Depending on your taste for social interaction and tolerance for distraction, an open floor plan or “bullpen” office might not be so bad with a total of four people. Hackaday.io user [fiddlythings] likes it, but people often stop by to see him or one of his coworkers only to find them busy or absent. While their status is something they could plainly see in Microsoft Communicator from their own desk, some people like to chat in person or stop by on their way to and from meetings.
In order to save these visitors a few seconds, [fiddlythings] came up with an IM status indicator using their existing nameplates outside the door. Each of their names has a little silver dot by it which he backlit with a flattish RGB LED. These LEDs are driven by a Raspberry Pi and NPN transistors through a ribbon cable.
The plan was to imitate the Communicator status colors of green for available, red for busy, and yellow for away. [fiddlythings] dialed up a lovely shade of amber for away using a mix of red and green. Since he really only needs two colors, he’s using eight NPN transistors instead of twelve. The quick ‘n dirty proof of concept version used Python and a Pidgin IM console client called Finch. Once he got IT’s blessing, he implemented the final version in C++ using Libpurple to interface with Communicator.
This isn’t the first time we’ve seen a Pi used to indicate status—remember this mobile hackerspace indicator?
[Ge0rg] got himself a fancy new Samsung NX300 mirrorless camera. Many of us would just take some pretty pictures, but not [Ge0rg], he wanted to see what made his camera tick. Instead of busting out the screwdrivers, he started by testing his camera’s security features.
The NX300 is sold as a “smart camera” with NFC and WiFi connectivity. The NFC connectivity turns out to be just an NXP NTAG203 tag embedded somewhere in the camera. This is similar to the NFC tags we gave away at The Gathering in LA. The tag is designed to launch an android app on a well equipped smartphone. The tag can be write-locked, but Samsung didn’t set the lock bit. This means you can reprogram and permanently lock the tag as a link to your favorite website.
[Ge0rg] moved on to the main event, the NX300’s WiFi interface. A port scan revealed the camera is running an unprotected X server and Enlightenment. Let that sink in for a second. The open X server means that an attacker can spoof keystrokes, push images, and point applications to the camera’s screen.
In a second blog post, [Ge0rg] tackled attaining root access on the camera. Based on the information he had already uncovered, [Ge0rg] knew the camera was running Linux. Visiting Samsung’s open source software center to download the open source portions of the NX300 confirmed that. After quite a bit of digging and several red herrings, [Ge0rg] found what he was looking for. The camera would always attempt to run an autoexec.sh from the SD Card’s root folder at boot. [Ge0rg] gave the camera the script it was looking for, and populated it with commands to run BusyBox’s telnet daemon. That’s all it took – root shell access was his.
[Image via Wikimedia Commons/Danrok]