Now it’s official. The particular website that was hit by a record-breaking distributed denial of service (DDOS) attack that we covered a few days ago was that of white-hat security journalist [Brian Krebs]: Krebs on Security.
During the DDOS attack, his site got 600 Gigabits per second of traffic. It didn’t involve amplification or reflection attacks, but rather a distributed network of zombie domestic appliances: routers, IP webcams, and digital video recorders (DVRs). All they did was create HTTP requests for his site, but there were well in excess of 100,000 of these bots.
In the end, [Krebs’] ISP, Akamai, had to drop him. He was getting pro bono service from them to start with, and while they’ve defended him against DDOS attacks in the past, it was costing them too much to continue in this case. An Akamai exec estimates it would have cost them millions to continue defending, and [Brian] doesn’t blame them. But when Akamai dropped the shields, his hosting provider would get slammed. [Krebs] told Akamai to redirect his domain to localhost and then he went dark.
Continue reading “Distributed Censorship or Extortion? The IoT vs Brian Krebs”
It wasn’t long ago that faced with a controller project, you might shop for something with just the right features and try to minimize the cost. These days, if you are just doing a one-off, it might be just as easy to throw commodity hardware at it. After all, a Raspberry Pi costs less than a nice meal and it is more powerful than a full PC would have been not long ago.
When [Joe Coburn] wanted to make a pan and tilt webcam he didn’t try to find a minimal configuration. He just threw a Raspberry Pi in for interfacing to the Internet and an Arduino in to control two RC servo motors. A zip tie holds the servos together and potentially the web cam, too.
You can see the result in the video below. It is a simple matter to set up the camera with the Pi, send some commands to the Arduino and hook up to the Internet.
Continue reading “Pan and Tilt with Dual Controllers”
Ever since the Roomba was invented, humanity has been one step closer to a Jetsons-style future with robots performing all of our tedious tasks for us. The platform is so ubiquitous and popular with the hardware hacking community that almost anything that could be put on a Roomba has been done already, with one major exception: a Roomba with heat vision. Thanks to [marcelvarallo], though, there’s now a Roomba with almost all of the capabilities of the Predator.
The Roomba isn’t just sporting an infrared camera, though. This Roomba comes fully equipped with a Raspberry Pi for wireless connectivity, audio in and out, video streaming from a webcam (and the FLiR infrared camera), and control over the motors. Everything is wired to the internal battery which allows for automatic recharging, but the impressive part of this build is that it’s all done in a non-destructive way so that the Roomba can be reverted back to a normal vacuum cleaner if the need arises.
If sweeping a just the right time the heat camera might be the key to the messy problem we discussed on Wednesday.
The only thing stopping this from hunting humans is the addition of some sort of weapons. Perhaps this sentry gun or maybe some exploding rope. And, if you don’t want your vacuum cleaner to turn into a weapon of mass destruction, maybe you could just turn yours into a DJ.
How often have you stood in the supermarket wondering about the inventory level in the fridge at home? [Mike] asked himself this question one time too often and so he decided to install a webcam in his fridge along with a Raspberry Pi and a light sensor to take a picture every time the fridge is opened — uploading it to a webserver for easy remote access.
Continue reading “There’s a Pi In Mike’s Fridge”
[Dann Albright] writes about some small experiments he’s done in home security.
He starts with the simplest. Which is to purchase an off the shelf web camera, and hook it up to software built to do the task. The first software he uses is the free, iSpy open source software. This adds basic features like motion detection, time stamping, logging, and an interface. He also explores other commercial options.
Next he delves a bit deeper. He starts by making a simple motion detector. When the Arduino detects motion using a PIR sensor it gets a computer to text an alert. After the tutorial begins to veer a little and he adds his WiFi light bulbs to the mix. Now he can send an email and change the color of the lights.
We suppose, that from a security standpoint. It would really freak a burglar out if all the lights turned red when they walked into a room. Either way, there’s definitely a fun weekend project in playing around with all these systems.
The Internet of Things is slowly turning into the world’s largest crappy robot, with devices seemingly designed to be insecure, all waiting to be rooted and exploited by anyone with the right know-how. The latest Internet-enabled device to fall is a Motorola Focus 73 outdoor security camera. It’s quite a good camera, save for the software. [Alex Farrant] and [Neil Biggs] found the software was exceptionally terrible and would allow anyone to take control of this camera and install new firmware.
The camera in question is the Motorola Focus 73 outdoor security camera. This camera connects to WiFi, features full pan, tilt, zoom controls, and feeds a live image and movement alerts to a server. Basically, it’s everything you need in a WiFi security camera. Setting up this camera is simple – just press the ‘pair’ button and the camera switches to host mode and sets up an open wireless network. The accompanying Hubble mobile app scans the network for the camera and prompts the user to connect to it. Once the app connects to the camera, the user is asked to select a WiFi connection to the Internet from a list. The app then sends the security key over the open network unencrypted. By this point, just about anyone can see the potential for an exploit here, and since this camera is usually installed outdoors – where anyone can reach it – evidence of idiocy abounds.
Once the camera is on the network, there are a few provisions for firmware upgrades. Usually, firmware upgrades are available by downloading from ‘private’ URLs and sent to the camera with a simple script that passes a URL directly into the shell as root. A few facepalms later, and [Alex] and [Neil] had root access to the camera. The root password was ‘123456’.
While there’s the beginnings of a good Internet of Camera in this product, the design choices for the software are downright stupid. In any event, if you’re looking for a network camera that you own – not a company with a few servers and a custom smartphone app – this would be near the top of the list. It’s a great beginning for some open source camera firmware.
Thanks [Mathieu] for the tip.
Life down on the farm isn’t easy, and a little technology can go a long way to making things easier for the farmer. It’ll be a while before any farmer can kick back on the beach and run his place from a smartphone, but that’s clearly the direction things are heading with this small farm automation project.
[Vince]’s livestock appears to consist of chickens and sheep at this point, and the fact that they share housing helped him to deploy some tech for both species. The chickens got an automated door that lets them out in the morning and shuts them in safely once they’ve returned to roost for the night – important protection against predators. The door is hoisted by a Somfy window-treatment motor, which seems a little on the overkill side to us; a thrift-store electric drill and a homebrew drum might have worked too. A Teensy with an RTC opens and closes the door according to sunrise and sunset times, and temperature and humidity sensors provide feedback on conditions inside the coop. The sheep benefit from a PTZ webcam to keep an eye on their mischief, and the whole thing is controlled by a custom web interface from [Vince]’s smartphone.
There’s just something about automating chicken coop doors that seems to inspire hackers; check out this nice self-locking design. As for [Vince]’s farm, it looks like his system has a lot of room for expansion – food and water status would be a great next step. We’re looking forward to seeing where he goes from here.