It seems a bit unfair to pile on a product that has already been roundly criticized for its security vulnerabilities. But when that product is a device that is ostensibly deployed to keep one’s family and belongings safe, it’s plenty fair. And when that device is an alarm system that can be defeated by a two-dollar wireless remote, it’s practically a responsibility.
The item in question is the SimpliSafe alarm system, a fully wireless, install-it-yourself system available online and from various big-box retailers. We’ve covered the system’s deeply flawed security model before, whereby SDRs can be used to execute a low-effort replay attack. As simple as that exploit is, it looks positively elegant next to [LockPickingLawyer]’s brute-force attack, which uses a $2 RF remote as a jammer for the 433-MHz wireless signal between sensors and the base unit.
With the remote in close proximity to the system, he demonstrates how easy it would be to open a door or window and enter a property guarded by SimpliSafe without leaving a trace. Yes, a little remote probably won’t jam the system from a distance, but a cheap programmable dual-band transceiver like those offered by Baofeng would certainly do the trick. Not being a licensed amateur operator, [LockPickingLawyer] didn’t test this, but we doubt thieves would have the respect for the law that an officer of the court does.
The bottom line with alarm systems is that you get what you pay for, or sadly, significantly less. Hats off to [LockPickingLawyer] for demonstrating this vulnerability, and for his many other lockpicking videos, which are well worth watching.
Continue reading “Alarm System Defeated By $2 Wireless Dongle, Nobody Surprised”
It’s cold outside! So grab a copy of the Hackaday Podcast, and catch up on what you missed this week.
Highlights include a dip into audio processing with sox and FFMPEG, scripting for Gmail, weaving your own carbon fiber tubes, staring into the sharpest color CRT ever, and unlocking the secrets of cheap 433 MHz devices. Plus Elliot talks about his follies in building an igloo while Mike marvels at what’s coming out of passive RFID sensor research.
And what’s that strange noise at the end of the podcast?
Direct Download (59.2 MB MP3)
Places to follow Hackaday podcasts:
Continue reading “Hackaday Podcast Ep3 – Igloos, Lidar, And The Blinking LED Of RF Hacking”
Many low-cost wireless temperature and humidity sensors use a 433 MHz transmitter to send data back to their base stations. This is a great choice for the manufacturer of said devices because it’s simple and the radios are cheap, but it does limit what we as the consumer can do with it a bit. Generally speaking, you won’t be reading data from these sensors on your computer unless you’ve got an SDR device and some experience with GNU Radio and reading the Nexus protocol.
But [Aquaticus] has developed a very comprehensive piece of software that should make integrating these type of sensors into your home automation system much easier, as long as you’ve got a spare Raspberry Pi lying around. Called nexus433, it uses a cheap 433 MHz receiver connected to the Pi’s GPIO pins to receive data from environmental sensors using the popular Nexus communication protocol. A few known compatible sensors are listed in the project documentation, one of which can be had for as little as $5 USD shipped.
In addition to publishing the temperature, humidity, and battery level values from the sensors to MQTT, it even tracks connection quality for each individual sensor and when they go on and offline. To be sure, this is no simple hack. In nexus433, [Aquaticus] has created a mature Linux service with enough flexibility that you shouldn’t have any problems working it into your automation setup, whether it’s Home Assistant or something you’ve put together yourself.
We’ve seen a number of home automation hacks using these ubiquitous 433 MHz radios, from controlling them with an ESP8266 to hacking a popular TP-LINK router into a low-cost home automation hub.
Temperature is a delicate thing. Our bodies have acclimated to a tight comfort band, so it is no wonder that we want to measure and control it accurately. Plus, heating and cooling are expensive. Measuring a single point in a dwelling may not be enough, especially if there are multiple controlled environments like a terrarium, pet enclosure, food storage, or just the garage in case the car needs to warm up. [Tim Leland] wanted to monitor commercially available sensors in several rooms of his house to track and send alerts.
The sensors of choice in this project are weather resistant and linked in his project page. Instead of connecting them to a black box, they are linked to a Raspberry Pi so your elaborate home automation schemes can commence. [Tim] learned how to speak the thermometer’s language from [Ray] who posted about it a few years ago.
The system worked well, but range from the receiver was only 10 feet. Thanks to some suggestions from his comments section, [Tim] switched the original 433MHz receiver for a superheterodyne version. Now the sensors can be a hundred feet from the hub. The upgraded receiver is also linked on his page.
We’ve delved into thermocouple reading recently, and we’ve featured [Tim Leland] and his 433MHz radios before.
‘Tis soon to be the season when resolutions falter and exercise equipment purchased with the best of intentions is cast aside in frustration. But with a little motivation, like making your exercise machine a game console controller, you can maximize your exercise gear investment and get in some guilt-free gaming to boot.
Honestly, there is no better motivation for keeping up with exercise than taking classes, but not many people have the discipline — or the pocketbook — to keep going to the gym for the long haul. With this in mind, [Jason] looked for a way to control PS4 games like Mario Karts or TrackMania with his recumbent bike. In an attempt to avoid modifying the bike, [Jason] decided on a wearable motion sensor for his ankle. Consisting of an Uno, an MPU9250 accelerometer, and a transmitter for the 433-MHz ISM band, the wearable sends signals to a receiver whenever the feet are moving. This simulates pressing the up arrow controller key to set the game into action. Steering and other game actions are handled by a regular controller; we’d love to see this expanded to include strain gauges on the recumbent bike’s handles to allow left-right control by shifting weight in the seat. Talk about immersive gameplay!
While we like the simplicity of [Jason]’s build and the positive reinforcement it provides, it’s far from the first exercise machine hack we’ve seen. From making Google Street View bike-controlled to automatically logging workouts, exercise machines are ripe for the hacking.
Continue reading “Gamify Your Workout With This Wearable Console Controller”
If you own one of the ubiquitous RTL-SDR software defined radio receivers derived from a USB digital TV receiver, one of the first things you may have done with it was to snoop on wide frequency bands using the waterfall view present in most SDR software. Since the VHF and UHF bands the RTL covers are sometimes a little devoid of signals, chances are you homed in upon one of the ISM bands as used by plenty of inexpensive wireless devices for all sorts of mundane control tasks. Unless you reside in the depths of the wilderness, ISM band sniffing will show a continuous procession of chirps; short bursts of digital data. It is surprising, the number of radio-controlled devices you weren’t aware were in your surroundings.
Some of these devices, such as car security keys, are protected by rolling encryption schemes to deter would-be attackers. But many of the more harmless devices simply send a command in the open without the barest of encryption. The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.
It’s not the most refined of attack because all it does is take the recorded file and retransmit it with the [F5OEO] RPiTX software. But they do demonstrate it in action with a wireless lightbulb, a door bell, a wireless relay, and a remote-controlled switched socket. Since the data in question is transmitted as OOK, or on-off keying, the RPiTX AM mode stands in for the transmitter.
You can see it in action in the video below the break. Now, have you investigated the ISM band chirps in your locality?
Continue reading “Attack Some Wireless Devices With A Raspberry Pi And An RTL-SDR”
While most of you reading this have broadband in your home, there are still vast areas with little access to the Internet. Ham radio operator [emmynet] found himself in just such a situation recently, and needed to get a wireless connection over 1 km from his home. WiFi wouldn’t get the job done, so he turned to a 433 MHz serial link instead. (Alternate link)
[emmynet] used an inexpensive telemetry kit that operates in a frequency that travels long distances much more easily than WiFi can travel. The key here isn’t in the hardware, however, but in the software. He went old-school, implemending peer-to-peer TCP/IP connection using SLIP — serial line Internet protocol. All of the commands to set up the link are available on his project page. With higher gain antennas than came with the telemetry kit, a range much greater than 1 km could be achieved as well.
[Editor’s note: This is how we all got Internet, over phone lines, back in the early Nineties. Also, you kids get off my lawn! But also, seriously, SLIP is a good tool to have in your toolbox, especially for low-power devices where WiFi would burn up your batteries.]
While it didn’t suit [emmynet]’s needs, it is possible to achieve extremely long range with WiFi itself. However this generally requires directional antennas with very high gain and might not be as reliable as a lower-frequency connection. On the other hand, a WiFi link will (in theory) get a greater throughput, so it all depends on what your needs are. Also, be aware that using these frequencies outside of their intended use might require an amateur radio license.
Continue reading “Long Range Wireless Internet”