Industrial Robots, Hacking And Sabotage

May 4, 2017 by 62 Comments

Everything is online these days creating the perfect storm for cyber shenanigans. Sadly, even industrial robotic equipment is easily compromised because of our ever increasingly connected world. A new report by Trend Micro shows a set of attacks on robot arms and other industrial automation hardware.

This may not seem like a big deal but image a scenario where an attacker intentionally builds invisible defects into thousands of cars without the manufacturer even knowing. Just about everything in a car these days is built using robotic arms. The Chassis could be built too weak, the engine could be built with weaknesses that will fail far before the expected lifespan. Even your brake disks could have manufacturing defects introduced by a computer hacker causing them to shatter under heavy braking. The Forward-looking Threat Research (FTR) team decided to check the feasibility of such attacks and what they found was shocking. Tests were performed in a laboratory with a real in work robot. They managed to come up with five different attack methods.


Attack 1: Altering the Controller’s Parameters
The attacker alters the control system so the robot moves unexpectedly or inaccurately, at the attacker’s will.

  • Concrete Effects: Defective or modified products
  • Requirements Violated: Safety, Integrity, Accuracy

Attack 2: Tampering with Calibration Parameters
The attacker changes the calibration to make the robot move unexpectedly or inaccurately, at the attacker’s will.

  • Concrete Effects: Damage to the robot
  • Requirements Violated: Safety, Integrity, Accuracy

Why are these robots even connected? As automated factories become more complex it becomes a much larger task to maintain all of the systems. The industry is moving toward more connectivity to monitor the performance of all machines on the factory floor, tracking their service lifetime and alerting when preventive maintenance is necessary. This sounds great for its intended use, but as with all connected devices there are vulnerabilities introduced because of this connectivity. This becomes especially concerning when you consider the reality that often equipment that goes into service simply doesn’t get crucial security updates for any number of reasons (ignorance, constant use, etc.).

For the rest of the attack vectors and more detailed info you should refer to the report (PDF) which is quite an interesting read. The video below also shows insight into how these type of attacks might affect the manufacturing process.

Continue reading “Industrial Robots, Hacking And Sabotage”

Hackaday Prize Entry: Arduino Splash Resistant Toilet Foamer

May 4, 2017 by 42 Comments

There are some universal human experiences we don’t talk about much, at least not in public. One of them you’ll have in your own house, and such is our reluctance to talk about it, we’ve surrounded it in a fog of euphemisms and slang words. Your toilet, lavatory, john, dunny, khazi, bog, or whatever you call it, is part of your everyday life.

For his Hackaday Prize entry, [VijeMiller] tackles his smallest room head-on. You see, for him, the chief horror of the experience lies with the dreaded splashback. Yes, a bit of projectile power dumping leaves the old rump a little on the damp side. So he’s tackled the problem with some maker ingenuity and installed an Arduino-controlled foam generator that injects a mixture of soap and glycerin to fill the bowl with a splash-damping load of foam. Rearward inundation avoided.

The parts list reveals that the foam is generated by a fish tank aerator, triggered by a relay which is driven by an Arduino Uno through a power transistor. A solenoid valve controls the flow, and a lot of vinyl tubing hooks it all together. There is an HC/06 Bluetooth module with an app to control the device from a phone, though while he’s posted some Arduino code there is no link to the app. There are several pictures, including a cheeky placement of a Jolly Wrencher, and a shot of what we can only surmise is a text, as foam overflows all over the bathroom. And he’s put up the video we’ve placed below the break, for a humorous demonstration of the device in action.

Continue reading “Hackaday Prize Entry: Arduino Splash Resistant Toilet Foamer”

The Princess And The HDD: Poor Design Choices

May 4, 2017 by 74 Comments

You’ll all remember my grand adventure in acquiring a photocopier. Well, it’s been a rollercoaster, I tell ya. While I still haven’t found a modification worthy enough to attempt, I have become increasingly frustrated. From time to time, I like to invite my friends and family over for dinner, and conversation naturally turns to things like the art on the walls, the fish in the aquarium, or perhaps the photocopier in the living room. Now, I dearly love to share my passions with others, so it’s pretty darned disappointing when I go to fire off a few copies only to have the machine fail to boot! It was time to tackle this problem once and for all.

When powered up, the photocopier would sit at a “Please Wait…” screen for a very long time, before eventually coughing up an error code — SC990 — and an instruction to call for service. A bunch of other messages would flash up as well; Address Book Data Error, Hard Drive Data Error, and so on. In the end I realized they all centered around data storage.

Pictured: the author, in his happy place, at peace with the copier.

Now, I’d already tried diving into the service menu once before, and selected the option to format the hard drive. That had led to the problem disappearing for a short period, but now it was back. No amount of mashing away at the keypad would work this time. The format commands simply returned “Failed” every time. What to do next? You guessed it, it was time for a teardown!

Thankfully, photocopiers are designed for easy servicing — someone’s paying for all those service calls. A few screws and large panels were simply popping off with ease; completely the opposite of working on cars. Spotting the hard drive was easy, it looked like some sort of laptop IDE unit. With only SATA laptops around the house to salvage parts from, I wasn’t able to come up with something to swap in.

A bit of research (and reading the label) taught me that the drive was a Toshiba MK2023GAS/HDD2187. Replacements were available on eBay, but if I waited two weeks I’d probably be wrist deep in some other abandoned equipment. It had to be sorted on the night. In the words of [AvE], if you can’t fix it… well, you know how it goes. I yanked the drive and, lo and behold – the copier booted straight up! Just to be sure I wasn’t hallucinating, I churned out a few copies, and other than the continued jamming on all-black pages, everything was fine. Literally all it took to get the copier to boot was to remove the ailing drive. Suffice to say, I was kind of dumbfounded.

The hard drive a.k.a. the villain of the piece.

I’m happy to chalk up the win, but I have to draw issue with Ricoh’s design here. The copier is clearly capable of operating perfectly well without a hard drive. It will give up its document server and address book abilities, but it will still make copies and print without a problem.

Yet, when the copier’s drive fails, the unit fails completely and refuses to work. This necessitates a service call for the average user to get anything at all happening again — causing much lost work and productivity. A better design in my eyes would have the copier notify users of the lost functionality due to the failed drive and the need to call service, but let them copy! Any IT administrator will know the value of a bodged work around that keeps the company limping along for the day versus having a room of forty agitated workers with nothing to do. It’s a shame Ricoh chose to have the photocopier shut down completely rather than valiantly fight on.

Feel free to chime in with your own stories of minor failures that caused total shutdowns in the comments. Video below the break.

Continue reading “The Princess And The HDD: Poor Design Choices”

Google AIY: Artificial Intelligence Yourself

May 4, 2017 by 35 Comments

When Amazon released the API to their voice service Alexa, they basically forced any serious players in this domain to bring their offerings out into the hacker/maker market as well. Now Google and Raspberry Pi have come together to bring us ‘Artificial Intelligence Yourself’ or AIY.

A free hardware kit made by Google was distributed with Issue 57 of the MagPi Magazine which is targeted at makers and hobbyists which you can see in the video after the break. The kit contains a Raspberry Pi Voice Hat, a microphone board, a speaker and a number of small bits to mount the kit on a Raspberry Pi 3. Putting all of it together and following the instruction on the official site gets you a Google Voice Interaction Kit with a bunch of IOs just screaming to be put to good use.

The source code for the python app can be downloaded from GitHub and consists of a loop that awaits a trigger. This trigger can be a press of a button or a clap near the microphones. When a trigger is detected, the recorder function takes over sending the stream to the Google Cloud. Speech-to-Text conversion happens there and the result is returned via a Text-To-Speech engine that helps the system talk back. The repository suggests that the official Voice Kit SD Image (893 MB download) is based on Raspbian so don’t go reflashing a memory card right away, you should be able to add this to an existing install.

Continue reading “Google AIY: Artificial Intelligence Yourself”

We’ve Got It Down PAT: Appliance Electrical Safety Testing

May 4, 2017 by 23 Comments

Everywhere we look in our everyday lives, from our bench to our bedroom, there are the ubiquitous electrical cords of mains-powered appliances. We don’t give our electrical devices a second thought, but in addition to their primary purpose they all perform the function of keeping us safe from the dangerous mains voltages delivered from our wall sockets.

Of course, we’ve all had appliances that have become damaged. How often have you seen a plug held together with electrical tape, or a cord with some of its outer sheath missing? It’s something that we shouldn’t do, but it’s likely many readers are guiltily shuffling a particular piece of equipment out of the way at the moment.

In most countries there are electrical regulations which impose some level of electrical safety on commercial premises. Under those regulations, all appliances must be regularly tested, and any appliances that fail the tests must be either repaired or taken out of service

In the United Kingdom,where this piece is being written, the law in question is the Electricity At Work Regulations 1989, which specifies the maintenance of electrical safety and that there should be evidence of regular maintenance of electrical appliances. It doesn’t specify how this should be done, but the way this is usually achieved is by a set of electrical tests whose official name: “In-service Inspection & Testing of Electrical Equipment”, isn’t very catchy. Thus “Portable Appliance Testing”, or PAT, is how the process is usually referred to. Join me after the break for an overview of the PAT system.

Continue reading “We’ve Got It Down PAT: Appliance Electrical Safety Testing”

Mission Control For Kerbal

May 4, 2017 by 31 Comments

[Niko1499] had a plan. He’d built a cool hardware controller for the game Kerbal Space Program (KSP). He got a lot of positive reaction to it and decided to form a company to produce them. As many people have found out, though, that’s easier said than done, and the planned company fell short of its goals. However, [Niko1499] has taken his controller and documented a lot about its construction, including some of the process he used to get there.

If you haven’t run into it before, KSP is sort of half simulator, half game. You take command of an alien space program and develop it, plan and execute missions, and so on. The physics simulation is quite realistic, and the game has a large following.

When we first saw the photos, we thought it was an old Heathkit trainer, and–indeed–the case is from an old Heathkit. However, the panel is laser cut, and the software is Arduino-based. [Niko1499] covers a few different methods of letting the Arduino control the game by emulating a joystick, a keyboard, or by using some software to take serial data and use it to control the game.

Continue reading “Mission Control For Kerbal”

Reverse-Engineering The Peugeot 207’s CAN Bus

May 4, 2017 by 53 Comments

Here’s a classic “one thing led to another” car hack. [Alexandre Blin] wanted a reversing camera for his old Peugeot 207 and went down a rabbit hole which led him to do some extreme CAN bus reverse-engineering with Arduino and iOS. Buying an expensive bezel, a cheap HDMI display, an Arduino, a CAN bus shield, an iPod touch with a ghetto serial interface cable that didn’t work out, a HM-10 BLE module, an iPad 4S, the camera itself, and about a year and a half of working on it intermittently, he finally emerged poorer by about 275€, but victorious in a job well done. A company retrofit would not only have cost him a lot more, but would have deprived him of everything that he learned along the way.

Adding the camera was the easiest part of the exercise when he found an after-market version specifically meant for his 207 model. The original non-graphical display had to make room for a new HDMI display and a fresh bezel, which cost him much more than the display. Besides displaying the camera image when reversing, the new display also needed to show all of the other entertainment system information. This couldn’t be obtained from the OBD-II port but the CAN bus looked promising, although he couldn’t find any details for his model initially. But with over 2.5 million of the 207’s on the road, it wasn’t long before [Alexandre] hit jackpot in a French University student project who used a 207 to study the CAN bus. The 207’s CAN bus system was sub-divided in to three separate buses and the “comfort” bus provided all the data he needed. To decode the CAN frames, he used an Arduino, a CAN bus shield and a python script to visualize the data, checking to see which frames changed when he performed certain functions — such as changing volume or putting the gear in reverse, for example.

The Arduino could not drive the HDMI display directly, so he needed additional hardware to complete his hack. While a Raspberry Pi would have been ideal, [Alexandre] is an iOS developer so he naturally gravitated towards the Apple ecosystem. He connected an old iPod to the Arduino via a serial connection from the Dock port on the iPod. But using the Apple HDMI adapter to connect to the display broke the serial connection, so he had to put his thinking cap back on. This time, he used a HM-10 BLE module connected to the Arduino, and replaced the older iPod Touch (which didn’t support BLE) with a more modern iPhone 4S. Once he had all the bits and pieces working, it wasn’t too long before he could wrap up this long drawn upgrade, but the final result looks as good as a factory original. Check out the video after the break.

It’s great to read about these kinds of hacks where the hacker digs in his feet and doesn’t give up until it’s done and dusted. And thanks to his detailed post, and all the code shared on his GitHub repository, it should be easy to replicate this the second time around, for those looking to upgrade their old 207. And if you’re looking for inspiration, check out this great Homemade Subaru Head Unit Upgrade.

Continue reading “Reverse-Engineering The Peugeot 207’s CAN Bus”