An ultrasonic beacon is an inaudible sound with encoded data that can be used by a listening device to receive information on just about anything. Beacons can be used, for example, inside a shop to highlight a particular promotion or on a museum for guided tours where the ultrasonic beacons can encode the location. Or they can be used to track people consumers. Imagine if Google find outs… oh, wait… they already did, some years ago. As with almost any technology, it can be used to ‘do no harm’ or to serve other purposes.
Researchers from the Technische Universitat Braunschweig in Germany presented a paper about Ultrasonic Side Channels on Mobile Devices and how can they be abused in a variety of scenarios , ranging from simple consumer tracking to deanonymization. These types of ultrasonic beacons work in the 18 kHz – 20 kHz range, which the human being doesn’t have the ability to hear, unless you are under twenty years old, due to presbycusis. Yes, presbycusis. This frequency range can played via almost any speaker and can be picked up easily by most mobile device microphones, so no special hardware is needed. Speakers and mics are almost ubiquitous nowadays, so there is a real appeal to the technology.
Everything is online these days creating the perfect storm for cyber shenanigans. Sadly, even industrial robotic equipment is easily compromised because of our ever increasingly connected world. A new report by Trend Micro shows a set of attacks on robot arms and other industrial automation hardware.
This may not seem like a big deal but image a scenario where an attacker intentionally builds invisible defects into thousands of cars without the manufacturer even knowing. Just about everything in a car these days is built using robotic arms. The Chassis could be built too weak, the engine could be built with weaknesses that will fail far before the expected lifespan. Even your brake disks could have manufacturing defects introduced by a computer hacker causing them to shatter under heavy braking. The Forward-looking Threat Research (FTR) team decided to check the feasibility of such attacks and what they found was shocking. Tests were performed in a laboratory with a real in work robot. They managed to come up with five different attack methods.
Attack 1: Altering the Controller’s Parameters
The attacker alters the control system so the robot moves unexpectedly or inaccurately, at the attacker’s will.
Attack 2: Tampering with Calibration Parameters
The attacker changes the calibration to make the robot move unexpectedly or inaccurately, at the attacker’s will.
Why are these robots even connected? As automated factories become more complex it becomes a much larger task to maintain all of the systems. The industry is moving toward more connectivity to monitor the performance of all machines on the factory floor, tracking their service lifetime and alerting when preventive maintenance is necessary. This sounds great for its intended use, but as with all connected devices there are vulnerabilities introduced because of this connectivity. This becomes especially concerning when you consider the reality that often equipment that goes into service simply doesn’t get crucial security updates for any number of reasons (ignorance, constant use, etc.).
For the rest of the attack vectors and more detailed info you should refer to the report (PDF) which is quite an interesting read. The video below also shows insight into how these type of attacks might affect the manufacturing process.
There are some universal human experiences we don’t talk about much, at least not in public. One of them you’ll have in your own house, and such is our reluctance to talk about it, we’ve surrounded it in a fog of euphemisms and slang words. Your toilet, lavatory, john, dunny, khazi, bog, or whatever you call it, is part of your everyday life.
The parts list reveals that the foam is generated by a fish tank aerator, triggered by a relay which is driven by an Arduino Uno through a power transistor. A solenoid valve controls the flow, and a lot of vinyl tubing hooks it all together. There is an HC/06 Bluetooth module with an app to control the device from a phone, though while he’s posted some Arduino code there is no link to the app. There are several pictures, including a cheeky placement of a Jolly Wrencher, and a shot of what we can only surmise is a text, as foam overflows all over the bathroom. And he’s put up the video we’ve placed below the break, for a humorous demonstration of the device in action.
You’ll all remember my grand adventure in acquiring a photocopier. Well, it’s been a rollercoaster, I tell ya. While I still haven’t found a modification worthy enough to attempt, I have become increasingly frustrated. From time to time, I like to invite my friends and family over for dinner, and conversation naturally turns to things like the art on the walls, the fish in the aquarium, or perhaps the photocopier in the living room. Now, I dearly love to share my passions with others, so it’s pretty darned disappointing when I go to fire off a few copies only to have the machine fail to boot! It was time to tackle this problem once and for all.
When powered up, the photocopier would sit at a “Please Wait…” screen for a very long time, before eventually coughing up an error code — SC990 — and an instruction to call for service. A bunch of other messages would flash up as well; Address Book Data Error, Hard Drive Data Error, and so on. In the end I realized they all centered around data storage.
Pictured: the author, in his happy place, at peace with the copier.
Now, I’d already tried diving into the service menu once before, and selected the option to format the hard drive. That had led to the problem disappearing for a short period, but now it was back. No amount of mashing away at the keypad would work this time. The format commands simply returned “Failed” every time. What to do next? You guessed it, it was time for a teardown!
Thankfully, photocopiers are designed for easy servicing — someone’s paying for all those service calls. A few screws and large panels were simply popping off with ease; completely the opposite of working on cars. Spotting the hard drive was easy, it looked like some sort of laptop IDE unit. With only SATA laptops around the house to salvage parts from, I wasn’t able to come up with something to swap in.
A bit of research (and reading the label) taught me that the drive was a Toshiba MK2023GAS/HDD2187. Replacements were available on eBay, but if I waited two weeks I’d probably be wrist deep in some other abandoned equipment. It had to be sorted on the night. In the words of [AvE], if you can’t fix it… well, you know how it goes. I yanked the drive and, lo and behold – the copier booted straight up! Just to be sure I wasn’t hallucinating, I churned out a few copies, and other than the continued jamming on all-black pages, everything was fine. Literally all it took to get the copier to boot was to remove the ailing drive. Suffice to say, I was kind of dumbfounded.
The hard drive a.k.a. the villain of the piece.
I’m happy to chalk up the win, but I have to draw issue with Ricoh’s design here. The copier is clearly capable of operating perfectly well without a hard drive. It will give up its document server and address book abilities, but it will still make copies and print without a problem.
Yet, when the copier’s drive fails, the unit fails completely and refuses to work. This necessitates a service call for the average user to get anything at all happening again — causing much lost work and productivity. A better design in my eyes would have the copier notify users of the lost functionality due to the failed drive and the need to call service, but let them copy! Any IT administrator will know the value of a bodged work around that keeps the company limping along for the day versus having a room of forty agitated workers with nothing to do. It’s a shame Ricoh chose to have the photocopier shut down completely rather than valiantly fight on.
Feel free to chime in with your own stories of minor failures that caused total shutdowns in the comments. Video below the break.
When Amazon released the API to their voice service Alexa, they basically forced any serious players in this domain to bring their offerings out into the hacker/maker market as well. Now Google and Raspberry Pi have come together to bring us ‘Artificial Intelligence Yourself’ or AIY.
A free hardware kit made by Google was distributed with Issue 57 of the MagPi Magazine which is targeted at makers and hobbyists which you can see in the video after the break. The kit contains a Raspberry Pi Voice Hat, a microphone board, a speaker and a number of small bits to mount the kit on a Raspberry Pi 3. Putting all of it together and following the instruction on the official site gets you a Google Voice Interaction Kit with a bunch of IOs just screaming to be put to good use.
The source code for the python app can be downloaded from GitHub and consists of a loop that awaits a trigger. This trigger can be a press of a button or a clap near the microphones. When a trigger is detected, the recorder function takes over sending the stream to the Google Cloud. Speech-to-Text conversion happens there and the result is returned via a Text-To-Speech engine that helps the system talk back. The repository suggests that the official Voice Kit SD Image (893 MB download) is based on Raspbian so don’t go reflashing a memory card right away, you should be able to add this to an existing install.
Everywhere we look in our everyday lives, from our bench to our bedroom, there are the ubiquitous electrical cords of mains-powered appliances. We don’t give our electrical devices a second thought, but in addition to their primary purpose they all perform the function of keeping us safe from the dangerous mains voltages delivered from our wall sockets.
Of course, we’ve all had appliances that have become damaged. How often have you seen a plug held together with electrical tape, or a cord with some of its outer sheath missing? It’s something that we shouldn’t do, but it’s likely many readers are guiltily shuffling a particular piece of equipment out of the way at the moment.
In most countries there are electrical regulations which impose some level of electrical safety on commercial premises. Under those regulations, all appliances must be regularly tested, and any appliances that fail the tests must be either repaired or taken out of service
In the United Kingdom,where this piece is being written, the law in question is the Electricity At Work Regulations 1989, which specifies the maintenance of electrical safety and that there should be evidence of regular maintenance of electrical appliances. It doesn’t specify how this should be done, but the way this is usually achieved is by a set of electrical tests whose official name: “In-service Inspection & Testing of Electrical Equipment”, isn’t very catchy. Thus “Portable Appliance Testing”, or PAT, is how the process is usually referred to. Join me after the break for an overview of the PAT system.
[Niko1499] had a plan. He’d built a cool hardware controller for the game Kerbal Space Program (KSP). He got a lot of positive reaction to it and decided to form a company to produce them. As many people have found out, though, that’s easier said than done, and the planned company fell short of its goals. However, [Niko1499] has taken his controller and documented a lot about its construction, including some of the process he used to get there.
If you haven’t run into it before, KSP is sort of half simulator, half game. You take command of an alien space program and develop it, plan and execute missions, and so on. The physics simulation is quite realistic, and the game has a large following.
When we first saw the photos, we thought it was an old Heathkit trainer, and–indeed–the case is from an old Heathkit. However, the panel is laser cut, and the software is Arduino-based. [Niko1499] covers a few different methods of letting the Arduino control the game by emulating a joystick, a keyboard, or by using some software to take serial data and use it to control the game.
