Extra-Large Denial Of Service Attack Uses DVRs, Webcams

September 26, 2016 by 46 Comments

Brace yourselves. The rest of the media is going to be calling this an “IoT DDOS” and the hype will spin out of control. Hype aside, the facts on the ground make it look like an extremely large distributed denial-of-service attack (DDOS) was just carried out using mostly household appliances (145,607 of them!) rather than grandma’s old Win XP system running on Pentiums.

Slide from <a href="http://slideplayer.org/slide/906693/">this talk</a> by Lisa Plesiutschnig
Replace computers with DVRs. Slide from this talk by Lisa Plesiutschnig

We can argue all day about whether a digital video recorder (DVR) or an IP webcam is an “IoT” device and whether this DDOS attack is the biggest to date or merely among them, but the class of devices exploited certainly are not traditional computers, and this is a big hit. Most of these devices run firmware out of flash, and it’s up to the end user (who is not a sysadmin) to keep it up to date or face the wrath of hackers. And it’s certainly the case that as more Internet-facing devices get deployed, the hacker’s attack surface will grow.

Why did the DDOS network use these particular devices? We’re speculating, but we’d guess it’s a combination of difficult-to-update firmware and user “convenience” features like uPnP. To quote the FBI “The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication.” You can see how this would be good for both the non-tech-savvy and hostile attackers, right? (Turn off UPnP on your router now.)

We alternate between Jekyll and Hyde on the IoT. On one hand, we love having everything in our own home hooked up to our local WiFi network and running on Python scripts. On the other hand, connecting each and every device up to the broader Internet and keeping it secure would be a system administration headache. Average users want the convenience of the latter without having to pay the setup and know-how costs of the former. Right now, they’re left out in the cold. And their toasters are taking down ISPs.

Electronic Message In A Bottle

September 26, 2016 by 12 Comments

We remember going to grandfather’s garage. There he would be, his tobacco pipe clenched between his teeth, wisps of smoke trailing into the air around him as he focused, bent over another of his creations. Inside of a simple glass bottle was something impossible. Carefully, ever so carefully, he would use his custom tools to twist wire. He would carefully place each lead. Eventually when the time was right he would solder. Finally he’d place it on the shelf next to the others, an LED matrix in a bottle.

led-message-in-a-bottle-assemblyWell, maybe not, but [Mariko Kosaka]’s father [Kimio Kosaka] has done it. In order to build the matrix, he needed tools that could reach inside the mouth of the bottle without taking up too much space to allow for precise movement. To do this he bent, brazed, twisted, and filed piano wire into tools that are quite beautiful by themselves. These were used to carefully bend and position the LEDs, wires, and other components inside the bottle.

Once the part was ready, he used a modified Hakko soldering iron to do the final combination. We wonder if he even had to be careful to solder quickly so as not to build up a residue on the inside of the bottle? The electronics are all contained inside the bottle. One of the bottles contained another impressive creation of his: an entire Arduino with only wire, dubbed the Arduino Skeleton. Batteries are attached to the cork so when the power runs low it can be removed and replaced without disturbing the creation.

It’s a ridiculous labor of love, and naturally, we love it. There’s a video of it in operation as well as one with him showing how it was done which is visible after the break. He showed them off at the Tokyo Maker Faire where they were surely a hit.

Continue reading “Electronic Message In A Bottle”

Ig Nobel Prizes: GoatMan, Volkswagen, And The Personalities Of Rocks

September 26, 2016 by 29 Comments

Every year, the Journal of Improbable Research issues its prizes for the craziest (published) scientific research: the Ig Nobel Prize. The ceremony took place a couple nights ago, and if you want to see what you missed, we’ve embedded the (long) video below. (Trigger warning: Actual Nobel laureates being goofy.)

stinker-250
The Stinker

It’s hard to pick the best of freaky research, and the committee did a stellar job this year. The trick is that they don’t give the prize away to quacks — you won’t ever get one with your perpetual motion machine, for instance. Nope, the Ig Nobels go to the kookiest science that could actually end up being useful. So we get projects like the effect of wearing polyester on the sexual activity of rodents in “reproduction” and a study on the perceived personalities of different rocks for marketing purposes in “economics”.

Continue reading “Ig Nobel Prizes: GoatMan, Volkswagen, And The Personalities Of Rocks”

Hackaday Prize Entry: Raspberry Pi Thermal Imaging

September 25, 2016 by 12 Comments

High up on the list of desirable technologies that are edging into the realm of the affordable for the experimenter is the thermal camera. Once the exclusive preserve of those with huge budgets, over the last few years we’ve seen the emergence of cameras that are more affordable, and most recently a selection of thermal camera modules that are definitely within the experimenter’s range. They may not yet have high resolution, but they are a huge improvement on nothing, and they are starting to appear in projects featured on sites like this one.

One such device is the Melexis MLX90621, a 16×4 pixel thermal sensor array in a TO39 can with an I2C interface. It’s hardly an impulse purchase in single quantities and nor is it necessarily the cheapest module available, but its price is low enough for [Alpha Charlie] to experiment with interfacing it to a Raspberry Pi for adding a thermal camera overlay to the pictures from its visible light camera.

The wiring for the module is simplicity itself, and he’s created a couple of pieces of software for it that are available on his GitHub repository. mlxd is a driver daemon for the module, and mixview.py is a Python graphical overlay script that places the thermal array output over the camera output. A run-through of the device and its results can be seen in the video below the break.

Continue reading “Hackaday Prize Entry: Raspberry Pi Thermal Imaging”

Simple RFID Door Lock System

September 25, 2016 by 23 Comments

Group entry hacks are a favorite for hacker social groups. Why use old fashioned keys when you can use newfangled electronic keys? If you are looking to build a simple RFID-based security system to secure your important stuff, this project from Resin.io is a good place to start. In it, [Joe Roberts] outlines the process of building a simple RFID-triggered mechanism for their office door.

It’s a pretty simple setup that is composed of an RFID reader, a Rasperry Pi and a Neopixel ring. When someone places an RFID card against the reader hidden behind a poster by their front door, the reader grabs the code and the Pi compares it with a list of authorized users. If the card is on the list, the Pi triggers the door lock using a signal line originally designed to work with an intercom system. If the user isn’t on the list, a laser is triggered that vaporizes the interloper… well, that’s perhaps in the next version, along with an API that will allow someone to open the door from the company chat application.

At the moment, this is a clean, simple build that uses only a few cheap components, but which could be the basis for a more sophisticated security system in the future.

Hackaday Links: September 25, 2016

September 25, 2016 by 21 Comments

So you like watching stupid stuff? Here you go, a scene from Bones that tops the infamous ‘IP backtrace with Visual Basic’ or ‘four-handed keyboard’ scenes from other TV shows. Someone hacked the bones by embedding malware in a calcium fractal pattern. Also, when she uses the fire extinguisher, she doesn’t spray the base of the fire.

Raspberry Pi! You have no idea how good the term Raspberry Pi is for SEO. Even better is Raspberry Pi clusters, preferably made with Raspberry Pi Zeros. Here’s a Raspberry Pi hat for four Raspberry Pi Zeros, turning five Raspberry Pis into a complete cluster computer. To be honest and fair, if you’re looking to experiment with clusters, this probably isn’t a bad idea. The ‘cluster backplane’ is just a $2 USB hub chip, and a few MOSFETs for turning the individual Pis on and off. The Zeros are five bucks a pop, making the entire cluster cost less than two of the big-boy sized Pi 3s.

Do you think you might have too much faith in humanity? Don’t worry, this video has you covered.

Hacking on some Lattice chips? Here’s a trip to CES for you. Lattice is holding a ‘hackathon’ for anyone who is building something with their chips. The top prize is $5k, and a trip to next year’s CES in Vegas, while the top three projects just get the trip to Vegas. If you already have a project on your bench with a Lattice chip, it sounds like a great way to wait an hour for a cab at McCarran.

UPSat. What’s an upsat? Not much, how about you? The first completely open source hardware and software satellite will soon be delivered to the ISS. Built by engineers from the University of Patras and the Libre Space Foundation, the UPSat was recently delivered to Orbital ATK where it will be delivered to the ISS by a Cygnus spacecraft. From there, it will be thrown out the airlock via the NanoRacks deployment pod.

The Voyager Golden Record is a message in a bottle thrown into the cosmic ocean and a time capsule from Earth that may never be opened. Now it’s a Kickstarter. Yes, this record is effectively Now That’s What I Call Humanity volume 1, but there are some interesting technical considerations to the Voyager Golden Record. To the best of my knowledge, no one has ever tried to extract the audio and pictures from this phonographic time capsule. The pictures included in the Golden Record are especially weird, with the ‘how to decode this’ message showing something like NTSC, without a color burst, displayed on a monitor that is effectively rotated 90 degrees counterclockwise from a normal CRT TV. Want to know how to get on Hackaday? Get this Golden Record and show an image on an oscilloscope. I’d love to see it, if only because it hasn’t been done before by someone independent from the original project.

Air-Powered Top Only Possible On A 3D Printer

September 25, 2016 by 25 Comments

One of the major reasons anyone would turn to a 3D printer, even if they have access to a machine shop, is that there are some shapes that are not possible to make with conventional “subtractive manufacturing” techniques. There are a few more obvious reasons a lot of us use 3D printers over conventional machining such as size and cost, but there’s another major reason that 3D printers are becoming more and more ubiquitous. [Crumbnumber1] at Make Anything’s 3D Printing Channel shows us how powerful 3D printers are at iterative design with his air-powered tops. They incorporate fan blades that allow you to spin the top up to very high speeds by blowing air down onto it.

Iterative design is the ability to rapidly make prototypes that build and improve upon the previous prototype, until you’re left with something that does the job you need. Even with a machine shop at your disposal, it can be expensive to set up all of the tooling for a part, only to find out that the part needs a change and the tooling you have won’t work anymore. This is where 3D printers can step in. Besides all of their other advantages, they’re great for rapid prototyping. [Crumbnumber1] made a box full of tops and was able to test many different designs before settling on one that performed above and beyond everything that came before it.

The video below is definitely worth checking out. The design process is well documented and serves as a great model for anyone looking to up their rapid prototyping game.

Continue reading “Air-Powered Top Only Possible On A 3D Printer”