A White Hat Virus for the Internet of Things

The Internet of Things is going gangbusters, despite no one knowing exactly what it will be used for. There’s more marketing money being thrown at IoT paraphernalia than a new soda from Pepsi. It’s a new technology, and with that comes a few problems: these devices are incredibly insecure, and you only need to look at a few CCTV camera streams available online for proof of that.

The obvious solution to vulnerable Internet of Things things would be to get people to change the login credentials on their devices, but that has proven to be too difficult for most of the population. A better solution, if questionable in its intentions, would be a virus that would close all those open ports on routers, killing Telnet, and reminding users to change their passwords. Symantec has found such a virus. It’s called Wifatch, and it bends the concept of malware into a force for good.

Wifatch is a bit of code that slips through the back door of routers and other IoT devices, closes off Telnet to prevent further infection, and leaves a message telling the owner to change the password and update the device firmware. Wifatch isn’t keeping any secrets, either: most of the code is written in unobfuscated Perl, and there are debug messages that enable easy analysis of the code. This is code that’s meant to be taken apart, and code that includes a comment directed at NSA and FBI agents:

To any NSA and FBI agents reading this: please consider whether defending
the US Constitution against all enemies, foreign or domestic, requires you
to follow Snowden's example.

Although the designer of Wifatch left all the code out in the open, and is arguably doing good, there is a possible dark side to this white hat virus. Wifatch connects to a peer-to-peer network that is used to distribute threat updates. With backdoors in the code, the author of Wifatch could conceivably turn the entire network of Wifatch-infected devices into a personal botnet.

While Wifatch is easily removed from a router with a simple restart, and re-infection can be prevented by changing the default passwords, this is an interesting case of virtual vigilantism. It may not be the best way to tell people they need to change the password on their router, but it’s hard to argue with results.

[Image source: header, thumb]

Google’s OnHub Goes Toe to Toe with Amazon Echo

Yesterday Google announced preorders for a new device called OnHub. Their marketing, and most of the coverage I’ve seen so far, touts OnHub as a better WiFi router than you are used to including improved signal, ease of setup, and a better system to get your friends onto your AP (using the ultrasonic communication technique we’ve also seen on the Amazon Dash buttons). Why would Google care about this? I don’t think they do, at least not enough to develop and manufacture a $199.99 cylindrical monolith. Nope, this is all about the Internet of Things, as much as it pains me to use the term.

google-onhub-iot-router-thumbOnHub boasts an array of “smart antennas” connected to its various radios. It has the 2.4 and 5 Gigahertz WiFi bands in all the flavors you would expect. The specs also show an AUX Wireless for 802.11 whose purpose is not entirely clear to me but may be the network congestion sensing built into the system (leave a comment if you think otherwise). Rounding out the communications array is support for ZigBee and Bluetooth 4.0.

I have long looked at Google’s acquisition of Nest and assumed that at some point Nest would become the Router for your Internet of Things, collecting data from your exercise equipment and bathroom scale which would then be sold to your health insurance provider so they may adjust your rates. I know, that’s a juicy piece of Orwellian hyperbole but it gets the point across rather quickly. The OnHub is a much more eloquent attempt at the same thing. Some people were turned off by the Nest because it “watches” you to learn your heating preferences. The same issue has arisen with the Amazon Echo which is “always listening”.

Google has foregone those built-in futuristic features and chosen a device to which almost  everyone has already grown accustom: the WiFi router. They promise better WiFi and I’m sure it will deliver. What’s the average age of a home WiFi AP at this point anyway? Any new hardware would be an improvement. Oh, and when you start buying those smart bulbs, fridges, bathroom scales, egg trays, and whatever else it’ll work for them as well.

As far as hacking and home automation, it’s hard to beat the voice-activated commands we’ve seen with Echo lately, like forcing it to control Nest or operate your Roku. Who wants to bet that we’ll see a Google-Now based IoT standalone device quickly following the shipment of OnHub?

Continue reading “Google’s OnHub Goes Toe to Toe with Amazon Echo”

Where Are They Now: Terrible Kickstarters

Kickstarter started out as a platform for group buys, low-volume manufacturing, and a place to fund projects that would otherwise go unfinished. It would be naive of anyone to think this would last forever, and since these humble beginnings, we’re well into Peak Kickstarter. Now, Kickstarter, Indiegogo, and every other crowdfunding platform is just another mouthpiece for product launches, and just another strategy for anyone who needs or wants money, but has never heard of a business loan.

Of course there will be some shady businesses trying to cash in on the Kickstarter craze, and over the last few years we’ve done our best to point out the bad ones. Finding every terrible Kickstarter is several full-time jobs, but we’ve done our best to weed out these shining examples of the worst. Following up on these failed projects is something we have been neglecting, but no longer.

Below are some of the most outrageous Kickstarters and crowdfunding campaigns we’ve run across, and the current status of these failed entrepreneurial endeavors.

Continue reading “Where Are They Now: Terrible Kickstarters”

A Handheld CNC Router

Over the last few years, the state of the art in handheld routers has been tucked away in the back of our minds. It was at SIGGRAPH in 2012 and we caught up to it at Makerfair last year. Now, it’s getting ready for production.

Originally called Taktia, the Shaper router looks a lot like a normal, handheld router. This router is smart, though, with the ability to look at a work piece marked with a tape designed for computer vision and slightly reposition the cutter in response to how the user is moving it. A simple description doesn’t do this tool justice, so check out the video the Shaper team recently uploaded.

With the user moving the Shaper router over a work piece and motors moving the cutter head, this tool is able to make precision cuts – wooden gears and outlines of the United States – quickly, easily, and accurately. Cutting any shape is as easy as loading a file into Shaper, calling that file up on a touch screen display, and turning on the cutter. Move the router around the table, and the Shaper takes care of the rest.

Accuracy, at least in earlier versions, is said to be on the order of a hundredth of an inch. That’s good enough for wood, like this very interesting bit of joinery that would be pretty hard with traditional tools. Video below.

Thanks [martin] for the tip.

Continue reading “A Handheld CNC Router”

Router Jig Makes Quick Work Of Flattening Irregular Shaped Wood

[Nick Offerman] is a pretty serious wood worker. He likes to make crazy stuff including organic looking tables out of huge chunks of wood. Clearly, the wood doesn’t come out of the ground shaped like the above photo, it has to be intensely worked. [Nick] doesn’t have a huge saw or belt sander that can handle these massive blocks of wood so he built something that could. It’s a jig that allows him to use a standard wood router to shave each side down flat.

The process starts by taking a piece of tree trunk and roughing it into shape with a chainsaw. Once it is flat enough to not roll around, it’s put into a large jig with 4 posts. Horizontal beams are clamped to the posts and support a wooden tray which a wood router can slide back and forth in. The router’s cutting bit sticks out the bottom of the tray and slowly nibbles the surface flat. Once one side is flat, the block is rotated and the flat side is used as a reference to make all the other sides square to the first. After flattening, sanding and finishing the block results in a pretty sweet piece of functional artwork.

Kickstarting Even More Router-Based Dev Boards

The latest and greatest thing makers and IoT solutions is apparently router hacking. While most Hackaday readers lived through this interesting phase where Linksys routers were used to connect sensors and other such digital bits and bobs to the Internet a few years ago, SOCs have improved, and now there are router-based dev boards.

The latest is the Onion Omega, an exceptionally tiny board just under two inches square. Onboard is an Atheros AR9331 chipset – the same found in a number of cheap WiFi routers – attached to 32 pins breaking out GPIOs, SPI, I2C, and USB. With WiFi and Ethernet, this is a board designed to connect sensors, motors, actuators, and devices to the Internet.

This is not the only recent router-based dev board to make it to the crowdfunding sites. A week or so ago, the Domino hit Kickstarter, featuring the same AR9331 chipset found in the Onion Omega. The Onion does have a few things going for it – cloud integration, a web-based console, and an app store that make the Onion vastly more useful for the ‘maker’ market. The Domino has a boatload of pins available, and competition is always good, right?

Kickstarting Router-Based Development Boards

[Squonk] is rather famous in the world of repurposed routers, having reverse engineered the TL-WR703N wireless router from TP-Link a few years ago. With that knowledge, he’s developed an open platform for Things on the Internet called Domino. It’s pretty much exactly what you would get by cracking open a router bought on AliBaba, only in a much more convenient package with many more pins broken out.

The Domino builds on [Squonk]’s reverse engineering efforts of the TP-Link TL-WR703N wireless router, the router that has stolen the thunder from the Linksys WRT54G for all those sweet, sweet, embedded hacks. Both the 703N and the Domino are built around the Atheros AR9331. While the router version of this chipset only breaks out a few GPIOs and other interesting pins, the Domino breaks out just about everything – GPIO, JTAG, I2S, UART, SPI, USB, and Ethernet can be found on the device.

The basic Domino can hopefully be had with a $25 pledge to the Kickstarter campaign. That’s a little less than the normal price for a WR-703N, and if you’re putting a router in a hat it might be worth your while. There are a few advanced versions that include an ATMega32u4 microcontroller, making it compatible with the Arduino Yun as well.