ETextile Spring Break Tackles Signal Blocking, Audio Generation, And Radio Transmissions

April 20, 2018 by 12 Comments

Finding a killer application for e-textiles is the realm of the hacker and within that realm, anything goes. Whether it’s protecting your digital privacy with signal shielding, generating audio with a wearable BeagleBone or 555 timer, or making your favorite garment into an antenna, the eTextile Spring Break is testing out ways to combine electronics and fabric.

You may be asking yourself “What are e-textiles good for?”. Well, that’s an excellent question and likely the most common one facing the industry today. I’m afraid I won’t be able to give a definitive answer. As an e-textile practitioner, I too am constantly posing this question to myself. There’s an inherently personal nature to fabric worn on the body and to our electronic devices that makes this answer elusive. Instead of trying to fabricate some narrow definition, what I offer is a look at topics of interest, material experimentation, and technical exploration through the lens of a week-long event held recently in New York called eTextile Spring Break.

Continue reading “ETextile Spring Break Tackles Signal Blocking, Audio Generation, And Radio Transmissions”

The Terrible Security Of Bluetooth Locks

August 8, 2016 by 53 Comments

Bluetooth devices are everywhere these days, and nothing compromises your opsec more than a bevy of smartphones, smart watches, fitbits, strange electronic conference badges, and other electronic ephemera we adorn ourselves with to make us better people, happier, and more productive members of society.

Bluetooth isn’t limited to wearables, either; deadbolts, garage door openers, and security systems are shipping with Bluetooth modules. Manufacturers of physical security paraphernalia are wont to add the Internet of Things label to their packaging, it seems. Although these devices should be designed with security in mind, most aren’t, making the state of Bluetooth smart locks one of the most inexplicable trends in recent memory.

At this year’s DEF CON, [Anthony Rose] have given a talk on compromising BTLE locks from a quarter-mile away. Actually, that ‘quarter mile’ qualifier is a bit of a misnomer – some of these Bluetooth locks are terrible locks, period. The Kwikset Kevo Doorlock – a $200 deadbolt – can be opened with a flathead screwdriver. Other Bluetooth ‘smart locks’ are made of plastic.

The tools [Anthony] used for these wireless lockpicking investigations included the Ubertooth One, a Bluetooth device for receive-only promiscuous sniffing, a cantenna, a Bluetooth USB dongle, and a Raspberry Pi. This entire setup can be powered by a single battery, making it very stealthy.

The attacks on these Bluetooth locks varied, from sniffing the password sent in plain text to the lock (!), replay attacks, to more advanced techniques such as decompiling the APK used to unlock these smart locks. When all else fails, brute forcing locks works surprisingly well, with quite a few models of smart lock using eight digit pins. Even locks with ‘patented security’ (read: custom crypto, bad) were terrible; this patented security was just an XOR with a hardcoded key.

What was the takeaway from this talk? Secure Bluetooth locks can be made. These locks use proper AES encryption, a truly random nonce, two factor authentication, no hard-coded keys, allow the use of long passwords, and cannot be opened with a screwdriver. These locks are rare. Twelve of the sixteen locks tested could be easily broken. The majority of Bluetooth smart locks are not built with security in mind, which, by the way, is the entire point of a lock.

[Anthony]’s work going forward will concentrate expanding his library of scripts to exploit these locks, and evaluate the Bluetooth locks on ATMs. Yes, ATMs also use Bluetooth locks. The mind reels.

Password Extraction Via Front Doorbell

February 28, 2016 by 52 Comments

Not a day goes by without another IoT security hack. If you’re wondering why you don’t want your front doorbell connected to the Internet, this hack should convince you.

The hack is unfathomably stupid. You press the button on the back of the unit that pairs the doorbell with your home WiFi network, and it transmits the password in the clear. Sigh. It’s since been fixed, and we suppose that’s a good thing, but we can’t resist thinking for a moment about an alternative implementation.

Imagine, like all previous non-IoT wireless doorbells, that the doorbell transmitted a not-very coded signal over an open frequency like 433 MHz to a receiver inside your home. Do the same with the video stream. Now the receiver can be connected to the Internet, and can be significantly more secure because it’s behind your locked front door. The attack surface presented to the outside world by the doorbell itself is small, and limited to faking a doorbell press or showing you pictures you don’t want to see. Yawn.

But because the outside doorbell unit could be connected to a network, it was. Now the attack surface extends into your home’s network, and if you’re like most people, the WiFi router was your only real defense.

Now we love the IoT, in principle. There are tons of interesting applications that need the sort of bandwidth or remote availability that the Internet provides. We’re just not convinced yet that a doorbell, or a fridge for that matter, meet the criteria. But it does add a hundred bucks to the price tag, so that’s good, right? What do you think? When does the risk of IoT justify the reward?

Thanks [Dielectric] for the tip!

$50k In Play: 20 Bulbdial Clock Kits

May 21, 2015 by 3 Comments

For this week we’re veering away from our habit of giving away things to help with your build and giving away something fun. 20 Hackaday Prize entries will receive a Bulbdial Clock kit. Getting into the running is easy, start your project on Hackaday.io and make sure you officially submit it to the Hackaday Prize. Get it in by next Wednesday to be considered for this week’s prizes, and you’ll also be in the running each week after that as we work our way through $50,000 in prizes this summer before giving away the big stuff like a Trip into Space and $100,000 in cash.

The Bulbdial Clock has been a favorite of ours for years. Developed by Hackaday Prize Judges [Windell] and [Lenore] at Evil Mad Scientist Labs, it uses three rings of colored LEDs to cast shadows as clock hands. It’s a fun solder kit that will take time to assemble. In keeping with that ideal, your best bet at scoring one this week is to post a new project log showing off the solder work you’ve done on your prototype. If you don’t have one soldered yet, that’s okay too. Just post a new project log that talks about the component assembly you’ll be working on. This would be a great time to finally draw up a basic schematic, right?

Last Week’s 40 Winners of $50 Shapeways Gift Cards

50k-in-play-shapeways-blogview

Congratulations to these 40 projects who were selected as winners from last week. You will receive a $50 gift card from Shapeways so that you can get your custom parts 3D printed. We were on the lookout for projects that we thought would benefit most from custom parts. Some of these are far along in their development, some have just started, but all of them are awesome so browse the list and make sure to skull and follow the ones you like!

Each project creator will find info on redeeming their prize as a message on Hackaday.io.

The 2015 Hackaday Prize is sponsored by:

Adding Features To The DoorBot

August 11, 2014 by 5 Comments

network sniffing doorbell

There’s an interesting network-enabled doorbell on the market from Edison Junior called the DoorBot that boasts some useful features, notably that it can make calls to a phone when someone pushes the button for the doorbell. However, [MadBeggar] saw the potential in this device and couldn’t wait to get some more functionality out of it, so he has reverse engineered the communications protocol for the doorbell.

His goals for the project were to implement third-party notifications such as text messaging, VoIP/SIP integration, and maybe even a desktop client. So far he has only been able to analyze the communications protocol but he hopes that others will be able to build upon his work or even add features he hasn’t thought of yet. The makers of the device promise to eventually deliver on some of these features but so far haven’t delivered.

There are some other projects out there that integrate wireless connectivity with a doorbell. However, [MadBeggar] notes that the DoorBot really stands out among all of the internet-enabled doorbell, mostly because nothing else around is as clean or is as easy to install as the DoorBot. He just wishes that the software wasn’t so clunky and that it had its full potential unlocked with these extra features. We’d say he’s on the right track!

Door Lock Provides Peace Of Mind With Real-Time Security

July 14, 2014 by 32 Comments

arduino door lock

[HSP] got tired of locking his door with a key, so he decided to upgrade to a keypad system which he’s designed himself.

It uses an Arduino Mega with the standard 44780 display, a standard keypad, and the “key override” (shown above) for fun. The locking mechanism is a standard 12V actuator based lock which was modified to run off of only 7.5V, by softening up the spring inside and running it upside down (as to let gravity help do the work). The whole system draws less than half a watt on standby, and engaging the lock peaks at only 4-7W.

What’s really clever about this design is how he locks it from inside the room. He’s programmed the Arduino to write 1 to address 128 of the EEPROM — at power on it will increment this by 1, and after 5 seconds, it will reset to 1. This means it can detect a quick power cycle, so you can lock the door by turning it off, turning it on for a few seconds, and turning it off and on again — he did this so he didn’t have to make a button or console, or any kind of wireless control on the inside. Continue reading “Door Lock Provides Peace Of Mind With Real-Time Security”

Stuff Wireless Charging Into A Nook’s Crannies

June 10, 2014 by 21 Comments

Qi receiver for NookMany technologies that come about for one type of product make us want to extend it to other things. For instance, we’d like the ability to remotely unlock our front door when it’s raining or our hands are full. Once [MS3FGX] experienced Qi wireless charging with his Nexus 5, he wanted the ability to wirelessly charge all the things. The first gadget on the list was his Nook Simple Touch eReader, which he successfully retrofit with a Qi receiver.

Space is at a premium inside of most modern technology. As it turns out, there is a burgeoning market for shoving inductive charging receivers into things. [MS3FGX] decided to try a Qi receiver meant for a Samsung S3, and it actually fits very well behind the battery. He glued it down and then cut a channel in the battery tray for the wires.

[MS3FGX] went full hack with this one and wired it to the Nook’s USB port on the inside. He would have preferred a thinner wire, but used some from a 40-pin IDE cable with little trouble. After the operation was complete, he put it on the Qi pad and it started charging right away. To his delight, the battery increased 20% after an hour. And yes, he can still charge the Nook the traditional way without any issues.

If you want to add wireless charging to any phone cheaply and easily, we’ve got you covered.