Slider

4929 Articles

Review: InfiRay P2 Pro Thermal Camera

June 19, 2023 by 65 Comments

It probably won’t surprise you to learn that Hackaday is constantly hounded by companies that want us to review their latest and greatest gadget. After all, getting us to post about their product is cheaper, easier, and arguably more effective than trying to come up with their own ad campaign. But if you’ve been with us for awhile, you’ll also know that in-house reviews aren’t something we actually do very often.

The reason is simple: we’re only interested in devices or products that offer something useful or unique to this community. As such, the vast majority of these offers get ignored. I’ll give you an example. For whatever reason, multiple companies have been trying desperately to send me electric bikes with five-figure price tags this year. But since there’s no obvious way to turn that into useful content for the readers of Hackaday, I’m still stuck pedaling myself around like it’s the 1900s. I kid of course…I haven’t dared to get on a bike in a decade.

So I don’t mind telling you that, when InfiRay contacted me about reviewing their P2 Pro thermal camera, the email very nearly went into the trash. We’ve seen these kind of phone-based thermal cameras before, and it seemed to be more of the same. But after taking a close look at the specs, accessories, and claims laid out in the marketing material, I thought this one might be worth checking out first-hand.

Continue reading “Review: InfiRay P2 Pro Thermal Camera”

Hackaday Links Column Banner

Hackaday Links: June 18, 2023

June 18, 2023 by 19 Comments

Will it or won’t it? That’s the question much on the minds of astronomers, astrophysicists, and the astro-adjacent this week as Betelgeuse continued its pattern of mysterious behavior that might portend a supernova sometime soon. You’ll recall that the red giant star in the constellation Orion went through a “great dimming” event back in 2019, where its brightness dipped to 60% of its normal intensity. That was taken as a sign that perhaps the star was getting ready to explode — or rather, that the light from whatever happened to the star 548 years ago finally reached us — and was much anticipated by skywatchers, yours truly included. As it turned out, the dimming was likely caused by Betelgeuse belching forth an immense plume of dust, temporarily obscuring our view of its light. Disappointing.

Those who gave up on the hope of seeing a supernova might have done so too fast, though, because now, the star seems to be swinging the other way and brightening. It briefly became the brightest star in Orion, nearly outshining nearby Sirius, the brightest star in the sky. So what does all this on-again, off-again business mean? According to Dr. Becky, a new study — not yet peer-reviewed, so proceed with caution — suggests that the star could go supernova in the next few decades. The evidence for this is completely unrelated to the great dimming event, but by analyzing the star’s long history of variable brightness. The data suggest that Betelgeuse has entered the carbon fusion phase of its life, a period that only lasts on the scale of a hundred years for a star that size. So we could be in for the ultimate fireworks show, which would leave us with a star brighter than the full moon that’s visible even in daylight. And who doesn’t want to see something like that?

Continue reading “Hackaday Links: June 18, 2023”

Hinged Parts For The 8th Grade Set

June 16, 2023 by 8 Comments

I recently agreed to run a 3D printing camp for 8th graders. If you’ve never shared your knowledge with kids, you should. It is a great experience. However, it isn’t without its challenges. One thing I’ve learned: don’t show the kids things that you don’t want them to try to print.

I learned this, of course, the hard way. I have several “flexy”3D prints. You know the kind. Flexy dinosaurs, cats, hedgehogs, and the like. They all have several segments and a little hinge so the segments wobble. The problem is the kids wanted to print their own creations with flexy hinges.

I’ve built a few print-in-place hinges, but not using Tinkercad, the software of choice for the camp. While I was sure it was possible, it seemed daunting to get the class to learn how to do it. Luckily, there’s an easy way to add hinges like this to a Tinkercad design. There was only one problem.

Continue reading “Hinged Parts For The 8th Grade Set”

This Week In Security: ACME.sh, Leaking LEDs, And Android Apps

June 16, 2023 by 3 Comments

Let’s Encrypt has made an enormous difference to the landscape of the web. The protocol used for authenticating and receiving certificates, ACME, has spawned quite a few clients of various flavors. Some are written in Rust, some in Python or Go, and a few in straight Bash shell script. One of those last ones, acme.sh, was doing something odd when talking to a particular “Certificate Authority”, HiCA. This pseudo-CA only supports acme.sh, and now we know why. The folks behind HiCA found an RCE exploit in acme.sh, and decided to use that exploit to do certificate issuance with more “flexability”. Oof.

The nuts and bolts here is that HiCA was working as a CA-in-the-Middle, wrapping other CA’s authentication services. Those services don’t support ACME authentication at all, and HiCA used the acme.sh vulnerability to put the authentication token in the place SSL.com expected to find it. So, just a good community member offering a service that ACME doesn’t quite support, right?

Well, maybe not so innocent. The way it appears this works, is that the end user sends a certificate request to HiCA. HiCA takes that information, and initiates a certificate request off to SSL.com. SSL.com sends back a challenge, and HiCA embeds that challenge in the RCE and sends it to the end user. The end user’s machine triggers the RCE, which pushes the challenge token to the well-known location, and bypasses the ACME protection against exactly this sort of CA-in-the-middle situation.

The last piece of the authentication process is that the signing server reaches out over HTTP to the domain being signed, and looks for the token to be there. Once found, it sends the signed certificates to HiCA, who then forward them on to the end user. And that’s the problem. HiCA has access to the key of every SSL cert they handled. This doesn’t allow encryption, but these keys could be used to impersonate or even launch MitM attacks against those domains. There’s no evidence that HiCA was actually capturing or using those keys, but this company was abusing an RCE to put itself in the position to have that ability.

The takeaway is twofold. First, as an end user, only use reputable CAs. And second, ACME clients need to be hardened against potentially malicious CAs. The fact that HiCA only supported the one ACME client was what led to this discovery, and should have been a warning flag to anyone using the service. Continue reading “This Week In Security: ACME.sh, Leaking LEDs, And Android Apps”

Retrotechtacular: Circuit Potting, And PCBs The Hard Way

June 15, 2023 by 8 Comments

There was a time when the very idea of building a complex circuit with the intention of destroying it would have been anathema to any electrical engineer. The work put into designing a circuit, procuring the components, and assembling it, generally with point-to-point wiring and an extravagant amount of manual labor, only to blow it up? Heresy!

But, such are the demands of national defense, and as weapons morphed into “weapon systems” after World War II, the need arose for electronics that were not only cheap enough to blow up but also tough enough to survive the often rough ride before the final bang. The short film below, simply titled Potted and Printed Circuits, details the state of the art in miniaturization and modularization of electronics, circa 1952. It was produced by the Telecommunications Research Establishment (TRE), the main electronics R&D entity in the UK during the war which was responsible for inventions such as radar, radio navigation, and jamming technology.

Continue reading “Retrotechtacular: Circuit Potting, And PCBs The Hard Way”

New Wearable Detects Imminent Vocal Fatigue

June 15, 2023 by 2 Comments

“The show must go on,” so they say. These days, whether you’re an opera singer, a teacher, or just someone with a lot of video meetings, you rely on your voice to work. But what if your voice is under threat? Work it too hard, or for too long, and you might find that it suddenly lets you down.

Researchers from Northwestern University have developed a new technology to protect against this happenstance. It’s the first wearable device that monitors vocal usage and calls for time out before damage occurs. The research has been published in the Proceedings of the National Academy of Sciences.

Continue reading “New Wearable Detects Imminent Vocal Fatigue”

The Simplest Social Engineering Hack Of Them All

June 15, 2023 by 62 Comments

Here at Hackaday we cover news and interesting features for the hacker community, with an emphasis more on the hardware side. Nevertheless we also cover stories from time to time from the broader world of security. These usually involve vulnerabilities discovered through the patient work of software or hardware researchers, and are certainly what we’d call hacking. But what about those information security breaches that aren’t hacks like that at all? What happens when the person being breached simply gives you the information?

I’ve got one, and while it’s Not A Hack, it’s definitely something that we and those outside our community need to talk about. I’m talking about the depressingly common occurrence of organisations who should know better, gifting their letterhead to all and sundry in the form of freely editable Word documents. Continue reading “The Simplest Social Engineering Hack Of Them All”