Slider

4880 Articles

Don’t Toss That Bulb, It Knows Your Password

January 29, 2019 by 70 Comments

Whether it was here on Hackaday or elsewhere on the Internet, you’ve surely heard more than a few cautionary tales about the “Internet of Things” by now. As it turns out, giving every gadget you own access to your personal information and Internet connection can lead to unintended consequences. Who knew, right? But if you need yet another example of why trusting your home appliances with your secrets is potentially a bad idea, [Limited Results] is here to make sure you spend the next few hours doubting your recent tech purchases.

In a series of posts on the [Limited Results] blog, low-cost “smart” bulbs are cracked open and investigated to see what kind of knowledge they’ve managed to collect about their owners. Not only was it discovered that bulbs manufactured by Xiaomi, LIFX, and Tuya stored the WiFi SSID and encryption key in plain-text, but that recovering said information from the bulbs was actually quite simple. So next time one of those cheapo smart bulb starts flickering, you might want to take a hammer to it before tossing it in the trash can; you never know where it, and the knowledge it has of your network, might end up.

Regardless of the manufacturer of the bulb, the process to get one of these devices on your network is more or less the same. An application on your smartphone connects to the bulb and provides it with the network SSID and encryption key. The bulb then disconnects from the phone and reconnects to your home network with the new information. It’s a process that at this point we’re all probably familiar with, and there’s nothing inherently wrong with it.

The trouble comes when the bulb needs to store the connection information it was provided. Rather than obfuscating it in some way, the SSID and encryption key are simply stored in plain-text on the bulb’s WiFi module. Recovering that information is just a process of finding the correct traces on the bulb’s PCB (often there are test points which make this very easy), and dumping the chip’s contents to the computer for analysis.

It’s not uncommon for smart bulbs like these to use the ESP8266 or ESP32, and [Limited Results] found that to be the case here. With the wealth of information and software available for these very popular WiFi modules, dumping the firmware binary was no problem. Once the binary was in hand, a little snooping around with a hex editor was all it took to identify the network login information. The firmware dumps also contained information such as the unique hardware IDs used by the “cloud” platforms the bulbs connect to, and in at least one case, the root certificate and RSA private key were found.

On the plus side, being able to buy cheap smart devices that are running easily hackable modules like the ESP makes it easier for us to create custom firmware for them. Hopefully the community can come up with slightly less suspect software, but really just keeping the things from connecting to anything outside the local network would be a step in the right direction.

(Some days later…)

[Limited Results] had hinted to us that he had previously disclosed some vulnerabilities to the bulb’s maker, but that until they fixed them, he didn’t want to make them public. They’re fixed now, and it appears that the bulbs were sending everything over the network unencrypted — your data, OTA firmware upgrades, everything.  They’re using TLS now, so good job [Limited Results]! If you’re running an old version of their lightbulbs, you might have a look.

On WiFi credentials, we were told: “In the case where sensitive information in the flash memory wasn’t encrypted, the new version will include encrypted storage processing, and the customer will be able to select this version of the security chips, which can effectively avoid future security problems.” Argue about what that actually means in the comments.

The Cyborgs Among Us: Exoskeletons Go Mainstream

January 28, 2019 by 39 Comments

Every technological advancement seems to have a sharp inflection point, a time before which it seems like any early adopters are considered kooks, but beyond which the device or service quickly becomes so mainstream that non-adopters become the kooky ones. Take cell phones, for example – I clearly remember a news report back in the 1990s about some manufacturers crazy idea to put a digital camera in a phone. Seemingly minutes later, you couldn’t buy a phone without a camera.

It seems like we may be nearing a similar inflection point with a technology far more complex and potentially far more life-altering than cameras in cell phones: powered exoskeletons. With increasing numbers of news stories covering advancements in exoskeletal assistants for the elderly, therapeutic applications for those suffering from spinal cord injuries and neurodegenerative diseases, and penetration into the workplace – including the battlefield – as amplifiers of human effort, it’s worth taking a look at where we are with exoskeletons before seeing someone using one in public becomes so commonplace as to go unnoticed.

Continue reading “The Cyborgs Among Us: Exoskeletons Go Mainstream”

Drone Sightings, A New British Comedy Soap Opera

January 28, 2019 by 41 Comments

There’s a new soap opera that I can’t stop watching. Actually, I wish I could change the channel but this is unfortunately happening in real life. It’s likely the ups and downs of drone sightings would be too far fetched for fiction anyway.

If you aren’t British, maybe you will know a little of our culture through the medium of television. We don’t all live in stately homes like Downton Abbey of course, instead we’re closer to the sometimes comedic sets, bad lighting, and ridiculously complicated lives of the residents of Coronation Street or of Albert Square in Eastenders that you may have flashed past late at night on a high-number channel.

Our new comedy soap lacks the regional accents of Emmerdale or Hollyoaks, but has no less of the farce about it. Here at Hackaday we’ve brought you news of the UK’s peculiar habit of bad reporting and shoddy investigation of questionable drone sightings several times over the last year or two. Most recently we covered a series of events before Christmas that closed Gatwick, London’s second airport for several days over what turned out to be nothing of substance.

Unfortunately it didn’t end there. We’re back once more to catch up with the latest events down on the tarmac, and come away with a fresh set of reasonable questions unanswered by the popular coverage of the matter.

Continue reading “Drone Sightings, A New British Comedy Soap Opera”

Samy Kamkar’s LED Balloon Network

January 24, 2019 by 8 Comments

Writing this in the frigid darkness of a Northern Hemisphere January evening, I have to admit to more than a little envy of Samy Kamkar and his friends. One of their summer events is a private party at a secluded campground somewhere that looks quite warm, which from here seems mighty attractive.

Samy wanted to provide a spectacle for his friends. What he came up with is glowing orbs; LED balloons that would float above the campsite and wow his friends with their pretty synchronised illumination. Thus an adventure in wireless communications, lighter-than-air flammable gasses versus electronics weight calculations, and code optimization began, the details of which were shared in Samy Kamkar’s 2018 Hackaday Superconference talk embedded below.

Continue reading “Samy Kamkar’s LED Balloon Network”

Video: Putting High Speed PCB Design To The Test

January 24, 2019 by 48 Comments

Designing circuit boards for high speed applications requires special considerations. This you already know, but what exactly do you need to do differently from common board layout? Building on where I left off discussing impedance in 2 layer Printed Circuit Board (PCB) designs, I wanted to start talking about high speed design techniques as they relate to PCBs.  This is the world of multi-layer PCBs and where the impedance of both the Power Delivery Network (PDN) and the integrity of the signals themselves (Signal Integrity or SI) become very important factors.

I put together a few board designs to test out different situations that affect high speed signals. You’ve likely heard of vias and traces laid out at right angles having an impact. But have you considered how the glass fabric weave in the board itself impacts a design? In this video I grabbed some of my fanciest test equipment and put these design assumptions to the test. Have a look and then join me after the break for more details on what went into this!

Continue reading “Video: Putting High Speed PCB Design To The Test”

Cool Tools: A Little Filesystem That Keeps Your Bits On Lock

January 24, 2019 by 52 Comments

Filesystems for computers are not the best bet for embedded systems. Even those who know this fragment of truth still fall into the trap and pay for it later on while surrounded by the rubble that once was a functioning project. Here’s how it happens.

The project starts small, with modest storage needs. It’s just a temperature logger and you want to store that data, so you stick on a little EEPROM. That works pretty well! But you need to store a little more data so the EEPROM gets paired with a small blob of NOR flash which is much larger but still pretty easy to work with. Device settings go to EEPROM, data logs go to NOR. That works for a time but then you remember that people on the Internet are all about the Internet of Things so it’s time to add WiFi. You start serving a few static pages with that surprisingly capable processor and bump into storage problems again so the NOR flash gets replaced with an SD card and now the logs go there too. Suddenly you’re dealing with multiple files and want access on a computer so a real filesystem is in order. FAT is easy, so the card grows a FAT filesystem. Everything is great, but you start to notice patches missing from the logs. Then the SD card gets totally corrupted. What’s going on? Let’s take a look at the problem, and how to reach embedded file nirvana.

Continue reading “Cool Tools: A Little Filesystem That Keeps Your Bits On Lock”

The Short And Tragic Story Of Life On The Moon

January 23, 2019 by 66 Comments

The Moon is a desolate rock, completely incapable of harboring life as we know it. Despite being our closest celestial neighbor, conditions on the surface couldn’t be more different from the warm and wet world we call home. Variations in surface temperature are so extreme, from a blistering 106 C (223 F) during the lunar day to a frigid -183 C (-297 F) at night, that even robotic probes struggle to survive. The Moon’s atmosphere, if one is willing to call the wispy collection of oddball gasses including argon, helium, and neon at nearly negligible concentrations an atmosphere, does nothing to protect the lunar surface from being bombarded with cosmic radiation.

Von Kármán Crater

Yet for a brief time, very recently, life flourished on the Moon. Of course, it did have a little help. China’s Chang’e 4 lander, which made a historic touchdown in the Von Kármán crater on January 3rd, brought with it an experiment designed to test if plants could actually grow on the lunar surface. The device, known as the Lunar Micro Ecosystem (LME), contained air, soil, water, and a collection of seeds. When it received the appropriate signal, LME watered the seeds and carefully monitored their response. Not long after, Chinese media proudly announced that the cotton seeds within the LME had sprouted and were doing well.

Unfortunately, the success was exceptionally short-lived. Just a few days after announcing the success of the LME experiment, it was revealed that all the plants which sprouted had died. The timeline here is a bit hazy. It was not even immediately clear if the abrupt end of the LME experiment was intentional, or due to some hardware failure.

So what exactly do we know about Chang’e 4’s Lunar Micro Ecosystem, and the lifeforms it held? Why did the plants die? But perhaps most importantly, what does all this have to do with potential future human missions to that inhospitable rock floating just a few hundred thousand kilometers away from us?

Continue reading “The Short And Tragic Story Of Life On The Moon”