Amazon Ring: Neighbors Leaking Data On Neighbors

December 21, 2019 by 31 Comments

For a while now a series of stories have been circulating about Amazon’s Ring doorbell, an Internet-connected camera and entry system that lets users monitor and even interact with visitors and delivery people at their doors. The adverts feature improbable encounters with would-be crooks foiled by the IoT-equipped homeowner, but the stories reveal a much darker side. From reports of unhindered access by law enforcement to privately-held devices through mass releases of compromised Ring account details to attackers gaining access to children via compromised cameras, it’s fair to say that there’s much to be concerned about.

One cause for concern has been the location data exposed by the associated Amazon Neighbors crowd-sourced local crime paranoia app, and for those of us who don’t live and breathe information security there is an easy-to-understand Twitter breakdown of its vulnerabilities from [Elliot Alderson] that starts with the app itself and proceeds from there into compromising Ring accounts by finding their passwords. We find that supposedly anonymized information in the app sits atop an API response with full details, that there’s no defense against brute-forcing a Ring password, and that a tasty list of API and staging URLs is there for all to see embedded within the app. Given all that information, there’s little wonder that the system has proven to be so vulnerable.

As traditional appliance makers have struggled with bringing Internet connectivity into their products there have been a few stories of woeful security baked into millions of homes. A defense could be made that a company with roots outside the Internet can be forgiven for such a gaffe, but in the case of Amazon whose history has followed that of mass Web adoption and whose infrastructure lies behind so much of the services we trust, this level of lax security is unforgivable. Hackaday readers will be aware of the security issues behind so-called “smart” devices, but to the vast majority of customers they are simply technological wonders that are finally delivering a Jetsons-style future. If some good comes of these Ring stories it might be that those consumers finally begin to wake up to IoT security, and use their new-found knowledge to demand better.

Header image: Ring [CC BY-SA 4.0]

DTMF To Your Computer, With A Gamepad

December 21, 2019 by 21 Comments

Though many of us will never have experimented with it, most readers should be familiar with DTMF as the tones used by the telephone system for dialling. If your youth was not misspent mashing 4-4-2-6-4-6-2, 4-4-2-6-4-1 into a keypad, then you haven’t lived!

As you might expect there are a variety of chipsets to handle DTMF, and one of them has been used by [ackerman] in a slightly unusual way. Many desktop computers do not have a convenient array of GPIOs upon which to hang a piece of hardware, but a constant among them is to support some form of gaming controller. Hence he’s taken a commodity joypad and interfaced a MT8870 DTMF decoder to its switch lines with a simple transistor buffer, and is able to pull the resulting information out in the host operating system. So far there are versions for Windows, DOS, Amstrad CPC, Arduino, and even PSX ( the original PlayStation console ).

One might ask why on earth you might want a DTMF input for your desktop PC, but to do so is to miss the point. We are surrounded by computing devices from our mobile phones upwards that do not have any form of interface that can easily be used by our electronic projects, and this serves as an example of how with a bit of ingenuity that can be overcome. It’s a subject we’ve touched upon before, when we asked why people aren’t hacking their cellphones.

Autonomous Boat For Awesome Video Hyperlapses

December 21, 2019 by 7 Comments

With the ever-increasing capabilities of smart phones, action cameras, and hand-held gimbals, the battle for the best shots is intensifying daily on platforms like YouTube and Instagram. Hyperlapse sequences are one of the popular weapons in the armoury, and [Daniel Riley] aka [rctestflight] realised that his autonomous boat could be an awesome hyperlapse platform.

This is the third version of his autonomous boat, with version 1 suffering from seaweed assaults and version 2 almost sleeping with the fishes. The new version is a flat bottomed craft was built almost completely from pink insulation foam, making it stable and unsinkable. It uses the same electronics and air boat propulsion as version 2, with addition of a GoPro mounted in smart phone gimbal to film the hyper lapses. It has a tendency to push the bow into the water at full throttle, due to the high mounted motors, but was corrected by adding a foam bulge beneath the bow, at the cost of some efficiency.

Getting the gimbal settings tuned to create hyperlapses without panning jumps turned out to be the most difficult part. On calm water the boat is stable enough to fool the IMU into believing that it’s is not turning, so the gimbal controller uses the motor encoders to keep position, which don’t allow it to absorb all the small heading corrections the boat is constantly making. Things improved after turning off the encoder integration, but it would still occasionally bump against the edges of the dead band inside which the gimbal does not turn with the boat. In the end [Daniel] settled for slowly panning the gimbal to the left, while plotting a path with carefully calculated left turns to keep the boat itself out of the shot. While not perfect, the sequences still beautifully captured the night time scenery of Lake Union, Seattle. Getting it to this level cost many hours of midnight testing, since [Daniel] was doing his best to avoid other boat traffic, and we believe it paid off.

We look forward to his next videos, including an update on his solar plane. Continue reading “Autonomous Boat For Awesome Video Hyperlapses”

DIY Lawnmower Doesn’t Cut Grass Short

December 21, 2019 by 81 Comments

[nodemcu12ecanada] is serious about saving water, which is why they built this strange lawnmower that can cut grass taller.

Short lawns are one of those clever marketing victories, like convincing people to eat a lot of sugar, that’s been doing more harm than good ever since the victory was won. Short grass is weak grass, with shallow roots, weakness to weeds, and a lot of water requirement. On top of that the grass is always in a state of panic so it grows extra fast to get to a more “natural” height. It’s great if you want to sell fertilizer, seeds, and lawnmowers. Maybe not so great for the environment.

Most lawnmowers can’t even be set high enough for healthy grass so [nodemcu12ecanada] took three electric weed whackers and bolted them to an angle iron frame. It has a lot of advantages. It’s light. You don’t need to sharpen a blade. It’s quiet. It’s electric. It’s strange appearance will scare your neighbors off from borrowing any of your tools. We love it!

Hackaday Is Going To The 36th Chaos Communication Congress

December 20, 2019 by 8 Comments

It’s that time of year again here in Germany. The mulled wine flows all night long at the Christmas markets, the Krampus runs wild in the streets, and hackers are perched frantically behind their keyboards and soldering irons, trying to get their last minute projects “finished” for the 36th annual Chaos Communication Congress (36C3) in Leipzig.

We’ll have an assembly for all fans and friends of the Jolly Wrencher, so if you’re coming to Congress, you can come join us or at least stop by and say hi. [Elliot] and [Sven] and a number of Hackaday.io luminaries will be on hand. (Ask us about secret stickers and an as-yet unannounced upcoming Hackaday conference.)

Even if you’re not able to make it, you should keep your eyes on Hackaday from the 27th to the 30th, because we’ll be reporting on the best of Congress. But you don’t have to take our word for it: the Chaos Computer Club makes all of the talks available on livestream during the event, many with simultaneous translation, and final edited versions often appearing just a few hours afterwards.

We’ve looked through the schedule, and it’s going to be a hum-dinger! Gather ’round the glowing box with your friends at your own local hackerspace, or call in sick from work and make yourself some popcorn. This is must-see nerd TV.

Whether you’ve been naughty or nice, swing by our assembly if you’re going to be in Leipzig for the last few days of 2019. See you there!

Open Source $50 Water Turbine From Repurposed Parts

December 20, 2019 by 37 Comments

Easy access to reliable electrical power is something a lot of us take for granted, but in developing countries or after natural disaster, it can be a rare commodity. [Daniel Connelly] has been working hard to develop infrastructure people can build themselves, and his latest project is a 200 W water turbine (video after the break) that can be built for about $50.

The core of the system is a wheel and motor from a hoverboard. What looks like 110 mm PVC tubing is connected together in a U-shape that can be mounted over the wall of a man-made channel. The inlet side is shorter than the outlet, and the system must be filled with water to allow the flow to start, like a siphon. The first two versions had the impeller sitting on the end of the outlet tube. V1 used a scrap plastic radial impeller of unknown origin, and did not work at all. V2 had a 3D printed impeller that worked pretty well, but the rotation speed wasn’t high enough to produce the voltage that [Daniel] wanted.

V3 used a large computer fan that was mounted in the short horizontal piece of section of tubing at the top of the system. It worked spectacularly well, producing about 55 V AC over a single phase of the motor, which should hopefully end up producing about 90 V DC and 200-500 W after rectifying the 3-phase motor output. This only however indicative, we would really like to see it tested with different loads connected. The output will also be dependent on the flow rate and head pressure of a particular stream/channel/river, and [Daniel] admits that they had pretty much ideal conditions for their tests. If hoverboard motors are hard to come by, a motorcycle alternator should also work well.

[Daniel] is still working out the kinks of the system, but as with his other designs on OpenSourceLowTech he will release the full open source design and tutorials as soon as he is ready. We are looking forward to seeing the system implemented out in the wild. For off-grid power, home built and 3D printed wind generators are another popular topic around here, if you don’t have a handy channel nearby.

Continue reading “Open Source $50 Water Turbine From Repurposed Parts”

Tiny Bubbles In The Clock

December 20, 2019 by 9 Comments

When [DonHo] sang about tiny bubbles, he probably wasn’t thinking of them embedded in glycerine. But that’s where the bubbles in [ShinodaY]’s clock reside. The viscous fluid holds the bubbles better allowing the time to be read more easily. You can watch the relaxing display in the video below.

The theory of operation is simple and reminds us somehow of a reverse Tetris game. Solenoid valves at the base release air bubbles to form a row of the display. The bubbles rising makes room for the next row. The display has as many columns as there are air outlets at the bottom. Spacing the bubble pixels is as simple as adjusting the timing between air bubbles.

Continue reading “Tiny Bubbles In The Clock”