Author: Jack Laidlaw

57 Articles

Ask Hackaday: Why Did Modular Smart Phones Fail?

April 21, 2017 by 96 Comments

Remember all the talk about modular smart phones? They sounded amazing! instead of upgrading your phone you would just upgrade the parts a bit like a computer but more simplistic. Well it seems modular phones are dead (video, embedded below) even after a lot of major phone manufacturers were jumping on the bandwagon. Even Google got on-board with Google Ara which was subsequently cancelled. LG released the G5 but it didn’t fare too well. The Moto Z from Motorola seemed to suffer from the same lack of interest. The buzz was there when the concept of these modular phones was announced, and people were genuinely exited about the possibilities. What went wrong?

For a start people expect their phones to have everything on board already, whether it be cameras, GPS, WiFi, high-capacity batteries or high-resolution screens. Consumers expect these things to come as standard. Why would they go out and buy a module when other phones on the market already have these things?

Sure you could get some weird and wonderful modules like extra loud speakers or perhaps a projector, but the demand for these items was small. And because these extras are already available as separate accessories not locked down to one device, it was a non starter from the beginning.

When we did our user studies. What we found is that most users don’t care about modularizing the core functions. They expect them all to be there, to always work and to be consistent. — Lead engineer Project Ara

The hackability of these phones would have been interesting to say the least, had they come to the mainstream. It just seems the public want thin sleek aluminum phones that they treat more as a status symbol than anything else. Modular phones have to be more bulky to accommodate the power/data rails and magnets for the modules, so they’ll lose out in pocketability. Still, we hope the idea is revisited in the future and not left on the scrap-heap of obsolescence.

Would you buy a modular smart phone? Even if it is bigger or more expensive? Is that really why they failed?
Continue reading “Ask Hackaday: Why Did Modular Smart Phones Fail?”

IoT Security Is Hard: Here’s What You Need To Know

April 21, 2017 by 69 Comments

Security for anything you connect to the internet is important. Think of these devices as doorways. They either allow access to services or provides services for someone else. Doorways need to be secure — you wouldn’t leave your door unlocked if you lived in the bad part of a busy city, would you? Every internet connection is the bad part of a busy city. The thing is, building hardware that is connected to the internet is the new hotness these days. So let’s walk through the basics you need to know to start thinking security with your projects.

If you have ever run a server and checked your logs you have probably noticed that there is a lot of automated traffic trying to gain access to your server on a nearly constant basis. An insecure device on a network doesn’t just compromise itself, it presents a risk to all other networked devices too.

The easiest way to secure a device is to turn it off, but lets presume you want it on. There are many things you can do to protect your IoT device. It may seem daunting to begin with but as you start becoming more security conscious things begin to click together a bit like a jigsaw and it becomes a lot easier.

Continue reading “IoT Security Is Hard: Here’s What You Need To Know”

Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

April 20, 2017 by 37 Comments

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.

This is quite disturbing, What if someone left a tea towel on the hob or some other flammable material before leaving for work, only to come back to a pile of ashes?  This is a six-gazillion BTU stove and oven, after all. It just seems the more connected we are in this digital age the more we end up vulnerable to attacks, companies seem too busy trying to push their products out the door to do simple security checks.

Before disclosing the vulnerability, [Pen Test Partners] tried to contact AGA through Twitter and ended up being blocked. They phoned around trying to get in contact with someone who even knew what IoT or security meant. This took some time but finally they managed to get through to someone from the technical support. Hopefully AGA will roll out some updates soon. The company’s reluctance to do something about this security issue does highlight how sometimes disclosure may not be enough.

[Via Pen Test Partners]

Prisoners Build DIY Computers And Hack Prison Network

April 17, 2017 by 80 Comments

The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.

This Ethernet router was located in a training room in the prison. Physical access is everything in computer security.

Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:

The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”

The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.

This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.

A Touchscreen From 1982, That Could Kill With A Single Finger Press

April 17, 2017 by 73 Comments

Over the pond here in the UK we used to have a TV show called Tomorrow’s World, It was on once a week showing all the tech we would have been using in 10 years time (or so they said). In 1982 they ran with a story about a touch screen computer. Perhaps not what you would recognize today as a touchscreen but given the date and limited technology someone had come up with a novel idea for a touchscreen that worked sort of.

It was a normal CRT screen but around the edges where photodiodes pointing inwards as if to make an invisible infrared touch interface just half an inch in front of the screen. Quite impressive technology giving the times. As they go through the video showing us how it works a more sinister use of this new-fangled touch screen computer rears its ugly head, They turned it into a pretty cool remote-controlled gun turret complete with a motorized horizontal and vertical axis upon which an air pistol was placed along with a camera. You could see an image back from the camera on the screen, move the gun around to aim the weapon, then with a single finger press on the screen, your target has been hit.

Continue reading “A Touchscreen From 1982, That Could Kill With A Single Finger Press”

KFC Winged Aircraft Actually Flies

April 14, 2017 by 41 Comments

[PeterSripol] has made an RC model airplane but instead of using normal wings he decided to try getting it to fly  using some KFC chicken buckets instead. Two KFC buckets in the place of wings were attached to a motor which spins the buckets up to speed. With a little help from the Magnus effect this creates lift.

Many different configurations were tried to get this contraption off the ground. They eventually settled on a dual prop setup, each spinning counter to each other for forward momentum. This helped to negate the gyroscopic effect of the spinning buckets producing the lift. After many failed build-then-fly attempts they finally got it in the air. It works, albeit not to well, but it did fly and was controllable. Perhaps with a few more adjustments and a bit of trial and error someone could build a really unique RC plane using this concept.

Continue reading “KFC Winged Aircraft Actually Flies”

Dual SIM Hack For Single SIM Slot Phones.

April 14, 2017 by 67 Comments

[RoyTecTips] shows us an ingenious hack which turns a single-SIM-slot phone into a fully functioning dual-SIM phone. All that’s needed for this hack is a heat-gun, solvent, micro SD card, nano SIM and some glue. The trick is that the phone has a SIM reader on the backside of an SD-card slot. Through some detailed dissection and reconstruction work, you can piggy-back the SIM on the SD card and have them both work at the same time.

Making the SD/SIM Franken-card is no picnic. First you start by filing away the raised bottom edge of the micro SD card and file down the side until the writing is no longer visible. Next get a heat gun and blast your nano SIM card until the plastic melts away. Then mark where the SIM card’s brains go and glue it on. Turn the phone on then, hey presto, you now have a dual SIM phone while keeping your SD storage.

This hack is reported to work on many Samsung phones that end in “7” and some that end in “5”, along with some 8-series phones from Huawei and Oppo clones of the Samsungs. Since you’re only modifying the SIM card, it’s a fairly low-risk hack for a phone. Combining two cards into one is certainly a neat trick, almost as neat as shoe-horning a microcontroller into an SD card. We wonder how long it will be before we see commercial dual SIM/SD cards on the market.

[Update] I got a little confused on this one as we only have the single sim variants of these phones where I live. this hack is for dual sim phones that either accept 2 sim cards or 1 sim + 1 SD card. This hack solves this problem and allows 2 sims plus 1 SD card in these phones. Sorry for the confusion and thanks to all who pointed this out in the comments.

Continue reading “Dual SIM Hack For Single SIM Slot Phones.”