See The Hands-on Details Behind Stunning Helmet Build

September 28, 2024 by 5 Comments

[Zibartas] recently created wearable helmets from the game Starfield that look fantastic, and we’re happy to see that he created a video showcasing the whole process of design, manufacture, and assembly. The video really highlights just how much good old-fashioned manual work like sanding goes into getting good results, even in an era where fancy modern equipment like 3D printing is available to just about anyone.

The secret to perfectly-tinted and glassy-smooth clear visors? Lots and lots of sanding and polishing.

The visor, for example, is one such example. The usual approach to making a custom helmet visor (like for Daft Punk helmet builds) is some kind of thermoforming. However, the Starfield helmet visors were poor candidates due to their shape and color. [Zibartas]’s solution was to 3D print the whole visor in custom-tinted resin, followed by lots and lots of sanding and polishing to obtain a clear and glassy-smooth end product.

A lot of patient sanding ended up being necessary for other reasons as well. Each helmet has a staggering number of individual parts, most of which are 3D printed with resin, and these parts didn’t always fit together perfectly well.

[Zibartas] also ended up spending a lot of time troubleshooting an issue that many of us might have had an easier time recognizing and addressing. The helmet cleverly integrates a faux-neon style RGB LED strip for internal lighting, but the LED strip would glitch out when the ventilation fan was turned on. The solution after a lot of troubleshooting ended up being simple decoupling capacitors, helping to isolate the microcontrollers built into the LED strip from the inductive load of the motors.

What [Zibartas] may have lacked in the finer points of electronics, he certainly makes up for in practical experience when it comes to wearable pieces like these. The helmets look solid but are in fact full of open spaces and hollow, porous surfaces. This makes them more challenging to design and assemble, but it pays off in spades when worn. The helmets not only look great, but allow a huge amount of airflow. This along with the fans makes them comfortable to wear as well as prevents the face shield from misting up from the wearer’s breathing. It’s a real work of art, so check out the build video, embedded just below.

Continue reading “See The Hands-on Details Behind Stunning Helmet Build”

Spectroscopy On The Cheap

September 27, 2024 by 11 Comments

[Project 326] wanted to know exactly what gas was in some glass tubes. The answer, of course, is to use a spectrometer, but that’s an expensive piece of gear, right? Not really. Sure, these cheap devices aren’t perfect, but they are serviceable and, as the video below shows, there are ways to work around some of the limitations.

The two units in question are “The Little Garden” spectrometer and a TLM-2. Neither are especially sensitive, but both are well under $100, so you can’t expect much. Because the spectrometers were not very sensitive, a 3D printed jig and lens were used to collect more light and block ambient light interference. The jigs also allowed the inclusion of special filters, which enhanced performance quite a bit. The neon bulbs give off the greatest glow when exposed to high voltage. Other bulbs contain things like helium, xenon, and carbon dioxide. There were also tubes with mercury vapor and even deuterium.

We’ll admit it. Not everyone needs a spectrometer, but if you do, there’s a lot of really interesting info on how to get the most out of these cheap devices. Apparently, [Project 326] was frustrated that he couldn’t buy an X-ray spectrometer and has vowed to create one, so we’ll be interested to see how that goes.

Some homebrew spectrometers can get pretty fancy. Of course, there’s more to spectroscopy than just optics.

Continue reading “Spectroscopy On The Cheap”

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

September 27, 2024 by 55 Comments

These days everything needs to be connected to remote servers via the internet, whether it’s one’s TV, fridge or even that new car you just bought. A recently discovered (and already patched) vulnerability concerning Kia cars was a doozy in this regard, as a fairly straightforward series of steps allowed for any attacker to obtain the vehicle identification number (VIN) from the license plate, and from there become registered as the car’s owner on Kia’s network. The hack and the way it was discovered is described in great detail on [Sam Curry]’s website, along with the timeline of its discovery.

Notable is that this isn’t the first vulnerability discovered in Kia’s HTTP-based APIs, with [Sam] this time taking a poke at the dealer endpoints. To his surprise, he was able to register as a dealer and obtain a valid session ID using which he could then proceed to query Kia’s systems for a user’s registered email address and phone number.

With a specially crafted tool to automate the entire process, this information was then used to demote the car’s owner and register the attacker as the primary owner. After this the attacker was free to lock/unlock the doors, honk to his heart’s content, locate the car and start/stop the vehicle. The vulnerability affected all Kia cars made after 2013, with the victim having no indication of their vehicle having been hijacked in this manner. Aside from the doors randomly locking, the quaint honking and engine turning on/off at a whim, of course.

Perhaps the scariest part about this kind of vulnerability is that it could have allowed an attacker to identify a vulnerable parked car, gained access, before getting into the car, starting the engine and driving away. As long as these remote APIs allow for such levels of control, one might hope that one day car manufacturers will take security somewhat more serious, as this is only the latest in a seemingly endless series of amusingly terrifying security vulnerabilities that require nothing more than some bored hackers with HTTP query crafting tools to discover.

Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate”

Retro Gadgets: Things Your TV No Longer Needs

September 27, 2024 by 52 Comments

It is hard to imagine that a handful of decades ago, TV wasn’t a thing. We’ve talked a few times about the birth of television. After an admittedly slow slow start, it took over like wildfire. Of course, anything that sells millions will spawn accessories. Some may be great. Then there are others.

We wanted to take a nostalgic look back at some of the strange add-ons people used to put on or in their TVs. Sure, VCRs, DVD players, and video game consoles were popular. But we were thinking a little more obscure than that.

Rabbit Ears

A state-of-the-art set of rabbit ears from the 1970s

Every once in a while, we see an ad or a box in a store touting the ability to get great TV programming for free. Invariably, it is a USB device that lets you watch free streaming channels or it is an antenna. There was a time when nearly all TVs had “rabbit ears” — so called because they made an inverted V on the top of your set.

These dipoles were telescoping and you were supposed to adjust them to fit the TV station you were watching but everyone “knew” that you wanted them as long as possible at all times. Holding one end of them gave it a ground and would give you a major improvement in picture. People also liked to wrap tin foil around the tips. Was it like a capacitive hat? We aren’t sure.

The better rabbit ears had knobs and switches along with multiple elements. If you lived close to a TV station, you probably didn’t need much. If you didn’t, no number of fancy add-ons would likely help you. Continue reading “Retro Gadgets: Things Your TV No Longer Needs”

This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9

September 27, 2024 by 15 Comments

It looks like there’s finally hope for sane password policies. The US National Institue of Standards and Technology, NIST, has released a draft of SP 800-63-4, the Digital Identity Guideline.

There’s password guidance in there, like “SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords” and “SHALL NOT require users to change passwords periodically.” NIST approved passwords must be at least 8 characters long, with a weaker recommendation of at least 15 characters. Security questions like name of first pet get the axe. And it’s strongly recommended that all ASCII and Unicode characters should be acceptable for passwords.

This is definitely moving in the right direction. NIST guidelines are only binding for government services and contractors, though they do eventually get picked up by banks and other industries. So there’s hope for sane password policies eventually.

Tank Hacking

Researchers at Bitsight are interested in infrastructure security, and they opted to take a closer look at Automatic Tank Gauging (ATG) systems. Those are found at gas stations, as well as any other facility that needs automated monitoring of liquids or gasses in a tank. There is an actual ATG message format, originally designed for RS-232 serial, and woefully unprepared for the interconnected present. The protocol allows for an optional security code, but it maxes out at only six alpha-numeric characters.

Among the vulnerabilities getting announced today, we have a pair of CVSS 10 command injection flaws, a quartet of 9.8 authentication bypass flaws, with one of those being a hardcoded credential — AKA a backdoor. The other CVSS9+ flaw is a SQL injection, with a trio of slightly less serious flaws. Continue reading “This Week In Security: Password Sanity, Tank Hacking, And The Mystery 9.9”

Blinking An LED Passively

September 27, 2024 by 44 Comments

It is a pretty common first project to use an Arduino (or similar) to blink an LED. Which, of course, brings taunts of: you could have used a 555! You can, of course, also use any sort of oscillator, but [Mustafa] has a different approach. Blinking an LED with three resistors and a capacitor. Ok, ok… one of the resistors is a light-dependent resistor, but still.

In reality, this is a classic relaxation oscillator. The capacitor charges until the LED lights. This, however, causes the capacitor to discharge, which eventually turns off the LED, and the process starts again.

There is one wrinkle that could be considered a feature. In daylight, the capacitor will stay in the off state, so the blinking only occurs in darkness. Of course, the resistor also has to have a sufficient view of the LED. You might use this as a safety light that only works in the dark.

A simple circuit, but it just goes to show that we tend to forget the simple solutions in a world where a computer costs less than a dollar.

Of course, you can get a chip whose sole purpose is to blink LEDs. We always like examples of doing more with less.

Continue reading “Blinking An LED Passively”

Stretch Goal: 300X Arduino

September 26, 2024 by 5 Comments

The Faboratory at Yale University has set a number of stretch goals. We don’t mean that in the usual sense. They’ve been making, as you can see in the video below, clones of commercial devices that can stretch over 300%. They’ve done Ardunios and similar controllers along with sensors. The idea is to put computer circuits in flexible robots and other places where flexibility is key, like wearable electronics.

If you are interested in details, you’ll want to read the paper in Science Robotics. They take the existing PCB layout and use a laser to cut patterns in a paper mask over the stretchable substrate. They then apply oxidized gallium-indium to build conductors.

Continue reading “Stretch Goal: 300X Arduino”