The SimpliSafe home security system is two basic components, a keyboard and a base station. Sensors such as smoke detectors, switches, and motion sensors can be added to this system, all without a wired installation. Yes, this security system is completely wireless. Yes, you can still buy a software defined radio for ten dollars. Yes, the device has both “simple” and “safe” in its name. We all know where this is going, right?
Last week, [Andrew Zonenberg] at IOActive published a security vulnerability for the SimpliSafe wireless home security system. As you would expect from an off-the-shelf, wireless, DIY security system, the keypad and base station use standard 433 MHz and 315 MHz ISM band transmitters and receivers. [Dr. Zonenberg]’s attack on the system didn’t use SDR; instead, test points on the transmitters were tapped and messages between the keypad and base station were received in cleartext. When the correct PIN is entered in the keypad, the base station replies with a ‘PIN entered’ packet. Replaying this packet with a 433 MHz transmitter will disable the security system.
[Michael Ossmann] took this one step further with a software defined radio. [Ossmann] used a HackRF One to monitor the transmissions from the keypad and turned to a cheap USB SDR dongle to capture packets. Replaying keypad transmissions were easy, but with a little bit more work new attacks can be found. The system can be commanded to enter test mode even when the system is armed bypassing notifications to the owner.
It’s a hilarious failure of wireless security, especially given the fact that this exploit can be performed by anyone with $100 in equipment. With a little more effort, an attacker can execute a PIN replay from a mile away. Sadly, failures of security of this magnitude are becoming increasingly common. There will assuredly be more attacks of this kind in the future, at least until hardware manufacturers start taking the security (of their security products) seriously.
[BrittLiv] and her boyfriend got in one too many fights about who set the alarm. It’s the only argument they seem to repeat. So, true to her nature as an engineer, she over-engineered. The result was this great puzzle alarm clock.
The time displayed on the front is not the current time. Since the argument was about alarm times in the first place, [BrittLiv] decided the most prominent number should be the next alarm. To hear the time a button (one of the dots in the colon) must be pressed on the front of the clock. To set the alarm, however, one must manually move the magnetized segments to the time you’d like to get up. Processing wise, for a clock, it’s carrying some heat. It runs on an Intel Edison, which it uses to synthesize a voice for the time, news, weather, and, presumably, tweets. It sounds great, check it out after the break.
All in all the clock looks great, and works well too. We hope it brought peace to [BrittLiv]’s household.
Continue reading “Puzzle Alarm Clock Gets Couple Up In The Morning”
CSL Dualcom, a popular maker of security systems in England, is disputing claims from [Cybergibbons] that their CS2300-R model is riddled with holes. The particular device in question is a communications link that sits in between an alarm system and their monitoring facility. Its job is to allow the two systems to talk to each other via internet, POT lines or cell towers. Needless to say, it has some heavy security features built in to prevent tampering. It appears, however, that the security is not very secure. [Cybergibbons] methodically poked and prodded the bits and bytes of the CS2300-R until it gave up its secrets. It turns out that the encryption it uses is just a few baby steps beyond a basic Caesar Cipher.
A Caesar Cipher just shifts data by a numeric value. The value is the cipher key. For example, the code IBDLBEBZ is encrypted with a Caesar Cipher. It doesn’t take very much to see that a shift of “1” would reveal HACKADAY. This…is not security, and is equivalent to a TSA lock, if that. The CS2300-R takes the Caesar Cipher and modifies it so that the cipher key changes as you move down the data string. [Cybergibbons] was able to figure out how the key changed, which revealed, as he put it – ‘the keys to the kingdom’.
There’s a lot more to the story. Be sure to read his detailed report (pdf) and let us know what you think in the comments below.
We mentioned that CSL Dualcom is disputing the findings. Their response can be read here.
It has been incredibly humid around these parts over the last week, and there seems to be something about these dog days that makes you leave the fridge or freezer door open by mistake. [pnjensen] found this happening all too often to the family chill chest, with the predictable accretion of frost on the coils as the water vapor condensed out of the entrained humid air and froze. The WiFi-enabled fridge alarm he built to fight this is a pretty neat hack with lots of potential for expansion.
Based on a Sparkfun ESP8266 Thing and home-brew door sensors built from copper tape, the alarm is rigged to sound after 120 seconds of the door being open. From the description it seems like the on-board buzzer provides a periodic reminder pip while the door is open before going into constant alarm and sending an SMS message or email; that’s a nice touch, and having the local alarm in addition to the text or email is good practice. As a bonus, [pjensen] also gets a log of each opening and closing of the fridge and freezer. As for expansion, the I2C header is just waiting for more sensors to be added, and the built-in LiPo charger would provide redundancy in a power failure.
If frost buildup is less a problem for you than midnight snack runs causing another kind of buildup, you might want to check out this willpower-enhancing IoT fridge alarm.
[Simon] has been using his home alarm system for over six years now. The system originally came with a small RF remote control, but after years of use and abuse it was finally falling apart. After searching for replacement parts online, he found that his alarm system is the “old” model and remotes are no longer available for purchase. The new system had similar RF remotes, but supposedly they were not compatible. He decided to dig in and fix his remote himself.
He cracked open the remote’s case and found an 8-pin chip labeled HCS300. This chip handles all of the remote’s functions, including reading the buttons, flashing the LED, and providing encoded output to the 433MHz transmitter. The HCS300 also uses KeeLoq technology to protect the data transmission with a rolling code. [Simon] did some research online and found the thew new alarm system’s remotes also use the same KeeLoq technology. On a hunch, he went ahead and ordered two of the newer model remotes.
He tried pairing them up with his receiver but of course it couldn’t be that simple. After opening up the new remote he found that it also used the HCS300 chip. That was a good sign. The manufacturer states that each remote is programmed with a secret 64-bit manufacturer’s code. This acts as the encryption key, so [Simon] would have to somehow crack the key on his original chip and re-program the new chip with the old key. Or he could take the simpler path and swap chips.
A hot air gun made short work of the de-soldering and soon enough the chips were in place. Unfortunately, the chips have different pinouts, so [Simon] had to cut a few traces and fix them with jumper wire. With the case back together and the buttons in place, he gave it a test. It worked. Who needs to upgrade their entire alarm system when you can just hack the remote?
[Stian] thought it would be nice if his coworkers could be electronically notified when the latest batch of coffee is ready. He ended up building an inexpensive coffee alarm system to do exactly that. When the coffee is done, the brewer can press a giant button to notify the rest of the office that it’s time for a cuppa joe.
[Stian’s] first project requirement was to activate the system using a big physical button. He chose a button from Sparkfun, although he ended up modifying it to better suit his needs. The original button came with a single LED built-in. This wasn’t enough for [Stian], so he added two more LEDs. All three LEDs are driven by a ULN2003A NPN transistor array. Now he can flash them in sequence to make a simple animation.
This momentary push button supplies power to a ESP8266 microcontroller using a soft latch power switch. When the momentary switch is pressed, it supplies power to the latch. The latch then powers up the main circuit and continues supplying power even when the push button is released. The reason for this power trickery is to conserve power from the 18650 li-on battery.
The core functionality of the alarm uses a combination of physical hardware and two cloud-based services. The ESP8266 was chosen because it includes a built-in WiFi chip and it only costs five dollars. The microcontroller is configured to connect to the WiFi network with the push of a button. The device also monitors the giant alarm button.
When the button is pressed, it sends an HTTP request to a custom clojure app running on a cloud service called Heroku. The clojure app then stores brewing information in a database and sends a notification to the Slack cloud service. Slack is a sort of project management app that allows multiple users to work on projects and communicate easier over the internet. [Stian] has tapped into it in order to send the actual text notification to his coworkers to let them know that the coffee is ready. Be sure to watch the demo video below. Continue reading “Alarm Notifies the Office When the Coffee is Ready”
If you are like [Gbola], then you have a hard time waking up during the winter months. Something about the fact that it’s still dark outside just makes it that much more difficult to get out of bed. [Gbola] decided to build his own solution to this problem, by gradually waking himself up with an electric light. He was able to do this using all off-the-shelf components and a bit of playing around with the Tasker Android application.
[Gbola] started out with a standard desk lamp. He replaced the light bulb with a larger bulb that simulates the color temperature of natural daylight. He then switched the lamp on and plugged it into a WeMo power switch module. A WeMo is a commercial product that attempts to make home automation accessible for consumers. This particular module allows [Gbola] to control the power to his desk lamp using his smart phone.
[Gbola] mentions that the official WeMo Android application is slow and includes no integration with Tasker. He instead decided to use the third-party WeMoWay application, which does include Tasker support. Tasker is a separate Android application that allows you to configure your device to perform a set task or series of tasks based on a context. For example you might turn your phone to silent mode when your GPS signal shows you are at work. WeMoWay allows [Gbola] to interact with his WeMo device based on any parameter he configures.
On top of all of that, [Gbola] also had to install three Tasker plugins. These were AutoAlarm, Taskkill, and WiFi Connect. He then got to work with Tasker. He configured a custom task to identify when the next alarm was configured on the phone. It then sets two custom variables, one for 20 minutes before the alarm (turn on the lamp) and one for 10 minutes after (turn it off).
[Gbola] then built a second task to actually control the lamp. This task first disconnects and reconnects to the WiFi network. [Gbola] found that the WeMoWay application is buggy and this “WiFi reset” helps to make it more reliable. It then kills the WeMoWay app and restarts it. Finally, it executes the command to toggle the state of the lamp. The project page has detailed instructions in case anyone wants to duplicate this. It seems like a relatively painless way to build your own solution for less than the cost of a specialized alarm clock lamp.