This Week In Security: Android Exposes ADB, ShinyHunters Get Paid, Robot Dogs, And More

May 18, 2026 by 18 Comments

Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind. Unfortunately, the biggest risk from this patch will be to the vendors who are also the least likely to release timely – or any – security updates.

ADB, the Android Debug Bridge, is the main tool for installing apps during development and debugging apps while they’re running. It can also be used to side-load apps from a PC. While most normal users are unlikely to ever enable it, developers typically do and some power users might when jailbreaking a device or setting parameters not exposed in the Android UI. Debugging can be done locally via USB, or optionally over the network. To protect the device, the user must unlock the Android device and authorize each new debug agent.

Covered by Risky.Biz, a bug introduced in 2020, and present in every Android release since, allowed bypassing authorization entirely if network debugging was enabled and at least one connection had been made to the ADB service in the past. This happens because ADB compares the certificate of the incoming debug connection with the list of saved certificates. If the certificate type does not match — for instance supplying an Ed25519 certificate instead of a RSA certificate — ADB has been incorrectly handling the error code, and allowing the connection.

In most programming languages, false is considered zero, and true is considered anything not zero. The certificate API returns a 1 for a valid match, a zero for an invalid match, and a negative-one for a type mismatch. Negative one is not zero, so when treated as a boolean value, it becomes true.

To exploit the bug, ADB must be enabled in wireless mode, and there must be at least one trusted device in the ADB configuration. For the average user this is an unlikely combination, but for developers, the time to update is now.

Continue reading “This Week In Security: Android Exposes ADB, ShinyHunters Get Paid, Robot Dogs, And More”

A black screen with green text is shown. The green text logs events from a VPN gateway.

Running A VPN Gateway On An ESP32

May 18, 2026 by 17 Comments

If you need a VPN gateway to access your home network, the fastest and most cost-effective way is probably by using a Raspberry Pi Zero. But in [Samir Makwana]’s view, an ESP32-S3 is just as capable for moderate use, and in some respects even superior.

This was possible thanks to the MicroLink project, which is a full implementation of a Tailscale client for the ESP32 family. In some ways the ESP32 worked better than a Raspberry Pi: it boots in two seconds rather than thirty, draws 0.5 Watts rather than 1.5, and there’s no chance of it failing due to a corrupted SD card. Compared to a Raspberry Pi, however, which can be set up as a Tailscale client in a few minutes, this took several hours to get running. The biggest issue was making sure that there was enough memory available for TLS handshakes, which was solved by enabling the ESP32’s PSRAM.

Once the VPN client is running, the ESP32 can be used as an SSH jump machine to access other devices on the home network, without needing to expose those machines to the open Internet. The ESP32 also hosts an HTTP server which can send a wake-on-LAN magic packet to another device on the local network, letting unused devices sleep without impairing their availability.

The ESP32 doesn’t provide much bandwidth — streaming video would cause issues — but it works well enough for lightweight applications. If you’re wanting to stream video from an ESP32, though, it is technically possible.

Building A Working Replica Of The Chernobyl Power Plant’s SKALA Display

May 18, 2026 by 3 Comments

In a recent video by the [Chornobyl Family] it’s shown how they made the SKALA status display which was featured at the recent 40-year memorial exhibition of the Chornobyl Nuclear Power Plant (ChNPP) #4 reactor accident, along with the RBMK reactor control panel replica and SKALA console which they had made previously.

Detail of the SKALA display. (Credit: Chornobyl Family, YouTube)

We previously covered this SKALA control system of the ChNPP’s RBMK reactors, as well as its 1990s modernization. This SKALA status display is one of the original elements of the control room, providing a status overview of the entire control system at a glance, including its processors and peripheral devices.

The replica uses similar looking components, with a metal casing and LED lighting that invokes the aesthetics of the original electroluminescent mnemonic panels. Overall the goal was to keep the appearance as close to the original as possible — they even had operators of the ChNPP reactors look over the panel and give it their stamp of approval.

Some of the components like the error indicators had to be 3D printed, while the metal case was cut out of sheet metal. There’s also a very big speaker for the alarm, at the top right of the panel. Along with the LEDs for the electroluminescent-style indicators this meant a lot of addressable LEDs and a lot of wiring.

The full build plans are available via the [Chornobyl Family] Patreon, if you feel like building up your own RBMK-style reactor control room.

Continue reading “Building A Working Replica Of The Chernobyl Power Plant’s SKALA Display”

A Status Screen For Bambu Labs Printers

May 17, 2026 by 11 Comments

If you’ve got a Bambu Labs printer, it’s usually pretty straightforward to keep an eye on it via the onboard display or the various apps the company has released. However, if you want a dedicated display somewhere remote from your printer, you might like this build from [Keralots].

The project is based on an ESP32-S3 Super Mini, paired with a 1.54″ TFT display with a 240 x 240 resolution. It’s set up to talk to Bambu Labs printers over MQTT with TLS. It harvests status data and uses it to display a real-time dashboard with critical printer parameters display on arc gauges. There’s also plenty of live stats to pore over, as well as buzzer notifications if you want auditory alerts about what is going on. It’s possible to use with just about any Bambu Labs printer with a Bambu Cloud access token; otherwise, you can tinker with LAN Direct connections on certain models, but you might need to enable Developer Mode depending on your rig.

If you want to monitor your printer’s vital statistics at a glance, this project is a great way to do it. It breaks out the fundamental numbers in a clear and obvious fashion that’s a little easier to parse quickly compared to the interface of the official software. We’ve featured similar builds before, too. If you’re also paranoid about prints and using that to motivate you towards creating useful hardware, don’t hesitate to let us know on the tipsline. 

Turning A Junk Laptop Screen Into A Portable Monitor

May 17, 2026 by 19 Comments

Sure, you can buy a portable monitor off your favorite e-tailer, but with perfectly fine displays in devices like laptops being tossed out every single day, why not repurpose those instead? That’s what [ScuffedBits] recently did with the panels  pulled from some old laptops.

A good question with any such salvaged panel is just how practical it is to still use them, with disqualifying features being things like passive-matrix TFTs as well as the use of CCFL backlighting as with one of the three panels demonstrated in the video.

Looking up the model number of a panel on a site like panelook.com will tell you the display technology, resolution and other important details before you decide to commit to using it. If it’s using a LED backlight and at least Low-Voltage Differential Signaling (LVDS) but ideally eDP you can likely find a cheap driver board for it that has all the requisite inputs like HDMI and power.

The hardest part is probably the case for the panel, as they’re rather thin and fragile. Here [ScuffedBits] opted to 3D print two different types of cases, with the second variant probably being the best version as it protects most of the panel. Installing these is quite easy: slide the panel into the first half, then add the second half of the case to close it up. Permanently keeping the case in place was left as an exercise to a future [ScuffedBits], while demonstrating why it’s definitely the hardest part of repurposing an old laptop display.

Continue reading “Turning A Junk Laptop Screen Into A Portable Monitor”

Hackaday Links Column Banner

Hackaday Links: May 17, 2026

May 17, 2026 by 3 Comments

To start things off, we’d like to extend a special thanks to everyone who joined us for Hackaday Europe this weekend in Lecco, Italy. It was 48 hours of fascinating talks, incredible badge hacks, and some of the greatest company you could hope for. For those who couldn’t make it in person, we didn’t forget you — expect to hear more about what went down once we get a chance to catch our collective breath.

That’s not the only thing to keep an eye out for in the coming days. This is your reminder that Amazon will be officially ending support for older Kindles in a few days. After May 20th, any of the megacorp’s e-readers that were introduced before 2012 will be persona non grata, so you should plan accordingly.

The biggest change is that these older devices won’t be able to buy digital books from Amazon, but you can still use them offline, and the fantastic Calibre makes it a breeze to load up content from other sources. To be perfectly honest, we’d advise any Kindle user to decouple their device from the Amazon mothership by using Calibre or even jailbreaking it and installing KOReader, so the end of official support is fine by us. In fact, if a surge of unsupported Kindles brings more attention and users to those projects, that suits us just fine.

Continue reading “Hackaday Links: May 17, 2026”

NFC Record Player Promotes Intentional Listening

May 17, 2026 by 12 Comments

Streaming services have enabled many of us to have easy access to the world’s media library at the touch of a screen, but [Coconauts] thinks we’ve lost something along the way. To bring some intentionality back to the listening experience, they built an NFC record player called Minilos.

Like a normal record player, Minilos requires the user to select an album to play on the machine. These were originally decorative coasters with records printed on them, so they are much smaller than even a 45. Each one features an NFC tag that instructs ESP32 microcontroller hidden in the device to play the requested song. Once placed on the record player, it will then play through that album and come to a stop.

In [Coconauts]’s current setup, the ESP32 is connected to a Home Assistant server which then instructs a Google Speaker to play the requested song via Spotify, although we could easily imagine this being used to play music directly from an SD card or other digital storage device instead.

If you want complete control over your music listening while still keeping that authentic vinyl experience, you could always look into cutting your own records with a laser.