If you upgraded to Amazon’s latest Echo Dot, you might have been surprised to find that the diminutive voice assistant had shed its USB port. Earlier models of the Dot used a garden variety micro USB port for power, which hackers eventually figured out also provided a helpful way to snoop around inside the device’s firmware. The fact that the USB port was deleted on the latest Echo Dot in favor of a simple barrel connector for power was seen by some as a sign that Amazon was trying to keep curious owners out of their hardware.
But as [Brian Dorey] shows, all they did was put a bump in the road. While they removed the external USB connector, the traces for it are still on the board waiting to be accessed. Even better, it turns out the USB data lines are connected to the test points located on the bottom of the Dot. All you need is a simple breakout that will connect through the existing opening in the device’s case, and you’ve got your USB port back.
So what can you do with USB on the Echo Dot? Well, not much right now. [Brian] found that the Dot shows up as a Mediatek device under Linux using
fastboot can see it and even confirms the presence of a locked bootloader. It’s going to take some work from the community to see how deep this particular rabbit hole goes.
Even if you’re not interested in restoring its USB port, [Brian] has uncovered a wealth of fascinating hardware information about the Echo Dot during his deep-dive. He’s mapped out many of the test points located throughout the device’s PCBs, and found a few interesting points that might be worth further investigation. For example, he found that driving one of the pins high would trigger the Dot to mute its microphones; which could be useful for anyone looking to cover Alexa’s ears.
[Brian] first cracked open the Echo Dot last month, after scoring one for cheap during Amazon’s Prime Day sale. It looks like he’s making fairly rapid progress on unraveling the mysteries of this popular gadget, and we’re very interested in seeing where this research takes us.
Like a million or so other people, [Brian Dorey] picked up a third generation Echo Dot during Amazon’s big sale a couple weeks ago. Going for less than half its normal retail price, he figured it was the perfect time to explore Amazon’s voice assistant offerings. But the low price also meant that he didn’t feel so bad tearing into the thing for our viewing pleasure.
By pretty much all accounts, the Echo Dot line has been a pretty solid performer as far as corporate subsidized home espionage devices go. They’re small, fairly cheap, and offer the baseline functionality that most people expect. While there was nothing precisely wrong with the earlier versions of the Dot, Amazon has used this latest revision of the device to give the gadget a more “premium” look and feel. They’ve also tried to squeeze a bit better audio out of the roughly hockey puck sized device. But of course, some undocumented changes managed to sneak in there as well.
For one thing, the latest version of the Dot deletes the USB port. Hackers had used the USB port on earlier versions of the hardware to try and gain access to the Android (or at least, Amazon’s flavor of Android) operating system hiding inside, so that’s an unfortunate development. On the flip side, [Brian] reports there’s some type of debug header on the bottom of the device. A similar feature allowed hackers to gain access to some of Amazon’s other voice assistants, so we’d recommend hopeful optimism until told otherwise.
The Echo Dot is powered by a quad-core Mediatek MT8516BAAA 64-bit ARM Cortex-A35 processor and the OS lives on an 8GB Samsung KMFN60012M-B214 eMMC. A pair of Texas Instruments LV320ADC3101 ADCs are used to process the incoming audio from the four microphones arranged around the edge of the PCB, and [Brian] says there appears to be a Fairchild 74LCX74 flip-flop in place to cut the audio feed when the user wants a bit of privacy.
Of course, the biggest change is on the outside. The new Dot is much larger than the previous versions, which means all the awesome enclosures we’ve seen for its predecessor will need to be reworked if they want to be compatible with Amazon’s latest and greatest.
In the “Automate the Freight” series, I’ve concentrated on stories that reflect my premise that the killer app for self-driving vehicles will not be private passenger cars, but will more likely be the mundane but necessary task of toting things from place to place. The economics of replacing thousands of salary-drawing and benefit-requiring humans in the logistics chain are greatly favored compared to the profits to be made by providing a convenient and safe commuting experience to individuals. Advances made in automating deliveries will eventually trickle down to the consumer market, but it’ll be the freight carriers that drive innovation.
While I’ve concentrated on self-driving freight vehicles, there are other aspects to automating the supply chain that I’ve touched on in this series, from UAV-delivered blood and medical supplies to the potential for automating the last hundred feet of home delivery with curb-to-door robots. But automation of the other end of the supply chain holds a lot of promise too, both for advancing technology and disrupting the entire logistics field. This time around: automated packaging lines, or how the stuff you buy online gets picked and wrapped for shipping without ever being touched by human hands.
Continue reading “Automate The Freight: Amazon’s Robotic Packaging Lines”
Let’s get caught up on computer security news! The big news is Shadowhammer — The Asus Live Update Utility prompted users to download an update that lacked any description or changelog. People thought it was odd, but the update was properly signed by Asus, and antivirus scans reported it as safe.
Nearly a year later, Kaspersky Labs announced they had confirmed this strange update was indeed a supply chain attack — one that attacks a target by way of another vendor. Another recent example is the backdoor added to CCleaner, when an unknown actor compromised the build system for CCleaner and used that backdoor to target other companies who were using CCleaner. Interestingly, the backdoor in CCleaner has some similarities to the backdoor in the Asus updater. Combined with the knowledge that Asus was one of the companies targeted by this earlier breach, the researchers at Kaspersky Lab suggest that the CCleaner attack might have been the avenue by which Asus was compromised.
Shadowhammer sits quietly on the vast majority of machines it infects. It’s specifically targeted at a pool of about 600 machines, identified by their network card’s MAC address. We’ve not seen any reporting yet on who was on the target list, but Kaspersky is hosting a service to check whether your MAC is on the list.
While we’re still waiting for the full technical paper, researchers gave a nearly 30 minute presentation about Shadowhammer, embedded below the break along with news about Dragonblood, Amazon listening to your conversations, and the NSA delivering on Ghidra source code. See you after the jump!
Continue reading “Shadowhammer, WPA3, And Alexa Is Listening: This Week In Computer Security”
We’ve been occasionally exploring examples of what could be the killer application for self-driving vehicles: autonomous freight deliveries, both long-haul and local, as well as some special use cases. Some, like UAV delivery of blood and medical supplies in Kenya, have taken off and are becoming both profitable and potentially life-saving. Others, like driverless long-haul trucking, made an initial splash but appear to have gone quiet since then. This is to be expected, as the marketplace picks winners and losers in a neverending quest to maximize return on investment. But the whole field seems to have gotten a bit sleepy lately, with no big news of note for quite a while.
That changed last week with Amazon’s announcement of Scout, their autonomous delivery vehicle. Announced first on Amazon’s blog and later picked up by the popular and tech press who repeated the Amazon material almost verbatim, Scout appears at first glance to be a serious attempt by Amazon to own the “last mile” of delivery – the local routes that are currently plied by the likes of UPS, FedEx, and various postal services. Or is it?
Continue reading “Automate The Freight: Amazon Tackles The Last Mile Problem On Wheels”
As far as computer architectures go, ARM doesn’t have anything to be ashamed of. Since nearly every mobile device on the planet is powered by some member of the reduced instruction set computer (RISC) family, there’s an excellent chance these words are currently making their way to your eyes courtesy of an ARM chip. A userbase of several billion is certainly nothing to sneeze at, and that’s before we even take into account the myriad of other devices which ARM processors find their way into: from kid’s toys to smart TVs.
ARM is also the de facto architecture for the single-board computers which have dominated the hacking and making scene for the last several years. Raspberry Pi, BeagleBone, ODROID, Tinker Board, etc. If it’s a small computer that runs Linux or Android, it will almost certainly be powered by some ARM variant; another market all but completely dominated.
It would be a fair to say that small devices, from set top boxes down to smartwatches, are today the domain of ARM processors. But if we’re talking about what one might consider “traditional” computers, such as desktops, laptops, or servers, ARM is essentially a non-starter. There are a handful of ARM Chromebooks on the market, but effectively everything else is running on x86 processors built by Intel or AMD. You can’t walk into a store and purchase an ARM desktop, and beyond the hackers who are using Raspberry Pis to host their personal sites, ARM servers are an exceptional rarity.
Or at least, they were until very recently. At the re:Invent 2018 conference, Amazon announced the immediate availability of their own internally developed ARM servers for their Amazon Web Services (AWS) customers. For many developers this will be the first time they’ve written code for a non-x86 processor, and while some growing pains are to be expected, the lower cost of the ARM instances compared to the standard x86 options seems likely to drive adoption. Will this be the push ARM needs to finally break into the server and potentially even desktop markets? Let’s take a look at what ARM is up against.
Continue reading “Amazon Thinks ARM Is Bigger Than Your Phone”
Putting autonomous vehicles on public roads takes major resources beyond most of our means. But we can explore all the same general concepts at a smaller scale by modifying remote-control toy cars, limited only by our individual budgets and skill levels. For those of us whose interest and expertise lie in software, Amazon Web Services just launched AWS DeepRacer: a complete package for exploring machine learning on autonomous vehicles.
At a hardware level, the spec sheet makes it sound like they’ve bolted their AWS DeepLens machine vision computer on an 1/18th scale monster truck chassis. But the hardware is only the tip of the iceberg. The software behind DeepRacer is AWS RoboMaker, a set of tools for applying AWS to robot development. Everything from running digital simulations on AWS to training neural networks on AWS. Don’t know enough about machine learning? No problem! Amazon has also just opened up their internal training curriculum to the world. And to encourage participation, Amazon is running a DeepRacer League with races taking place both digitally online and physically at AWS Summit events around the world. They’ve certainly offered us a full plate at their re:Invent conference this week.
But maybe someone prefers not to use Amazon, or prefer to build their own hardware, or run their own competitions. Fortunately, Amazon is not the only game in town, merely the latest entry in an existing field. The DeepRacer’s League’s predecessor was the Robocar Rally, and the DeepRacer itself follows the Donkey Car. A do-it-yourself autonomous racing platform we first saw at Bay Area Maker Faire 2017, Donkey Car has since built up its documentation and software tools including a simulator. The default Donkey Car code is fairly specific to the car, but builders are certainly free to use something more general like the open source Robot Operating System and Gazebo robot simulator. (Which is what AWS RoboMaker builds on.)
So if the goal is to start racing little autonomous cars, we have options to buy pre-built hardware or enjoy the flexibility of building our own. Either way, it’s just another example of why this is a great time to get into neural networks, with or without companies like Amazon devising ways to earn our money. Of course, this isn’t the only Amazon project trying to build a business around an idea explored by an existing open source project. We had just talked about their AWS Ground Station offering which covers similar ground (sky?) as our 2014 Hackaday Prize winner SatNOGS.