home hacks

1879 Articles

OWL Insecure Internet Of Energy Monitors

January 2, 2017 by 25 Comments

[Chet] bought an electricity monitor from OWL, specifically because it was open and easy to hack on at him within the confines of his home network. Yay! Unfortunately, it also appears to be easy to hack read outside of his home network too, due to what appears to be extraordinarily sloppy security practices.

The short version of the security vulnerability is that the OWL energy monitors seem to be sending out their data to servers at OWL, and this data is then accessible over plain HTTP (not HTTPS) and with the following API: http://beta.owlintuition.com/api/electricity/history_overview.php?user=&nowl=&clientdate=. Not so bad, right? They are requiring username and password, plus the ID number of the device. Maybe someone could intercept your request and read your meter remotely, because it’s not encrypting the transaction?

Nope. Much worse. [Chet] discovered that the username and password fields appear not to be checked, and the ID number is the device’s MAC address which makes is very easy to guess at other device IDs. [Chet] tried 256 MACs out, and got 122 responses with valid data. Oh my!

Take this as a friendly reminder and a cautionary tale. If you’re running any IoT devices, it’s probably worth listening to what they’re saying and noting to whom they’re saying it, because every time you send your data off to “the cloud” you’re trusting someone else to have done their homework. It is not a given that they will have.

Comfort Thermometer With Impressive LED Display

January 2, 2017 by 8 Comments

A frequent early project for someone learning to use a microcontroller such as an Arduino board involves hooking up a temperature sensor and an LCD display to make a digital thermometer. Not many components are involved, but it provides a handy practical introduction to interfacing peripherals. Once you’ve passed that step in your tech education, do you ever return to thermometers? Probably not, after all what can you add to a thermometer but a sensor and a display?

Perhaps if you have asked yourself that question you might be interested in [Richard Stevens]’s thermometer project, as he refers to it, a Comfort Thermometer Display. It takes the form of an Ikea Ribba frame inset with 517 LEDs arranged as a central set of seven segment displays, a ring of bar graphs, and an outer ring of RGB LEDs. Behind the scenes is a mass of cabling, and four shaped pieces of stripboard to fit the area around the LEDs. The display cycles through readings for temperature, heat index, and humidity.

Powering it all are a brace of microcontrollers: an ATMega328 for the 7-segments and a range of PICs controlling the bar graphs and RGB LEDs. Another PIC handles RF communication with the sensors, which are housed in a remote box. We’ve embedded the video of the device in operation below the break, and we’re sure you’ll agree it’s an impressive piece of work.

Continue reading “Comfort Thermometer With Impressive LED Display”

SST Is A Very Tidy ESP8266 Smart Thermostat

January 1, 2017 by 15 Comments

The smart thermostat has become in a way the public face of the Internet of Things. It’s a demonstration that technological uptake by the general public is driven not by how clever the technology is, but by how much use they can see in it. A fridge that offers your recipes or orders more eggs may be a very neat idea, but at street level a device allowing you to turn your heating on at home before you leave work is much cooler. Products like Nest or Hive have started to become part of normal suburban life.

There is no reason though for an IoT thermostat to be a commercial product like the two mentioned. Our subject today demonstrates this; SST is a Wi-Fi smart thermostat using an ESP8266 that can be controlled by an app, thanks to its use of the open-source Souliss IoT Framework.

The build is very well finished, with PCBs, colour display and other components in a neat 3D-printed box. It’s a project that you could put in front of an end-user, it’s finished to such a high standard. Physical entity files are available from the hackaday.io page linked above, while its firmware is available in a GitHub repository. THere is a video showing some of the device’s capabilities, which we’ve put below the break.

Continue reading “SST Is A Very Tidy ESP8266 Smart Thermostat”

Cheap Cat Feeder Enhances Sleep

December 30, 2016 by 21 Comments

We’ll admit it: we sometimes overcomplicate things. Look at [Peter Weissbrod’s] automated cat feeder, for example. It isn’t anything more than a bottle, a servo, some odds and ends, and an Arduino. However, it lets him sleep in without his cat waking him for service.

We looked at the code and thought, “This thing will just dispense food all the time! That’s not what you want!” Then we looked closer. [Peter] uses a common household timer to just turn the device on in the morning, let it run for a bit, and then turns it off. You can see a video of the mechanism, below.

Continue reading “Cheap Cat Feeder Enhances Sleep”

Police Want Alexa Data; People Begin To Realize It’s Listening

December 28, 2016 by 143 Comments

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

Cat Vs. Human Escalates With Armor-Plated Feeder

December 23, 2016 by 16 Comments

Wars generally increase innovation as the opposing sides try to kill each other in ever more efficient ways. Even the soft war waged daily between felines and their human servants results in innovation, to wit we offer this armor-plated automated cat feeder.

The conflict between [Sprocket H.G. Shopcat] and her human [Quinn Dunki] began with a thoughtfully provided automatic food dispenser. Like human vending machine customers who witness a just-purchased bag of Cheesy Poofs dangling on the end of the dispense auger, [Sprocket] learned that the feeder would dispense a few fishy nuggets when nudged. [Quinn] embarked on an iterative design process to control [Sprocket]’s off-schedule snacking. Fastening the feeder firmly to the floor, and adding obstructions to prevent her from pawing up the dispense chute — nothing seemed to stop the clever feline’s raids. [Quinn] then pulled out all the stops and whipped up a [Sprocket]-safe enclosure for the feeder from 1/8″ plate steel and copper. This seems to have put the cat back on the straight and narrow, and it doesn’t look half bad either.

All kidding aside, [Quinn]’s approach to this problem is pretty instructive. Careful observations informed several cycles of reasonable modifications until it became clear that only the most extreme solution would work. There’ve been tons of cat feeders here before, from the simple to the complex, but we think all would fall prey to the clever [Sprocket] without a little up-armoring.

Continue reading “Cat Vs. Human Escalates With Armor-Plated Feeder”

How Has Amazon Managed To Make Hackers Love Alexa?

December 19, 2016 by 115 Comments

Our hackspace has acquired an Amazon Dot, courtesy of a member. It mostly seems to be used as a source of background music, but it has also spawned a seemingly never-ending new entertainment in which the hackspace denizens ceaselessly bait their new electronic companion with ever more complex and esoteric requests. From endless rephrasing and careful enunciation of obscure early reggae artists to try to settle a musical argument to hilarious mis-hearing on the part of our silicon friend, the fun never stops. “Alexa, **** off!” it seems results in “I’m sorry, I can’t find a device of that name on this network”.

amazon-dot-always-listeningThat is just the experience of one hackspace, but it evidently does not end there. Every other day it seems that new projects using Alexa pass through the Hackaday timeline, so it looks as though Amazon’s online personal assistant has been something of a hit within our community.

Fair enough, you might say, we’re always early adopters of any new technology. But it’s a development over which I wonder; am I alone in finding it surprising? It’s worth taking a moment to look at the subject.

Continue reading “How Has Amazon Managed To Make Hackers Love Alexa?”