UECG – A Very Small Wearable ECG

November 8, 2019 by 16 Comments

[Ultimate Robotics] has been working on designing and producing an extremely small ECG that can stream data real time.

Typical electrocardiogram equipment is bulky: miniaturization doesn’t do much for a hospital where optimizations tend to lean towards, durability, longevity, and ease of use. Usually a bunch of leads are strung between a conductive pad and an analog front end and display which interprets the data; very clearly identifying the patient as a subject for measurement.

uECG puts all this in a finger sized package. It’s no surprise that this got our attention at Maker Faire Rome and that they’re one of the Hackaday Prize Finalists. The battery, micro controller, and sampling circuitry are all nearly packed onto the board. The user has the option of streaming through BLE at 125 Hz or using a radio transceiver for 1 kHz of data. Even transmitting at these sample rates and filtering the signal of unwanted noise the device draws less than 10 mA.

The files to make the device are all on their page. Though they are planning to produce the boards in a small run which should be the best way to acquire one and start experimenting with this interesting data.

The HackadayPrize2019 is Sponsored by:

The Dyson Awards Definitely Do Not Suck

November 8, 2019 by 32 Comments

Named after British inventor James Dyson of cyclonic vacuum cleaner fame, the Dyson Awards are presented annually to current and recent students of engineering, industrial design, and product design, regardless of age. Students from 27 countries work alone or in groups to describe their inventions, which are then judged for their inventiveness, the production feasibility of their design, and the overall strength of the entry itself.

Much like our own Hackaday Prize, the Dyson Awards encourage and highlight innovation in all areas of science and technology. Some ideas help the suffering individual, and others seek to cure the big problems that affect everyone, like the microplastics choking the oceans. The Hackaday spirit is alive and well in these entries and we spotted at least one Hackaday prize alum — [Amitabh]’s Programmable Air. I had fun browsing through everything on offer, and you will too. This is a pretty good source of design inspiration.

Continue reading “The Dyson Awards Definitely Do Not Suck”

Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints

November 8, 2019 by No comments

Before you even ask, it’s an open source trackball and you’re gonna like it. Hackaday Editors Mike Szczys and Elliot Williams get down to brass tacks on this week’s hacks. From laying down fatter 3D printer extrusion and tricking your stick welder, to recursive Nintendos and cubic Castlevania, this week’s episode is packed with hacks you ought not miss.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 043: Ploopy, Castlevania Cube-Scroller, Projection Map Your Face, And Smoosh Those 3D Prints”

Steampunk Water Thief Clock Steals Attention, Too

November 8, 2019 by 7 Comments

The funny thing about clocks is that the more intriguing they are to look at, the more precious time is wasted. This steampunk clepsydra is no exception. A clepsydra, or water thief clock is an ancient design that takes many forms. Any clock that uses the inflow or outflow of water to measure time could be considered a clepsydra, even if it uses electronics like this steampunk version.

[DickB1]’s sticky-fingered timepiece works by siphoning water from the lower chamber into the upper chamber on a one-minute cycle. An MSP430 and a MOSFET control the 12 V diaphragm pump. As the water level rises in the upper chamber, a float in the siphon pushes a lever that moves a ratchet and pawl that’s connected to the minute hand. The hour hand is driven by gears. A hidden magnet and Hall effect sensor help keep the clock clicking at one-minute intervals.

Although [DickB1] doesn’t tell you exactly how to replicate this clock, he offers enough information to get started in designing your own. Take a second to check it out after the break.

Most of the thieving around here is done for the joules, so here’s a joule thief running a clock.

Continue reading “Steampunk Water Thief Clock Steals Attention, Too”

This Week In Security: BGP Bogons, Chrome Zero Day, And Save Game Attacks

November 8, 2019 by 24 Comments

Our own [Pat Whetman] wrote about a clever technique published by the University of Michigan, where lasers can be used to trigger a home assistant device. It’s an interesting hack, and you should go read it.

Borrowing IP Addresses

We’ve lived through several IPv4 exhaustion milestones, and the lack of available addresses is really beginning to show, even for trolls and scammers. A new approach takes advantage of the weak security of the Border Gateway Protocol, and allows bad actors to temporarily take over reserved address blocks. These particular providers operate out of Russia, operating network services they advertise as “bulletproof”, or immune to takedown requests. What better way to sidestep takedowns than to use IP addresses that aren’t really yours to begin with?

BGP spoofing has been at the center of other types of attacks and incidents, like in 2018 when a misconfiguration in a Nigerian ISP’s BGP tables routed traffic intended for Google’s servers through Chinese and Russian infrastructure. In that case it appeared to be a genuine mistake, but little prevents malicious BGP table poisoning.

Chrome Zero-day

Google released an update to Chrome on the 31st that addresses two CVEs, one of which is being actively exploited. That vulnerability, CVE-2019-13720, is a race condition resulting in a potential use-after-free. Kaspersky Labs found this one being actively used on a Korean news site. The attack runs entirely from Javascript, and simply visiting a malicious site is enough for compromise, so update Chrome if it’s installed.

Anti-anti-doping

What do you do when you feel you’ve been unfairly targeted by an anti-doping investigation? Apparently hacking the investigating agency and releasing stolen information is an option. It seems like this approach is more effective when there are shenanigans revealed in the data dump. In this case, the data being released seems rather mundane.

Firefox Blocking Sideload Extensions

Mozilla made a controversial announcement on the 31st. They intend to block “sideload” browser extensions. Until this change, it was possible to install browser extensions by copying them to a particular folder on the computer. Some legitimate extensions used this installation method, but so did malware, adware, and other unwanted software. While this change will block some malicious add-ons, it does present a bit of a challenge to a user installing an extension that isn’t on the official Mozilla store or signed by Mozilla.

As you might imagine, the response has been… less than positive. While making malware harder to install is certainly welcome, this makes some use cases very difficult. An example that comes to mind is a Linux package that includes a browser extension. It remains to be seen exactly how this change will shake out.

Save Games as Attack Vector

An oddball vulnerability caught my eye, published by [Denis Andzakovic] over at Pulse Security. He discovered that a recent indy game, Untitled Goose Game, can be manipulated into running arbitrary code as a result of loading a maliciously modified save file. The vulnerability is rooted in a naive deserialization routine.

If you’re interested in a deeper dive into .net deserialization bugs, a great paper was submitted to Blackhat 2012 discussing the topic. The short version is that if a programmer isn’t careful, the deserialization routine can overwrite variables in unexpected ways, potentially leading to code execution.

At first glance, a vulnerability triggered by a malicious save file seems relatively harmless. The level of access needed to modify a save file on a hard drive is enough to compromise that computer in a multitude of better ways. Enter cloud save synchronization. Steam, for instance, will automatically sync save games across a user’s install locations. This is a very useful feature for those of us that might play the same game on a laptop and a desktop. Having the save game automatically synced to all your devices is quite useful, but if an attacker compromised your Steam account, your save games could be manipulated. This leads to the very real possibility that an attacker could use a save game vulnerability to turn a Steam account compromise into an attack on all your machines with Steam installs.

Keep An Eye On The Neighborhood With This Passive Radar

November 8, 2019 by 25 Comments

If your neighborhood is anything like ours, walking across the street is like taking your life in your own hands. Drivers are increasingly unconcerned by such trivialities as speed limits or staying under control, and anything goes when they need to connect Point A to Point B in the least amount of time possible. Monitoring traffic with this passive radar will not do a thing to slow drivers down, but it’s a pretty cool hack that will at least yield some insights into traffic patterns.

The principle behind active radar – the kind police use to catch speeders in every neighborhood but yours – is simple: send a microwave signal towards a moving object, measure the frequency shift in the reflected signal, and do a little math to calculate the relative velocity. A passive radar like the one described in the RTL-SDR.com article linked above is quite different. Rather than painting a target with an RF signal, it relies on signals from other transmitters, such as terrestrial TV or radio outlets in the area. Two different receivers are used, both with directional antennas. One points to the area to be monitored, while the other points directly to the transmitter. By comparing signals reflected off moving objects received by the former against the reference signal from the latter, information about the distance and velocity of objects in the target area can be obtained.

The RTL-SDR test used a pair of cheap Yagi antennas for a nearby DVB-T channel to feed their KerberosSDR four-channel coherent SDR, a device we last looked at when it was still in beta. Essentially four SDR dongles on a common board, it’s available now for $149. Using it to build a passive radar might not save the neighborhood, but it could be a lot of fun to try.

Real Life QWOP Probably Stings A Fair Bit

November 8, 2019 by 8 Comments

QWOP was a flashgame released by [Bennett Foddy] in the distant past. Players would use individual keys to trigger muscle spasms in their character’s legs, attempting to sprint as far as possible without hitting the ground. Hackaday alumus [The Hacksmith] wanted to recreate this in real life, and set to work.

Initially planning to hack some TENS units to cause muscle contractions, instead a pair of lithium batteries were used. Supplying up to 48 volts through a MOSFET using PWM control, it’s quite effective at triggering muscle movement, albeit with a slight pain factor. With the MOSFETs under the control of an Arduino fitted with a USB keyboard, it allows a player to control [The Hacksmith]’s leg muscles, albeit without much finesse.

While the jumps are just video magic, the players do succeed in making some purposeful spasms happen. It’s about as effective as our attempts to play the original game, anyway. Don’t try this at home if you’d like to avoid possible burns or nerve injuries! It’s not the first moderately dangerous build we’ve seen from [The Hacksmith], either. Video after the break.

Continue reading “Real Life QWOP Probably Stings A Fair Bit”