PSA: Amazon Sidewalk Rolls Out June 8th

May 19, 2021 by Kristina Panos 41 Comments

Whether you own any Amazon surveillance devices or not, we know how much you value your privacy. So consider this your friendly reminder that Amazon Sidewalk is going live in a few weeks, on June 8th. A rather long list of devices have this setting enabled by default, so if you haven’t done so already, here’s how to turn it off.

Don’t know what we’re talking about? Our own Jenny List covered the topic quite concretely a few months back. The idea behind it seems innocent enough on the surface — extend notoriously spotty Wi-Fi connectivity to devices on the outer bounds of the router’s reach, using Bluetooth and LoRa to talk between devices and share bandwidth. Essentially, when Amazon flips the switch in a few weeks, their entire fleet of opt-in-by-default devices will assume a kind of Borg hive-mind in that they’ll be able to share connectivity.

A comprehensive list of Sidewalk devices includes: Ring Floodlight Cam (2019), Ring Spotlight Cam Wired (2019), Ring Spotlight Cam Mount (2019), Echo (3rd Gen), Echo (4th Gen), Echo Dot (3rd Gen), Echo Dot (4th Gen), Echo Dot (3rd Gen) for Kids, Echo Dot (4th Gen) for Kids, Echo Dot with Clock (3rd Gen), Echo Dot with Clock (4th Gen), Echo Plus (1st Gen), Echo Plus (2nd Gen), Echo Show (1st Gen), Echo Show (2nd Gen), Echo Show 5, Echo Show 8, Echo Show 10, Echo Spot, Echo Studio, Echo Input, Echo Flex. — Amazon Sidewalk FAQ

Now this isn’t a private mesh network in your castle, it’s every device in the kingdom. So don’t hesitate, don’t wait, or it will be too late. Grab all your Things and opt-out if you don’t want your doorbell cam or Alexa machine on the party line. If you have the Alexa app, you can allegedly opt out on all your devices at once.

Worried that Alexa is listening to you more often than she lets on? You’re probably right.

Amazon’s Custom T-Shirt May Rub You The Wrong Way

January 6, 2021 by Kristina Panos 49 Comments

How far would you go in pursuit of the perfect black t-shirt? Would you let Amazon build a virtual double of your body? They already know so much about you, so what’s a body scan or two between customer and company?

So here’s the deal — Amazon is trying to launch a brand of bespoke clothing called Made for You, and they’re starting with custom solid color t-shirts. Here’s how it works: you give them $25 along with information about your height, weight, and skin tone. Then you upload two pictures of your torso to their app, and these get turned into a 3D model of your body. Once your avatar is built to match, you design your shirt to fit the model. In theory, you get a really good idea of how it will fit.

You can choose from two different fabrics and eight colors, and can customize the neckline, the shirt length, and the sleeve length. If you want to, you can put your name on the tag. Then your perfect t-shirt gets made in the US from imported fabric — either lightweight or medium weight pima cotton. We’re not sure if robots or people are making them, but our money is on people. After all, Amazon is the company that created Mechanical Turk to form a pool of humans available to do on-demand work via the Internet. This is along those lines but with tailors sewing to your specifications. The big questions are what do you get, how does the technology make these better than off-the-rack, and do you give up your privacy in return?

One-Size Fits One

To say that these are custom t-shirts is a bit of a stretch. Oh you don’t need to worry about the t-shirts being skin-tight and showcasing your spare tire — if it’s a relaxed fit you want, that’s one of the options. But the current options are limited.

Continue reading “Amazon’s Custom T-Shirt May Rub You The Wrong Way” →

Amazon Halo Teardown Is Supremely Thorough

December 31, 2020 by Anool Mahidharia 10 Comments

We rarely see teardowns this detailed. [txyzinfo] wanted to know what hardware was under the hood, and did an amazing Amazon Halo Teardown.

Sometime around the middle of 2020, Amazon jumped on to the health and fitness tracker space with the introduction of the Halo — a $100 device with an add on $4 monthly subscription service if you wanted additional features, which Amazon calls “labs”, many of which are third-party services. The device does not have any display at all, and any metrics that need to be displayed (heart rate, steps, calories, etc.) show up on the Halo phone app. Halo’s focus is more on health, rather than fitness. It helps monitor your active and sleep states, keeps track of body fat, and reports your emotional state.

We won’t delve much in to the pros and cons of the device, other than mention two features which have the potential to creep out most folks. The device has a pair of microphones, which listen to the “tone” of your voice and report on your emotional state. The other is its use of your phone via the companion app, to take photos of you, preferably dressed in your undergarments. Your front, back and side photos get uploaded to Amazon servers, get converted to a 3D model, and then downloaded back to your phone. Amazon mentions that the photos are never retained and deleted from their servers once your 3D model is transferred back to the phone. Amazon’s ML algorithms then calculate your body fat percentage. More worryingly, the app offers a slider which you can move to see how you will “look” if you have higher or lower body fat percentages.

Fortunately for us hardware hacker types, [txyzinfo] wanted to unlock all the secrets Amazon poured into this design. Even if the device in particular does not interest you, the techniques he uses are very educational and will prove a useful addition to your skills. The device does not have any external fasteners, with the back cover being held together with glue. [txyzinfo] starts off by applying a solvent around the back cover to soften the glue, then works with his spudger to pry it open. The back cover appears to have an antenna with touch-contact terminations without a connector. The main body holds the rest of the electronics, and can be easily removed by unscrewing the four corner screws. Using a combination of solvent to soften the glue at various points, and snips to cut off retaining plastic tabs, he manages to untangle the hybrid rigid-flex PCB assembly from its plastic-metal clam-shell.

He uses a hot-air blower to cleanly separate the flex PCB parts attached to the rigid PCB. With all the flex pieces removed, he is left with the main part of the device — the rigid PCB with most parts potted under a metal shield filled with what appears to be a soft, grey compound. At this point, we are not sure if the potting compound is for heat dissipation, or just to obfuscate reverse engineering. His next action gives us a severe case of the heebie jeebies, as he clamps the PCB to a milling machine, and mills away the sides of the metal shield. Next, he heats the whole assembly with the hot air gun to melt all the solder, applying some generous amounts of flux, using the spudger to pull apart the PCB from the components embedded in the potting compound. Check out the video after the break to see his tear down techniques in action.

His plan was to identify as many parts as he could, but he wasn’t very successful, and managed to identify just a few — the two MEMS microphones, two temperature sensors and the LED driver on the flex PCB, and the photo-diodes, 6-axis IMU, battery charger and flash memory on the main board. The board has an uncommon 5-layer stack up, with the centre layer being ground. PCB de-layering is a time consuming process and requires a lot of patience, but in the end, he was able to get a pretty good result. He found some oddities in the track layout and was able to identify some of the more common connections to the I2C bus and between the micro-controller and its memory. He also located several test points which seem promising for a second round of investigations. Sometime in the future, he plans to get another Halo and have a go at it using the JTAGulator and GoodFET.

Tear downs are a favourite for all hackers, as is evident by the regularity with which we keep seeing them. If this one hasn’t whetted your appetite, then check out this other Fitness Tracker Teardown which is a lesson in Design for Manufacture.

Continue reading “Amazon Halo Teardown Is Supremely Thorough” →

Amazon Sidewalk: Should You Be Co-Opted Into A Private Neighbourhood LoRa Network?

November 30, 2020 by Jenny List 61 Comments

WiFi just isn’t very good at going through buildings. It’s fine for the main living areas of an average home, but once we venture towards the periphery of our domains it starts to become less reliable. For connected devices outside the core of a home, this presents a problem, and it’s one Amazon hope to solve with their Sidewalk product.

It’s a low-bandwidth networking system that uses capability already built into some Echo and Ring devices, plus a portion of the owner’s broadband connection to the Internet. The idea is to provide basic connectivity over longer distances to compatible devices even when the WiFi network is not available, but of most interest and concern is that it will also expose itself to devices owned by other people. If your Internet connection goes down, then your Ring devices will still provide a basic version of their functionality via a local low-bandwidth wide-area wireless network provided by the Amazon devices owned by your neighbours. Continue reading “Amazon Sidewalk: Should You Be Co-Opted Into A Private Neighbourhood LoRa Network?” →

Quadcopter With Stereo Vision

June 30, 2020 by Bryan Cockfield 5 Comments

Flying a quadcopter or other drone can be pretty exciting, especially when using the video signal to do the flying. It’s almost like a real-life video game or flight simulator in a way, except the aircraft is physically real. To bring this experience even closer to the reality of flying, [Kevin] implemented stereo vision on his quadcopter which also adds an impressive amount of functionality to his drone.

While he doesn’t use this particular setup for drone racing or virtual reality, there are some other interesting things that [Kevin] is able to do with it. The cameras, both ESP32 camera modules, can make use of their combined stereo vision capability to determine distances to objects. By leveraging cloud computing services from Amazon to offload some of the processing demands, the quadcopter is able to recognize faces and keep the drone flying at a fixed distance from that face without needing power-hungry computing onboard.

There are a lot of other abilities that this drone unlocks by offloading its resource-hungry tasks to the cloud. It can be flown by using a smartphone or tablet, and has its own web client where its user can observe the facial recognition being performed. Presumably it wouldn’t be too difficult to use this drone for other tasks where having stereoscopic vision is a requirement.

Thanks to [Ilya Mikhelson], a professor at Northwestern University, for this tip about a student’s project.

Behind Amazon’s Doors Is A Library

December 6, 2019 by Al Williams 7 Comments

Some people love Amazon, while others think it has become too big and invasive. But you have to admit, they build gigantic and apparently reliable systems. Interestingly, they recently released a library of white papers from their senior staff called the Builder’s Library.

According to their blog post:

The Amazon Builders’ Library is a collection of living articles that take readers under the hood of how Amazon architects, releases, and operates the software underpinning Amazon.com and AWS. The Builders’ Library articles are written by Amazon’s senior technical leaders and engineers, covering topics across architecture, software delivery, and operations. For example, readers can see how Amazon automates software delivery to achieve over 150 million deployments a year or how Amazon’s engineers implement principles such as shuffle sharding to build resilient systems that are highly available and fault tolerant.

The Amazon Builders’ Library will continue to be updated with new content going forward.

Continue reading “Behind Amazon’s Doors Is A Library” →

The Amazon Dash Button: A Retrospective

August 27, 2019 by Kerry Scharfglass 38 Comments

The Internet of Things will revolutionize everything! Manufacturing? Dog walking? Coffee bean refilling? Car driving? Food eating? Put a sensor in it! The marketing makes it pretty clear that there’s no part of our lives which isn’t enhanced with The Internet of Things. Why? Because with a simple sensor and a symphony of corporate hand waving about machine learning an iPhone-style revolution is just around the corner! Enter: Amazon Dash, circa 2014.

The first product in the Dash family was actually a barcode scanning wand which was freely given to Amazon Fresh customers and designed to hang in the kitchen or magnet to the fridge. When the Fresh customer ran out of milk they could scan the carton as it was being thrown away to add it to their cart for reorder. I suspect these devices were fairly expensive, and somewhat too complex to be as frequently used as Amazon wanted (thus the extremely limited launch). Amazon’s goal here was to allow potential customers to order with an absolute minimum of friction so they can buy as much as possible. Remember the “Buy now with 1-Click” button?

That original Dash Wand was eventually upgraded to include a push button activated Alexa (barcode scanner and fridge magnet intact) and is generally available. But Amazon had pinned its hopes on a new beau. Mid 2015 Amazon introduced the Dash Replenishment Service along with a product to be it’s exemplar – the Dash Button. The Dash Button was to be the 1-Click button of the physical world. The barcode-scanning Wands require the user to remember the Wand was nearby, find a barcode, scan it, then remember to go to their cart and order the product. Too many steps, too many places to get off Mr. Bezos’ Wild Ride of Commerce. The Dash Buttons were simple! Press the button, get the labeled product shipped to a preconfigured address. Each button was purchased (for $5, with a $5 coupon) with a particular brand affinity, then configured online to purchase a specific product when pressed. In the marketing materials, happy families put them on washing machines to buy Tide, or in a kitchen cabinet to buy paper towels. Pretty clever, it really is a Buy now with 1-Click button for the physical world.

There were two versions of the Dash button. Both have the same user interface and work in fundamentally the same way. They have a single button (the software can recognize a few click patterns), a single RGB LED (‘natch), and a microphone (no, it didn’t listen to you, but we’ll come back to this). They also had a WiFi radio. Version two (silently released in 2016) added Bluetooth and completely changed the electrical innards, though to no user facing effect.

In February 2019, Amazon stopped selling the Dash Buttons. Continue reading “The Amazon Dash Button: A Retrospective” →