Cracking A Bluetooth Credit Card

April 8, 2018 by Tom Nardi 44 Comments

You might be surprised to find out that it’s actually not a good idea to put all of your credit card information on a little Bluetooth enabled device in your pocket. Oh, what’s that? You knew already? Well in that case you won’t find the following information terribly shocking, but it’s still a fascinating look at how security researchers systematically break down a device in an effort to find the chinks in its armor.

[Mike Ryan] of ICE9 Consulting has recently published an article detailing the work done to examine and ultimately defeat the security on the FUZE Card. From using an x-ray machine to do non-destructive reconnaissance on the device’s internals to methodically discovering all the commands it responds to over Bluetooth, it’s safe to say the FUZE Card is cracked wide open at this point.

To be clear, the attacker must still pair with FUZE, so physical access is required. But as pointed out by [Mike] in the blog post, handing your card over to a merchant is standard operating procedure in many cases. It isn’t as if it would be hard to get a hold of one of these FUZE cards for a minute or two without the owner becoming suspicious. Pairing FUZE to the Linux device to continue to the next step of the attack only takes a few seconds, as demonstrated in the video after the break.

Once paired, the attacker can simply send a BLE command to FUZE which disables the lock screen. It’s really that simple. The attacker can also send commands to dump credit card info over Bluetooth, meaning they could download your information even when the card is “safely” back in your pocket. The inherent failure in the FUZE design is that you don’t need to provide any sort of authentication to pair it to a new Bluetooth device. It makes the (very dangerous) assumption that the person holding it is entitled to do so.

Even if you know better than to ever buy a device like this, the post [Mike] has written up is really a must-read for anyone who’s ever looked at a device and tried to figure out what was going on in its little silicon brain. We especially liked his assertion that reverse engineering a device essentially boils down to: “staring, thinking, a little experimentation, but mostly staring and thinking.” We’re having an internal debate here at Hackaday HQ about making that the site’s tagline.

Incidentally, this is very similar to the Bluetooth gun “safe” that was cracked not so long ago. At this point, it might be wise to just stay away from anything with that little blue logo on it if you intend to trust it with your identity and/or deadly weapon.

Continue reading “Cracking A Bluetooth Credit Card” →

A Gif-Playing Top Hat For FRC 2018!

April 3, 2018 by James Hobson 13 Comments

In gearing up to mentor a team at the 2018 FIRST Robotics Competition, redditor [dd0626] wanted to do something cool that resonated with this year’s 8-bit gaming theme. Over the course of a few days, they transformed a top hat into a thematically encapsulating marquee: a LED matrix display loaded with gifs!

The display is actually a sleeve — made from shipping foam, a pillow case, and an old t-shirt — that fits over the hat, leaving it intact and wearable for future events. A Teensy3.6 displays the gifs on four WS2812 16×16 RGB LED matrices, and while a sheer black fabric diffuses the light, it’s still best viewed from several feet away. This is decidedly not intended to be a stealthy hat display.

To mitigate current draw, [dd0626] is using a 5V 30A DC/DC converter and keeping the brightness at a minimum — otherwise, each panel can pull up to 15A! To offset any dip in performance, they’ve bundled in a massive 22,400mAh, 24V battery pack to keep the hat running for a while. Despite all the hardware, the hat weighs under two pounds — eminently wearable for a long day of competition. Continue reading “A Gif-Playing Top Hat For FRC 2018!” →

HairIO: An Interactive Extension Of The Self

March 29, 2018 by Kristina Panos 19 Comments

Most of what we see on the wearable tech front is built around traditional textiles, like adding turn signals to a jacket for safer bike riding, or wiring up a scarf with RGB LEDs and a color sensor to make it match any outfit. Although we’ve seen the odd light-up hair accessory here and there, we’ve never seen anything quite like these Bluetooth-enabled, shape-shifting, touch-sensing hair extensions created by UC Berkeley students [Sarah], [Molly], and [Christine].

HairIO is based on the idea that hair is an important part of self-expression, and that it can be a natural platform for sandboxing wearable interactivity. Each hair extension is braided up with nitinol wire, which holds one shape at room temperature and changes to a different shape when heated. The idea is that you could walk around with a straight braid that curls up when you get a text, or lifts up to guide the way when a friend sends directions. You could even use the braid to wrap up your hair in a bun for work, and then literally let it down at 5:00 by sending a signal to straighten out the braid. There’s a slick video after the break that demonstrates the possibilities.

HairIO is controlled with an Arduino Nano and a custom PCB that combines the Nano, a Bluetooth module, and BJTs that drive the braid. Each braid circuit also has a thermistor to keep the heat under control. The team also adapted the swept-frequency capacitive sensing of Disney’s Touché project to make HairIO extensions respond to complex touches. Our favorite part has to be that they chalked some of the artificial tresses with thermochromic pigment powder so they change color with heat. Makes us wish we still had our Hypercolor t-shirt.

Nitinol wire is nifty stuff. You can use it to retract the landing gear on an RC plane, or make a marker dance to Duke Nukem.

Continue reading “HairIO: An Interactive Extension Of The Self” →

“Attempt” At Wristwatch Is A Solid Success

March 27, 2018 by Brian McEvoy 19 Comments

Sometimes silence is the best compliment to a DIY project, and that doesn’t just apply to homemade lockjaw toffee. When a watch is so well-made that it looks like one from a jewelry store, it is easy to keep quiet. [ColinMerkel] took many pictures of his fourth wristwatch attempt but “attempt” is his word because we call this a success. This time around he didn’t forget the crown for adjusting the time so all the pieces were in place.

His second “attempt” at wristwatch making was featured here and it had a classical elegance. Here, the proverbial game has been stepped up. Instead of using stock steel, the body is constructed of 303 stainless steel. The watch dial will definitely draw compliments if its DIY nature is revealed, which is equally mathematical and charming. Pictures of this process were enough to convey the build without words which is always a bonus if you only want a quick look or English isn’t your first choice for language.

Not only is [Colin] an upstanding horologist, he has a reputation with aftermarket door security and a looping guitar pedal.

Iron Man Mask With A HUD!

March 25, 2018 by James Hobson 12 Comments

At some point, a child will inevitably dream of being a superhero. Not all children get the chance to see that dream made manifest, but a few take that destiny into their own hands. Redditor [Lord_of_Bone] — seizing at that goal — has built himself an Iron Man mask with an integrated HUD!

Relying on a conceptually similar project he’d previously built, much of the code was rehashed for this ‘Mark II’ version. Pieces of a smartphone holo pyramid act as projection surfaces — using a lens to focus the image to be viewed at such close distances — and a pair of OLED screens displaying the information. It’s a happy bonus that the lack of backlight results in only the text showing in the user’s field of view.

Instead of speaking with J.A.R.V.I.S., [Lord_of_Bone] is using a Raspberry Pi Zero W as the mask’s brain. Working past some I2C troubles between the OLED screens and an Enviro pHat required a whipped-up veroboard and a bit of hardware hacking. Cramming everything into the mask was no easy task — using Blutack and Sugru to bind them in the limited space — but the pHat had to be surface-mounted in the open anyways for atmospheric and light data.

Continue reading “Iron Man Mask With A HUD!” →

Inventing The Digital Watch Again And Again And…

March 19, 2018 by Steven Dufresne 97 Comments

In the 1950s, artwork of what the future would look like included flying cars and streamlined buildings reaching for the sky. In the 60s we were heading for the Moon. When digital watches came along in the 70s, it seemed like a natural step away from rotating mechanical hands to space age, electrically written digits in futuristic script.

But little did we know that digital watches had existed before and that our interest in digital watches would fade only to be reborn in the age of smartphones.

Mechanical Digital Watches

Cortébert jump-hour wristwatch by Wallstonekraft CC-BY-SA 3.0 — Cortébert jump-hour wristwatch.
Image by Wallstonekraft CC-BY-SA 3.0

In 1883, Austrian inventor Josef Pallweber patented his idea for a jumping hour mechanism. At precisely the change of the hour, a dial containing the digits from 1 to 12 rapidly rotates to display the next hour. It does so suddenly and without any bounce, hence the term “jump hour”. He licensed the mechanism to a number of watchmakers who used it in their pocket watches. In the 1920s it appeared in wristwatches as well. The minute was indicated either by a regular minute hand or a dial with digits on it visible through a window as shown here in a wristwatch by Swiss watchmaker, Cortébert.

The jump hour became popular worldwide but was manufactured only for a short period of time due to the complexity of its production. It’s still manufactured today but for very expensive watches, sometimes with a limited edition run.

The modern digital watch, however, started from an unlikely source, the classic movie 2001: A Space Odyssey.

Continue reading “Inventing The Digital Watch Again And Again And…” →

Bumblebee Breakout, A DIY Wearable Connector

March 18, 2018 by Lara Grant 16 Comments

The practice of developing wearable electronics offers a lot of opportunity for new connector designs and techniques for embedding electronics. Questions like these will eventually come up: How will this PCB attach to that conductive fabric circuit reliably? What’s the best way to transition from wire to this woven conductive trim? What’s the best way to integrate this light element into this garment while still maintaining flexibility?

Mika Satomi and Hannah-Perner Wilson of Kobakant are innovators in this arena and inspire many with their prolific documentation while they ask themselves questions similar to these. Their work is always geared towards accessibility and the ability to recreate what they have designed. Their most recent documented connector is one they call the Bumblebee Breakout. It connects an SMD addressable RGB LED, such as Adafruit’s Neopixel, to a piece of side glow fiber optic 1.5mm in diameter. On a short piece of tubing, the four pads of the SMD LED are broken out into four copper rings giving it the look of a striped bumblebee. To keep from shorts occurring while wrapping the copper tape contacts around the tube, they use Kapton tape to isolate each layer as they go.

This connector was originally created to be used in a commission they did out of Koba, their e-textile tailor shop located in Berlin. Fiber optics were applied to jackets for a performance called “All Your Base Are Belong To Us” produced by the Puppetry Department of the Hochschule für Schauspielkunst Ernst Busch.