there were a happy middle ground that required minimal effort; perhaps an RC snow groomer with a 3D printed snow blower would work.

We featured an earlier version of this project last year. This year’s model features a slipper clutch — combined with a differential from a heavy RC truck — to forestall damage to the attachment if you happen to hit any rocks or ice chunks. The blades are also thicker and lack teeth in this iteration, as they would catch on anything hard and shatter the blade more often than not. Designed by [Spyker Workshop] (aka [The_Great_Moo]) the snow blower attaches to the front of RC snow groomer — which is originally meant to act like a plow. Seeing the snow blower attachment in action, we’re inclined to believe that he may be onto something.

Continue reading “Fully 3D Printed Snow Blower”

Remote-Operated Gate On A Budget

Sometimes, a simple fix is the best solution. Lacking extra funds for a proper remote-controlled gate-opener after the recent purchase of their farm, redditor [amaurer3210] built one as a birthday gift for his wife.

Supported on pillow block housings, a 10″ wheel is connected to the motor by via a 3D printed pulley and a timing belt turned inside-out to allow for slippage — in case of obstacles or manual opening of the gate. If you’ve ever worked with belts in your builds, [amaurer3210] adds that during sizing he uses a few layers of fiberglass tape as a stand-in for the belt to avoid frustration over final belt size and tension.
Continue reading “Remote-Operated Gate On A Budget”

Highlights From Robotic Shipwreck Exploration

DIY Research Vessel in use, while ROV is busy below. [Source: NYT]
DIY Research Vessel in use, while ROV is busy below. [Source: NYT]
OpenROV shared the results of their June 2016 underwater expedition to locate and robotically explore the wreck of the S.S. Tahoe, currently sitting at a depth of 150m in Lake Tahoe. Back in 1940 the ship was intentionally scuttled in shallow water, but unexpectedly slid to a much deeper depth. OpenROV used a modified version of their new Trident design to dive all the way down to the wreck and take a good look at things, streaming it over the internet in the process.

We previously covered the DIY research vessel that was designed and created as a floating base station for the ROV while it located and explored the wreck, and now the results are in! The video highlights of the expedition are below, as is a video tour of the ROV used and the modifications required to enable it to operate at 150m.

Continue reading “Highlights From Robotic Shipwreck Exploration”

Strandmaus, Small R/C Strandbeest

[Jeremy Cook] has been playing around with strandbeests for a while, but never had one that walked until he put a motor on it and made it R/C controlled.

These remote controlled strandbeests can’t be too heavy or they have trouble moving. He didn’t want to get too complicated, either. [Jeremy] decided his first idea – hacking a cheap R/C car – wouldn’t work. The motors and AA batteries in these cars are just too heavy. Then he realized he had a broken quadcopter lying around. The motors were all burnt out, but the battery, controller, and driver board still works. On a hunch, he hooked up beefier motors to the front and left rotor control, and found that it worked just fine.

The rest of the work was just coupling it to the mechanism. The mechanism is made of wood and metal tubes. [Jeremy] found that the strandmaus had a tendency to fall down. He figures that’s why the original strandbeests had so many legs.

For his next iteration he wants to try to make it more stable, but for now he’s just having fun seeing his little legged contraption scoot around the floor. Video after the break.

Continue reading “Strandmaus, Small R/C Strandbeest”

You Need a Self-Righting Thrust-Vector Balloon Copter

Cornell University’s microcontroller class looks like a tremendous amount of fun. Not only do the students learn the nitty-gritty details of microcontroller programming, but the course culminates in a cool project. [Brian Ritchken] and [Jim Liu] made a thrust-vector controlled balloon blimp. They call this working?!?!

Three balloons provide just enough lift so that the blimp can climb or descend on motor power. Since the machine is symmetric, there’s no intrinsic idea of “forward” or “backward”. Instead, a ring of eight LEDs around the edge let you know which way the blimp thinks it’s pointing. Two controls on the remote rotate the pointing direction clockwise and counter-clockwise. The blimp does the math to figure out which motors to run faster or slower when you tell it to go forward or back.

The platform is stabilized by a feedback loop with an accelerometer on board, and seems capable of handling a fairly asymmetric weight distribution, as evidenced by their ballast dangling off the side — a climbing bag filled with ketchup packets that presumably weren’t just lifted from the dining halls.

It looks like [Brian] and [Jim] had a ton of fun building and flying this contraption. We’d love to see a distance-to-the-floor sensor added so that they could command it to hover at a given height, but that adds an extra level of complexity. They got this done in time and under budget, so kudos to them both. And in a world full of over-qualified quadcopters, it’s nice to see the humble blimp getting its time in the sun.

Yep, you heard right… this is yet another final project for a University course. Yesterday we saw a spinning POV globe, and the day before a voice-activated eye test. We want to see your final project too so please send in a link!

Congress Destroys A Hobby, FAA Gets The Blame

As ordered by the US Congress, the FAA is gearing up to set forth a standard for commercial UAVs, Unmanned Aerial Systems, and commercial drones operating in America’s airspace. While they’ve been dragging their feet, and the laws and rules for these commercial drones probably won’t be ready by 2015, that doesn’t mean the FAA can’t figure out what the rules are for model aircraft in the meantime.

This week, the FAA released its interpretation (PDF) of what model aircraft operators can and can’t do, and the news isn’t good: FPV flights with quadcopters and model airplanes are now effectively banned, an entire industry centered around manufacturing and selling FPV equipment and autopilots will be highly regulated, and a great YouTube channel could soon be breaking the law.

The FAA’s interpretation of what model aircraft can and cannot do, and to a larger extent, what model aircraft are comes from the FAA Modernization And Reform Act Of 2012 (PDF). While this law states the, “…Federal Aviation Administration may
not promulgate any rule or regulation regarding a model aircraft…” it defines model aircraft as, “an unmanned aircraft that is capable of sustained flight in the atmosphere; flown within visual line of sight of the person operating the aircraft; and flown for hobby or recreational purposes.” The FAA has concluded that anything not meeting this definition, for example, a remote controlled airplane with an FPV setup, or a camera, video Tx and Rx, and video goggles, is therefore not a model aircraft, and falls under the regulatory authority of the FAA.

In addition, the FAA spent a great deal of verbiage defining what, “hobby or recreational purposes” in regards to model aircraft are. A cited example of a realtor using a model aircraft to take videos of a property they are selling is listed as not a hobby or recreation, as is a farmer using a model aircraft to see if crops need water. Interestingly, receiving money for demonstrating aerobatics with a model aircraft is also not allowed under the proposed FAA guidelines, a rule that when broadly interpreted could mean uploading a video of yourself flying a model plane, uploading that to YouTube, and clicking the ‘monetize’ button could soon be against the law. This means the awesome folks at Flite Test could soon be out of a job.

The AMA, the Academy Of Model Aeronautics, and traditionally the organization that sets the ‘community-based set of safety guidelines’ referred to in every law dealing with model aircraft, are not happy with the FAA’s proposed rules (PDF). However, their objection is a breathless emotional appeal calls the proposed rules a, “a strict regulatory approach to the operation of model aircraft in the hands of our youth and elderly members.” Other than offering comments per the FAA rulemaking process there are, unfortunately, no possible legal objections to the proposed FAA rules, simply because the FAA is doing exactly what congress told them to do.

The FAA is simply interpreting the Modernization And Reform Act Of 2012 as any person would: FPV goggles interfere with the line of sight of an aircraft, thus anyone flying something via FPV goggles falls under the regulatory authority of the FAA. Flying over the horizon is obviously not line of sight, and therefore not a model aircraft. Flying a model aircraft for money is not a hobby or recreation, and if you’re surprised about this, you simply aren’t familiar with FAA rules about money, work, and person-sized aircraft.

While the proposed FAA rules are not yet in effect, and the FAA is seeking public comment on these rules, if passed there will, unfortunately, exactly two ways to fix this. The first is with a change in federal law to redefine what a model aircraft is. Here’s how to find your congresscritter, with the usual rules applying: campaign donations are better than in-person visits which are better than letters which are better than phone calls which are better than emails. They’ll also look up if you have voted in the last few elections.

If passed, the only other way these rules will align with the privileges model aircraft enthusiasts have enjoyed for decades is through a court ruling. The lawsuit objecting to these rules will most likely be filed by the AMA, and if these rules pass, a donation or membership wouldn’t be a bad idea.