Botnet Recall Of Things

October 26, 2016 by Elliot Williams 33 Comments

After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.

Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to ~~300 million~~ 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)

Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.

Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)

Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.

Via threatpost.

Dual-boot Your Arduino

October 25, 2016 by Elliot Williams 28 Comments

There was a time, not so long ago, when all the cool kids were dual-booting their computers: one side running Linux for hacking and another running Windows for gaming. We know, we were there. But why the heck would you ever want to dual-boot an Arduino? We’re still scratching our heads about the application, but we know a cool hack when we see one; [Vinod] soldered the tiny surface-mount EEPROM on top of the already small AVR chip! (Check the video below.)

Aside from tiny-soldering skills, [Vinod] wrote his own custom bootloader for the AVR-based Arduino. With just enough memory to back up the AVR’s flash, the bootloader can shuffle the existing program out to the EEPROM while flashing the new program in. For more details, read the source.

While you might think that writing a bootloader is deep juju (it can be), [Vinod]’s simple bootloader application is written in C, using a style that should be familiar to anyone who has done work with an Arduino. It could certainly be optimized for size, but probably not for readability (and tweakability).

Why would you ever want to dual boot an Arduino? Maybe to be able to run testing and stable code on the same device? You could do the same thing over WiFi with an ESP8266. But maybe you don’t have WiFi available? Whatever, we like the hack and ‘because you can’ is a good enough excuse for us. If you do have a use in mind, post up in the comments!

Continue reading “Dual-boot Your Arduino” →

Internet Doorbell Gone Full-Hipster

October 24, 2016 by Elliot Williams 9 Comments

There are things and there are Things. Hooking up an Internet-connected doorbell that “rings” a piezo buzzer or sends a text message is OK, but it’s not classy. In all of the Internet-of-Things hubbub, too much attention is paid to the “Internet”, which is actually the easy part, and too little attention is paid to the “Things”.

[Moris Metz] is a hacker in Berlin who has a bi-weekly national radio spot. (Only in Germany!) This week, he connected the ubiquitous ESP8266 to a nice old (physical) bell for his broadcast over the weekend. (i”Translated” here.) Check out the video teaser embedded below.

Continue reading “Internet Doorbell Gone Full-Hipster” →

Raspberry Pi Zero As A USB Stick

October 24, 2016 by Elliot Williams 38 Comments

The Raspberry Pi Zero is small enough that it could almost be mistaken for a USB gadget, rather than a standalone computer. Maybe that was the inspiration that drove [Novaspirit] to completely “donglify” his Zero.

This is a great convenience hack if you’ve got a Zero just kicking around. With minimal soldering, he converted the Zero’s onboard female USB jacks into a male USB plug. From there on out, it’s all software, and the video (embedded below) takes you through all the steps on Windows.

Continue reading “Raspberry Pi Zero As A USB Stick” →

OpenFixture Takes The Pain Out Of Pogo Pins

October 23, 2016 by Elliot Williams 6 Comments

[Elliot] (no relation, but hey, cool name!) wrote in with his OpenFixture model for OpenSCAD. It’s awesome because it takes a small problem, that nonetheless could consume an entire day, and solves it neatly. And that problem is making jigs to test assembled electrical products: a PCB test fixture.

In the PCB design software, you simply note down the locations of the test points and feed these into the OpenSCAD model. ([Elliot] shows you exactly how to do it using KiCAD.) There are a few more parameters of the model that you can tweak to match your particulars, but you should have a DXF outline for a test jig in short order. Cut that out, assemble, and test.

If you have to make more than a few handfuls of a complicated circuit, it becomes worth it to start thinking about testing them systematically. And with this OpenSCAD model, you can have the test jig up and running before the first prototype boards are back in from the fab. How cool is that?

Amalgamate Is The Internet Of Compost

October 23, 2016 by Elliot Williams 3 Comments

A lot of people are scared of composting. After all, if the temperatures or humidity go badly wrong, you can end up with dried-out trash or a stinking soup. Getting the balance right is a secret known to the ancients: toss it in a big pile in your backyard. But what if you don’t have a big backyard?

Amalgamate is a composting setup for the urban dweller, or for people who just don’t like bugs. [Jamie] built it as her first Raspberry Pi project, and that makes it a great entrée into the world of things. But it’s no lightweight: the software measures temperature and humidity, and lets you schedule watering and rotating the compost. And of course, if you’re a micromanager, you can get up-to-the-minute vitals on your cellphone and tweak everything to run just perfectly. Continue reading “Amalgamate Is The Internet Of Compost” →

How To Make A Human Crossbow

October 23, 2016 by Elliot Williams 10 Comments

Say you have a team of French engineers, a lake in the summer, a wizened old machinist, and some gigantic bungee cords. What would you build? The answer is clear, a human-launching crossbow. (Video, and making-of embedded below.)

You can start out watching the promo video because it looks like a lot of fun, but don’t leave without watching the engineering video. What looks like a redneck contraption turns out to be painstakingly built, and probably not entirely a death trap. The [Rad Cow] team even went so far as to purchase metal cart wheels.

Everyone else on the Intertubes would tell you not to do this at home. We say go for it. That is, draw up reasonable plans, work with an obviously competent machinist, and make something silly. It’s not going to be more dangerous than the stuff that [Furze] pulls off.

Continue reading “How To Make A Human Crossbow” →