Author: Pedro Umbelino

77 Articles

IoT-ify All Things: LG Has Gone Overboard

January 9, 2017 by 133 Comments

If you been following Hackaday lately, you’ve surely noticed an increased number of articles about IoT-ifying stuff. It’s a cool project to take something old (or new) and improve its connectivity, usually via WiFi, making it part of the Internet of Things. Several easy to use modules, in particular the ESP8266, are making a huge contribution to this trend. It’s satisfactory to see our homes with an ESP8266 in every light switch and outlet or to control our old stereo with our iPhone. It gives us a warm fuzzy feeling. And that’s completely fine for one’s personal projects.

But what happens when this becomes mainstream? When literally all our appliances are ‘connected’ in the near future? The implications might be a lot harder to predict than expected. The near future, it seems, starts now.

This year, at CES, LG Electronics (LG) has introduced Smart InstaView™, a refrigerator that’s powered by webOS smart platform and integrated with Amazon’s Alexa Voice Service.

… with webOS, consumers can also explore a host of WiFi-enabled features directly on the refrigerator, creating a streamlined and powerful food management system all housed directly on the front of the fridge door. Amazon’s Alexa Voice Service gives users access to an intelligent personal assistant that, in addition to searching recipes, can play music, place Prime-eligible orders from Amazon.com…

This is ‘just’ a fridge. There are other WiFi-enabled appliances by now, so what?  Apparently, during the LG press conference last Wednesday, the company marketing VP David VanderWaal said that from 2017 on, all of LG’s home appliances will feature “advanced Wi-Fi connectivity”.

Notice the word advanced, we wonder what that means? Will ‘advanced’ mean complicated? Mesh? Secure? Intelligent? Will our toaster finally break the Internet and ruin it for everyone by the end of the year? Will the other big players in the home appliances market jump in the WiFi wagon? We bet the answer is yes.

Here be dragons.

[via Ars Technica]

ESP-ing A Philips Sound System.

January 5, 2017 by 42 Comments

IoT-ifying old stuff is cool. Or even new, offline stuff. It seems to be a trend. And it’s sexy. Yes, it is. Why are people doing this, you may ask: we say why not? Why shouldn’t a toaster be on the IoT? Or a drill press? Or a radio? Yes, a radio.

[Dr. Wummi] just added another device to the IoT, the Internet of Thongs as he calls it. It’s a Philips MCM205 Micro Sound System radio. He wanted to automate his radio but his original idea of building a setup with an infrared LED to remotely control it failed. He blamed it to “some funky IR voodoo”.  So he decided to go for an ESP8266 based solution with a NodeMCU. ESP8266 IR remotes have been known to work before but maybe those were just not voodoo grade.

After opening the radio up, he quickly found that the actual AM/FM Radio was a separate module. The manufacturer was kind enough to leave the pins nicely labelled on the mainboard. Pins labelled SCL/SDA hinted that AM/FM module spoke I²C. He tapped in the protocol via Bus Pirate and it was clear that the radio had an EEPROM somewhere on the main PCB. A search revealed a 24C02 IC in the board, which is a 2K I²C EEPROM. So far so good but there were other functionalities left to control, like volume or CD playing. For that, he planned to tap into the front push button knob. The push button had different resistors and were wired in series so they generated different voltages at the main board radio ADC Pins. He tried to PWM with the NodeMCU to simulate this but it just didn’t work.

Continue reading “ESP-ing A Philips Sound System.”

The Cyborg Artist – Tattoo Machine Arm Prosthesis

January 4, 2017 by 13 Comments

[JC Sheitan Tenet] lost his right arm when he was 10 years old. As most of us, he was right-handed, so the challenges he had to face by not having an arm become even harder.

Have you ever tried to perform mundane tasks with your non-dominant hand? If you’re right-handed, have you ever tried to feed yourself with your left? Or if you’re left-handed, how well can you write with your right? For some people, using both hands comes naturally, but if you’re anything like me, your non-dominant hand is just about useless.

The thing is, he wanted to be a tattoo artist. And he wasn’t giving up. Even facing the added difficulty of not finding a tattoo artist that wanted to take him as an apprentice, he did not gave up. So he became a tattoo artist, using only his left arm. That is, until some months ago, when he met [Jean-Louis Gonzal], a bio-mechanical artist with an engineer background, at a tattoo convention. After seeing [Gonzal] work, he just asked if it was possible to modify a prosthesis and attach a tattoo machine to it.

The Cyborg Artist is born. The tattoo machine in the prosthesis can move 360 degrees for a wide range of movements. [JC Sheitan Tenet] uses it to help with colours, shadows and abstract forms in general. It’s a bad-ass steam punk prosthesis and it’s not just for show, he actually works with it (although not exclusively) . This, it seems, is only the beginning, since the first version of prototype worked so well, the second version is already being planned by [JC] and [Gonzal]. We can’t wait to see what they’ll come up with, maybe a mix between current version and a tattoo robotic arm or a brain controlled needle?

Check it out in the video:

Continue reading “The Cyborg Artist – Tattoo Machine Arm Prosthesis”

RooBee One, An Open-source SLA/DLP 3D Printer

January 1, 2017 by 24 Comments

[Aldric Negrier] is no stranger to the 3D printing world. Having built a few already, he designed and built an SLA/DLP 3D printer, named RooBee One, sharing the plans on Instructables. He also published tons of other stuff, like a 3D Printed Syringe Pump Rack and a 3D Scanning Rig And DIY Turntable. It’s really worth while going through his whole Instructables repository.

This open-source 3D printer was inspired by the Cristelia – SLA/LCD 3d printer and the Vulcanus MAX 3D printer (that he designed). RooBee One has an aluminium frame and an adjustable print area of 80x60x200 mm, with up to 150x105x200mm build volume using an ACER DLP projector. In addition, a fan on top of the printer was added to extract the toxic vapours outside and away from the printer operator. The electronics are based on the Arduino MEGA with the RAMPS 1.4 shield and one NEMA 17 stepper motor. As for the Arduino Mega firmware, [Aldric] choose to use Repetier, which he usually uses in his other printers.

The SLA resin he used is the Standard Blend Resin from Fun to Do Resins. These resins tend to release toxic airborne particles, so extra care should be taken to ventilate the area while printing and also do a proper cleaning afterwards.

You can get a glimpse of the printer making a small gear come to life in the following video:

Continue reading “RooBee One, An Open-source SLA/DLP 3D Printer”

Santa Knows If Your Contact Form Uses PHPMailer < 5.2.18

December 25, 2016 by 18 Comments

PHPMailer, one of the most used classes for sending emails from within PHP, has a serious vulnerability in versions less than 5.2.18 (current version). The security researcher [Dawid Golunski] just published a limited advisory stating that PHPMailer suffers from a critical flaw that might lead an attacker to achieve remote code execution in the context of the web server user. PHPMailer is used by several open-source projects, among them are: WordPress, Drupal, 1CRM, SugarCRM, Yii and Joomla. A fix has been issued and PHPMailer is urging all users to upgrade their systems.

To trigger this vulnerability (CVE-2016-10033) it seems that the attacker only has to make the web application send out an email using the vulnerable PHPMailer class. Depending on the application itself, this can be accomplished in different ways, such as contact/feedback forms, registration forms, password email resets and so on.

Upon a quick diff analysis, we found that the vulnerable code seems to lie in the following lines of the class.phpmailer.php:

Continue reading “Santa Knows If Your Contact Form Uses PHPMailer < 5.2.18”

IKEA Table 3D Printer

December 22, 2016 by 43 Comments

In this Instructable, [Wayne Mason-Drust] shares the step by step guide on how to make a cool, good-looking, 3D printer based on the Ikea LACK table. From an Ikea lantern weather station to a fully printed CNC based on an Ikea table, it’s almost safe to say that a 3D printer Ikea hack was overdue.

The idea to use a Ikea table as a base for a 3D printer first came to [Wayne] as he used this table to support other 3D printer he had working in his business. He realized that, even after five years of use, the table showed no signs of wear or distortion. So he decided to start to work on a 3D printer based on this precise table, the one that used to hold the printer.

[Wayne] stacked two together and named it Printtable (pun intended?). This open source, cartesian rep-rap 3D printer looks pretty slick. With a build area of 340mm X 320mm and 300mm on the Z axis and a price tag for the parts starting as low as $395, seems like a pretty decent 3D printer. With some work sourcing the parts, maybe it can be even lower.

Or we can just wait until Ikea starts selling them.

Continue reading “IKEA Table 3D Printer”

Reliably Exploiting Apport In Ubuntu

December 16, 2016 by 17 Comments

[Donncha O’Cearbhaill] has successfully exploited two flaws in Apport, the crash report mechanism in Ubuntu. Apport is installed by default in all Ubuntu Desktop installations >= 12.10 (Quantal). Inspired by [Chris Evan] work on exploiting 6502 processor opcodes on the NES, [Donncha] describes the whole process of finding and exploiting a 0-day on a modern linux system.

One of the flaws, tracked as CVE-2016-9949, relies on a python code injection in the crash file. Apport blindly uses the python eval() function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution. The other flaw, tracked as CVE-2016-9950, takes advantage of a path traversal attack and the execution of arbitrary Python scripts outside the system hook_dirs. The problem arises when another field (Package) from the crash report file is used without sanitizing when building a path to the package hook files.

CVE-2016-9949 is easily exploitable, if an attacker can trick a user into opening a specially crafted file (apport .crash file), the attacker can execute the python code of his/her choice. Two details make it a very interesting exploit.

The first thing to note is the exploit’s reliability. Given that it is pure python code execution, an attacker doesn’t have to worry about ASLR, Non-Exec Memory, Stack Canaries and other security features that Ubuntu ships by default. As the author notes:

“There are lots of bugs out there which don’t need hardcore memory corruption exploitation skills. Logic bugs can be much more reliable than any ROP chain.”

Another interesting detail is that the exploit file doesn’t need to have the .crash extension, as long as its content starts with the string “ProblemType: ” and the file extension is not associated already with other software, Ubuntu considers it being of mime-type type=”text/x-apport” (for example, .ZlP or .0DF). This significantly improves the chances of an unsuspecting user being fooled into open the file.

Continue reading “Reliably Exploiting Apport In Ubuntu”