Hackaday Prize Entry: An Internet Doorbell

July 5, 2017 by 29 Comments

The Internet of Things will kill us all and is the worst idea anyone has ever had. However, just because something could be labeled an ‘Internet of Things thing’ doesn’t mean it’s a bad idea. The Hackaday Prize’s Internet of Useful Things challenge was all about finding the Internet of Useful things, and one of these projects is so simple yet so elegant, we’re surprised no one has thought of it yet.

[David]’s entry to the Hackaday Prize is effectively an Internet of Things doorbell. You might think an IoT doorbell would just consist of a device sending push notifications to your phone. That’s part of the project, but it gets so much better.

The brilliant part of this build boils down to a simple relay. On command, [David] can turn his doorbell off. This means no ringing doorbell interrupting meals or naps. By sending a command to the ESP32 in this little device, [David] can enable or disable his doorbell. Of course, this doorbell also sends push notifications to his phone, so if the UPS guy throws a package at his front door and manages to hit the doorbell, [David] will still hear it even if he’s upstairs, in the garage, or in the backyard.

This is the simplest and most brilliant Internet of Things device ever created. It solves an obvious problem with surprisingly little hardware. The only data this device collects is the state of a doorbell, and even if this device was completely hacked by balaclava-wearing hackers, they still can’t F5 the doorbell. This is the best the Internet of Things has to offer, and we’re proud to have the Internet of Doorbells make it to the finals of the Hackaday Prize.

The HackadayPrize2017 is Sponsored by:

CastAR Shuts Doors

June 27, 2017 by 100 Comments

Polygon reports CastAR is no more.

CastAR is the brainchild of renaissance woman [Jeri Ellsworth], who was hired by Valve to work on what would eventually become SteamVR. Valve let [Jeri] go, but allowed her to take her invention with her. [Jeri] founded a new company, Technical Illusions, with [Rick Johnson] and over the past few years the CastAR has appeared everywhere from Maker Faires to venues better focused towards innovative technologies.

In 2013, Technical Illusions got its start with a hugely successful Kickstarter, netting just north of one million dollars. This success drew the attention of investors and eventually led to a funding round of $15 million. With this success, Technical Illusions decided to refund the backers of its Kickstarter.

We’ve taken a look a CastAR in the past, and it’s something you can only experience first-hand. Unlike the Oculus, Google Cardboard, or any of the other VR plays companies are coming out with, CastAR is an augmented reality system that puts computer-generated objects in a real, physical setting. Any comparison between CastAR and a VR system is incomplete; these are entirely different systems with entirely different use cases. Think of it as the ultimate table top game, or the coolest D&D game you could possibly imagine.

Flooded house

Honey, When Did We Get An Indoor Pool?

May 1, 2017 by 47 Comments

Is it too much to ask for a home to have a little ‘smart’ built-in? If you’ve ever woken up (or come home) to your dwelling being flooded, you’ll know how terrible it feels, how long it can take to recover from, and how stressful it can be. Yeah, it’s happened to us before, so we really feel for [David Schneider]. He woke up one Sunday morning to a whole lot of water in his house. The inlet valve for his washing machine somehow got stuck in the open position after putting a load of laundry in the previous night.

[David] took progressively complex measures to prevent a broken water feed flood from happening in the future. First, he lined the entire floor of his laundry closet with a steel tray. OK, that’s a good start but won’t prevent another disaster unless it is caught very quickly. How about a simple audible water alarm? That’s good and all if you’re home, but what if you’re not?

Next, he installed a valve with a mechanical timer on the water line for the washing machine which closes automatically after 2 hours of being opened. Much better, but what about all the other thirsty appliances around the house? After searching online a little, he found plenty of whole house systems that would work for him, but there were 2 problems with these. First, most were network-based and he didn’t want to IoT-ify his house’s water system. Second, they were overpriced.

Of course the solution was to put together his own system! First, he purchased a few mostly inexpensive things — a wireless alarm, some water sensors, and a motorized ball valve. Then he collected the last few things he needed from what he had on hand around the house, and got to work connecting the 4 LEDs on the alarm to 4 analog input pins on his Arduino. Next, he added a relay between the Arduino and the motorized ball valve.

If a sensor detects water, it tells the alarm about it (wirelessly), which triggers the Arduino to energize a relay that is connected to the motorized ball valve, causing it to shut off the main water line for the entire house. Disaster averted! Sure, it’s a fairly simple hack, but it works, meets his requirements, and now he sleeps better at night knowing he won’t wake up (or come home) to an indoor swimming pool.

It’s surprising that we haven’t seen more hacks like this given it’s such a common problem. The closest thing we can remember is an overflow sensor for an aquarium. If homes came standard with a water main shutoff system, it would remove a stressful event from our lives and maybe even lower our insurance premium.

IOT Startup Bricks Customers Garage Door Intentionally

April 5, 2017 by 201 Comments

Internet of Things startup Garadget remotely bricked an unhappy customer’s WiFi garage door for giving a bad Amazon review and being rude to company reps. Garadget device owner [Robert Martin] found out the hard way how quickly the device can turn a door into a wall. After leaving a negative Amazon review, and starting a thread on Garadget’s support forum complaining the device didn’t work with his iPhone, Martin was banned from the forum until December 27, 2019 for his choice of words and was told his comments and bad Amazon review had convinced Garadget staff to ban his device from their servers.

The response was not what you would expect a community-funded startup. “Technically there is no bricking, though,” the rep replied. “No changes are made to the hardware or the firmware of the device, just denied use of company servers.” Tell that to [Robert] who can’t get into his garage.

This caused some discontent amoung other customers wondering if it was just a matter of time before more paying customers are subjected to this outlandish treatment. The Register asked Garadget’s founder [Denis Grisak] about the situation, his response is quoted below.

 It was a Bad PR Move, Martin has now had his server connection restored, and the IOT upstart has posted a public statement on the matter.– Garadget

This whole debacle brings us to the conclusion that the IoT boom has a lot of issues ahead that need to be straightened out especially when it comes to ethics and security. It’s bad enough to have to deal with the vagaries of IoT Security and companies who shut down their products because they’re just not making enough money. Now we have to worry about using “cloud” services because the people who own the little fluffy computers could just be jerks.

Quadruped Robot Can Crawl Under Cars And Jump-Kick-Open Doors

April 1, 2017 by 31 Comments

The wheel is a revolutionary invention — as they say — but going back to basics sometimes opens new pathways. Robots that traverse terrain on legs are on the rise, most notably the Boston Dynamics Big Dog series of robots — and [Ghost Robotics]’ Minitaur quadruped aims to keep pace.

One of [Ghost Robotics] founders, [Gavin Knneally] states that co-ordination is one of the main problems to overcome when developing quadruped robots; being designed to clamber across especially harsh terrain, Minitaur’s staccato steps carry it up steep hills, stairs, across ice, and more. Its legs also allow it to adjust its height — the video shows it trot up to a car, hunker down, then begin to waddle underneath with ease.

Continue reading “Quadruped Robot Can Crawl Under Cars And Jump-Kick-Open Doors”

Shut The Backdoor! More IoT Cybersecurity Problems

March 22, 2017 by 30 Comments

We all know that what we mean by hacker around here and what the world at large thinks of as a hacker are often two different things. But as our systems get more and more connected to each other and the public Internet, you can’t afford to ignore the other hackers — the black-hats and the criminals. Even if you think your data isn’t valuable, sometimes your computing resources are, as evidenced by the recent attack launched from unprotected cameras connected to the Internet.

As [Elliot Williams] reported earlier, Trustwave (a cybersecurity company) recently announced they had found a backdoor in some Chinese voice over IP gateways. Apparently, they left themselves an undocumented root password on the device and — to make things worse — they use a proprietary challenge/response system for passwords that is insufficiently secure. Our point isn’t really about this particular device, but if you are interested in the details of the algorithm, there is a tool on GitHub, created by [JacobMisirian] using the Trustwave data. Our interest is in the practice of leaving intentional backdoors in products. A backdoor like this — once discovered — could be used by anyone else, not just the company that put it there.

Continue reading “Shut The Backdoor! More IoT Cybersecurity Problems”

Another Day, Another “IoT” Backdoor

March 6, 2017 by 48 Comments

As if you needed any reason other than “just for the heck of it” to hack into a gadget that you own, it looks like nearly all of the GSM-to-IP bridge devices make by DBLTek have a remotely accessible “secret” backdoor account built in. We got sent the link via Slashdot which in turn linked to this story on Techradar. Both include the scare-words “Chinese” and “IoT”, although the devices seem to be aimed at small businesses, but everything’s “IoT” these days, right?

What is scary, however, is that the backdoor isn’t just a sloppy debug account left in, but rather only accessible through an elaborate and custom login protocol. Worse still, when the company was contacted about the backdoor account, they “fixed” the problem not by removing the account, but by making the “secret” login procedure a few steps more complicated. Which is to say, they haven’t fixed the problem at all.

This issue was picked up by security firm Trustwave, but they can’t check out every device on the market all the time. We may be preaching to the choir here, but if you’re ever wondering why it’s important to be able to break into stuff that you own, here’s another reminder.