Hacker Airlines: United Awards 1M Air Miles For Vulnerability

July 19, 2015 by 14 Comments

We’re really happy to see companies getting serious about rewarding white hat hackers. The latest example of this is when [Jordan Wiens] submitted two bugs and was awarded 1,000,000 Sky Miles on United Airlines.

The bounty is so high because he uncovered a method of remote code execution which United has since patched. Unfortunately, United requires bug secrecy so we’re not getting any of the gritty details like we have for some of the recently discovered Facebook vulnerabilities. That’s really too bad because sharing the knowledge about what went wrong helps programmers learn to avoid it in the future. But we still give United a big nod for making this kind of work and responsible reporting worthwhile. [Jordan] did an AMA last night which covered some more general hacking questions.

If you want to turn your leet skills into free travel you need to be a MileagePlus member and not reside in a US sanctioned country. Details on United’s Bug Bounty page.

The Internet Of Soldering Irons

July 19, 2015 by 25 Comments

The Internet of Things needs — well — things. Do you really need your paper shredder hooked up to the Internet? Maybe. But [Vegard Paulsen] put something on the network that every hacker can relate to: his soldering iron.

In typical hacker fashion, fixing a broken digital display on the soldering station turned into a development project that allows [Vegard] to monitor the temperature of his soldering iron on his phone. He found a handy source of power on the station’s PC board and connected a NodeMCU WiFi device (that uses the ubiquitous ESP8266 and an onboard Lua interpreter).

internet-of-soldering-irons-meterThe data pushes out to the Thingspeak server which handles pushing data out to the bigger network, and data representation (like the cool Google gauge in the picture). The best part: [Vegard] gets a phone notification when he accidentally leaves his soldering iron on. How perfect is that?

One unique challenge he faced was soldering the power wires to the soldering station. This could be a problem because the iron tip is grounded so making the joint while the iron was energized would probably blow a fuse (or worse). Luckily, [Vegard] thought ahead and devised a plan that apparently worked.

We’ve seen other examples of how easy NodeMCU and Thingspeak work to put the mundane on the Internet. It seems particularly appropriate to hack a soldering iron, though.

Home Brew Supercapacitor Whipped Up In The Kitchen

July 19, 2015 by 41 Comments

[Taavi] has a problem – a wonky alarm clock is causing him to repeatedly miss his chemistry class. His solution? Outfit his clock radio with a supercapacitor, of course! But not just any supercapacitor – a home-brew 400 Farad supercap in a Tic Tac container (YouTube video in Estonian with English subtitles.)

[Taavi] turns out to be quite a resourceful lad with his build. A bit of hardware cloth and some stainless steel from a scouring pad form a support for the porous carbon electrode, made by mixing crushed activated charcoal with epoxy and squeezing them in a field-expedient press. We’ll bet his roommates weren’t too keen with the way he harvested materials for the press from the kitchen table, nor were they likely thrilled with what he did to the coffee grinder, but science isn’t about the “why?”; it’s about the “why not?” Electrodes are sandwiched with a dielectric made from polypropylene shade cloth, squeezed into a Tic Tac container, and filled with drain cleaner for the electrolyte. A quick bit of charging circuitry, and [Taavi] doesn’t have to sweat that tardy slip anymore.

The video is part of a series of 111 chemistry lessons developed by the chemistry faculty of the University of Tartu in Estonia. The list of experiments is impressive, and a lot of the teaser stills show impressively exothermic reactions, like the reduction of lead oxide with aluminum to get metallic lead or what happens when rubidium and water get together. Some of this is serious “do not try this at home” stuff, but there’s no denying the appeal of watching stuff blow up.

As for [Taavi]’s supercap, we’ve seen a few applications for them before, like this hybrid scooter. [Taavi] may also want to earn points for Tic Tac hacks by pairing his supercapacitor with this Tic Tac clock.

[Thanks, Lloyd!]

Hackaday Prize Entry: A Portable Environmental Monitor

July 18, 2015 by 8 Comments

There are a lot of environmental monitors in the running for this year’s Hackaday Prize. Whether they’re soil moisture sensors for gardens or ultraviolet sensors for the beach, the entrants for The Hackaday Prize seem to grasp the inevitable truth that you need information about the environment before doing anything about the environment.

But what about sharing that information? Wouldn’t it be handy if there were an online repository where you could look up environmental conditions of any location on the planet? That’s where [radu.motisan]’s Portable Environmental Monitor comes in. It’s a small, pocketable device that measures just about everything and uploads that data to the Internet.

This project is a continuation of [radu]’s entry for The Hackaday Prize last year, the Global Radiation Monitoring Network. This was more than just a Geiger tube connected to the Internet; [radu] has a global network of Geiger counters displaying counts per minute on a nifty live map.

[radu]’s latest project expands on the capabilities of the Global Radiation Monitoring Network with more sensors and portability. Inside the Environmental Monitor are enough sensors to look at Alpha, Beta and Gamma radiation, dust and toxic gas, and other types of pollution. With the addition of an ESP8266 WiFi module, this portable device can upload sensor readings to the Internet, greatly expanding [radu]’s uRADMonitor network.

The 2015 Hackaday Prize is sponsored by:

Secret Keyboard Stash

July 18, 2015 by 32 Comments

Hide in plain sight is an old axiom, and one that [Kipkay] took to heart. His sneaky keyboard hack takes the little-used numeric keyboard and converts it to a handy (and secret) hiding hole for small objects you want to keep away from prying eyes.

You might have to adapt the hack to your specific model, but [Kipkay] cuts out the membrane keyboard, secures the numeric keypad keys with hot glue, and then cuts it out with a Dremel. Some cardboard makes the compartment and once the fake keypad is in place, no one is the wiser.

As you can see in the clip after the break, the compartment isn’t very big. You aren’t going to hide your phone inside, but it is just the right size for some emergency cash, a credit card, or maybe an SD card or two.

Continue reading “Secret Keyboard Stash”

Forgotten Rock Band Drum Controller As A MIDI Instrument

July 18, 2015 by 16 Comments

Happen to have an old Rock Band drum controller collecting dust in your living room? If you also have a spare Arduino and don’t mind parting with that plastic college memento then you’ve got the bulk of what could potentially be your new percussive MIDI instrument. In his project video [Evan Kale] outlines the steps necessary to turn that unloved plastic into a capable instrument for recording.

The whole process as outlined by [Evan] in under seven minutes. This looks like a great weekend endeavor for those of us just starting out with MIDI. After cracking the back of the Guitar Hero drum kit controller open, the main board within is easily replaced with a standard sized Ardunio (which matches the present mounting holes exactly). About 4:50 into the video [Evan] explains how to add a basic perf-board shield over the Arduino which connects the piezo sensors in each of the drum pads to the analog pins of the micro-controller. The MIDI jack that comes built into the back of the kit can also be reused as MIDI out when wired to the Arduino’s serial out pin. By adjusting [Evan’s] example code you can dial in the instrument’s feedback to match the intensity of each hit.

The video with all of the details is after the jump. Or you can check out a MIDI hack that goes the other way and uses a drum kit as a Guitar Hero or Rock Band controller instead

Continue reading “Forgotten Rock Band Drum Controller As A MIDI Instrument”

remote control

Hacking Amazon Echo Through Its Remote

July 18, 2015 by 27 Comments

This one’s crazy… literally one electronic device is talking to another. In spoken English. And it works.

We’ve covered several hacks for the Amazon Echo, but some might be surprised to learn that there is another piece of interesting hardware that comes along with it – a remote control. Wire in a Raspberry Pi to it, and you’ve given yourself a way to automate control of the Echo without ever taking the Echo itself apart. [Gamaral] did just this and gave his Echo some significantly enhanced capabilities.

He started off by identifying the power rails of the remote. Then he wires in a 3.3v voltage regulator and uses a 100 ohm resistor as a voltage divider to bring it down to the 1.8 volt logic level used by the Echo remote. A single wire runs from the Raspi GPIO to one of the tactile switches on the controller.

For software, the Raspi is running RPi buildroot with Espeak and a cron scheduler compiled in. This allows him to send commands to the Echo which makes it say just about anything he wants. But any voice commands accepted by the Echo should work. If you want to go outside of those boundaries check out the method of spoofing WeMo devices we saw the other day.

Be sure to check out the [gamaral’s] entertaining video below to see the hack in action.

Continue reading “Hacking Amazon Echo Through Its Remote”