amazon

80 Articles

33C3: Hunz Deconstructs The Amazon Dash Button

February 2, 2017 by 22 Comments

The Amazon Dash button is now in its second hardware revision, and in a talk at the 33rd Chaos Communications Congress, [Hunz] not only tears it apart and illuminates the differences with the first version, but he also manages to reverse engineer it enough to get his own code running. This opens up a whole raft of possibilities that go beyond the simple “intercept the IP traffic” style hacks that we’ve seen.

dash_block_diagramJust getting into the Dash is a bit of work, so buy two: one to cut apart and locate the parts that you have to avoid next time. Once you get in, everything is tiny! There are a lot of 0201 SMD parts. Hidden underneath a plastic blob (acetone!) is an Atmel ATSAMG55, a 120 MHz ARM Cortex-M4 with FPU, and a beefy CPU all around. There is also a 2.4 GHz radio with a built-in IP stack that handles all the WiFi, with built-in TLS support. Other parts include a boost voltage converter, a BTLE chipset, an LED, a microphone, and some SPI flash.

The strangest part of the device is the sleep mode. The voltage regulator is turned on by user button press and held on using a GPIO pin on the CPU. Once the microcontroller lets go of the power supply, all power is off until the button is pressed again. It’s hard to use any less power when sleeping. Even so, the microcontroller monitors the battery voltage and presumably phones home when it gets low.
Continue reading “33C3: Hunz Deconstructs The Amazon Dash Button”

Shmoocon 2017: The Ins And Outs Of Manufacturing And Selling Hardware

January 17, 2017 by 29 Comments

Every day, we see people building things. Sometimes, useful things. Very rarely, this thing becomes a product, but even then we don’t hear much about the ins and outs of manufacturing a bunch of these things or the economics of actually selling them. This past weekend at Shmoocon, [Conor Patrick] gave the crowd the inside scoop on selling a few hundred two factor authentication tokens. What started as a hobby is now a legitimate business, thanks to good engineering and abusing Amazon’s distribution program.

The product in question is the U2F Zero, an open source U2F token for two-factor authentication. It’s built around the Atmel/Microchip ATECC508A crypto chip and is, by all accounts, secure enough. It’s also cheap at about $0.70 a piece, and the entire build comes to about $3 USD. All of this is hardware, and should be extremely familiar to the regular Hackaday reader. This isn’t the focus of [Conor]’s talk though. The real challenge is how to manufacture and sell these U2F dongles, a topic we looked in on back in September.

The circuit for this U2F key is basically just a crypto chip and a USB microcontroller, each of which needs to be programmed separately and ideally securely. The private key isn’t something [Conor] wants to give to an assembly house, which means he’s programming all these devices himself.

For a run of 1100 units, [Conor] spent $350 on PCB, $3600 for components and assembly, $190 on shipping and tariffs from China, and an additional $500 for packaging on Amazon. That last bit pushed the final price of the U2F key up nearly 30%, and packaging is something you have to watch if you ever want to sell things of your own.

For distribution, [Conor] chose Fulfillment By Amazon. This is fantastically cheap if you’re selling a product that already exists, but of course, [Conor]’s U2F Zero wasn’t already on Amazon. A new product needs brand approval, and Amazon would not initially recognize the U2F Zero brand. The solution to this was for [Conor] to send a letter to himself allowing him to use the U2F Zero brand and forward that letter to the automated Amazon brand bot. Is that stupid? Yes. Did it work? Also yes.

Sales were quiet until [Conor] submitted a tip to Hacker News and sold about 70 U2F Zeros in a day. After that, sales remained relatively steady. The U2F Zero is now a legitimate product. Even though [Conor] isn’t going to get rich by selling a dozen or so U2F keys a day, it’s still an amazing learning experience and we’re glad to have sat in on his story of bootstrapping a product, if only for the great tip on getting around Amazon’s fulfillment policies.

Police Want Alexa Data; People Begin To Realize It’s Listening

December 28, 2016 by 143 Comments

It is interesting to see the wide coverage of a police investigation looking to harvest data from the Amazon Echo, the always-listening home automation device you may know as Alexa. A murder investigation has led them to issue Amazon a warrant to fork over any recordings made during the time of a crime, and Amazon has so far refused.

Not too long ago, this is the sort of news would have been discussed on Hackaday but the rest of my family would have never heard about it. Now we just need to get everyone to think one step beyond this and we’ll be getting somewhere.

What isn’t being discussed here is more of concern to me. How many of you have a piece of tape over your webcam right now? Why did you do that? It’s because we know there are compromised systems that allow attackers to turn on the camera remotely. Don’t we have to assume that this will eventually happen with the Echo as well? Police warrants likely to affect far less users than account breaches like the massive ones we’ve seen with password data.

All of the major voice activated technologies assert that their products are only listening for the trigger words. In this case, police aren’t just looking for a recording of someone saying “Alexa, help I’m being attacked by…” but for any question to Alexa that would put the suspect at the scene of the crime at a specific time. Put yourself in the mind of a black hat. If you could design malware to trigger on the word “Visa” you can probably catch a user giving their credit card number over the phone. This is, of course, a big step beyond the data already stored from normal use of the system.

It’s not surprising that Amazon would be served a warrant for this data. You would expect phone records (although not recordings of the calls) to be reviewed in any murder case. Already disclosed in this case is that a smart water meter from the home reported a rather large water usage during the time of the murder — a piece of evidence that may be used to indicate a crime scene clean-up effort.

What’s newsworthy here is that people who don’t normally think about device security are now wondering what their voice-controlled tech actually hears them say. And this is a step in the right direction.

Controlling A Game Room With Amazon Echo

November 27, 2016 by 2 Comments

If there are two things we love here at Hackaday, it’s games and automating mundane tasks by adding a lot of electronics and voice control. A game room is, therefore, the perfect sandbox for projects that get us excited in all of the right ways. Liberty Games, a UK-based games room company, already had a really impressive game room (as you might expect). They’ve just posted an awesome build log showcasing how they went about automating mundane game room tasks by adding a lot of electronics and voice control.

There were four tasks that Liberty Games wanted to be able to complete with voice control: releasing billiards balls on their pool table, adding credits to an arcade machine, releasing pinballs on a pinball machine, and control of a CD jukebox. For all of these tasks, they used an Amazon Echo, which already has built-in support for adding new “skills” (Amazon’s term for user-created Alexa commands). These skills allow the Echo to communicate with other devices using JavaScript Object Notation (JSON).

Continue reading “Controlling A Game Room With Amazon Echo”

Put An Honest Face On Alexa With This HAL 9000 Build

November 15, 2016 by 17 Comments

Amazon put out a version of Alexa’s software that  could run on Raspberry Pi. Adafruit sold a big scary red button. For, [Keith Elliott] the project ahead was an obvious conclusion.

The Raspberry Pi version of Alexa’s software was lagging behind the release version. You had to press a button to input a command, which really steals a lot of the joy out of a creepy voice controlled robot listening to you putz around the house. Now, it can wake on command.

Since this sold him on finally adding Amazon’s ever watching witch eye to his home, he decided he would give it appropriately sinister clothes. These were 3D printed from files based on Adafruit’s guide. He ended up with a fairly convincing facade.

The inside is kind of melancholy. A lone Raspberry Pi 3 is held company by a microphone and audio amplifier. These are pretty much all that’s needed to make you home automated shopping experience dreams come true. Video after the break.

Continue reading “Put An Honest Face On Alexa With This HAL 9000 Build”

A DIY, Visual Alexa

October 17, 2016 by 21 Comments

Talking to computers is all the rage right now. We are accustomed to using voice to communicate with each other, so that makes sense. However, there’s a distinct difference between talking to a human over a phone line and conversing face-to-face. You get a lot of visual cues in person compared to talking over a phone or radio.

Today, most voice-enabled systems are like taking to a computer over the phone. It gets the job done, but you don’t always get the most benefit. To that end, [Youness] decided to marry an OLED display to his Alexa to give visual feedback about the current state of Alexa. It is a work in progress, but you can see two incarnations of the idea in the videos below.

A Raspberry Pi provides the horsepower and the display. A Python program connects to the Alexa Voice Service (AVS) to understand what to do. AVS provides several interfaces for building voice-enabled applications:

  • Speech Recognition/Synthesis – Understand and generate speech.
  • Alerts – Deal with events such as timers or a user utterance.
  • AudioPlayer – Manages audio playback.
  • PlaybackController – Manages playback queue.
  • Speaker – Controls volume control.
  • System – Provides client information to AVS.

We’ve seen AVS used to create an Echo clone (in a retro case, though). We also recently looked at the Google speech API on the Raspberry Pi.

Continue reading “A DIY, Visual Alexa”

Amazon Dash Reboots Your Pi

October 15, 2016 by 15 Comments

We all know feature creep can be a problem in almost any project. A simple idea can often become unusable if a project’s scope isn’t clearly defined in the beginning. However, the opposite problem sometimes presents itself: forgetting to include a key feature. [Zach] had this problem when he built a Raspberry Pi magic mirror and forgot to build a physical reset/shutoff switch. Luckily he had a spare Amazon Dash button and re-purposed it for use with his Pi.

The Raspberry Pi doesn’t include its own on/off switch. Without installing one yourself, the only way to turn off the device (without access to the terminal) is to unplug it, which can easily corrupt data on the SD card. Since [Zach]’s mirror was already complete, he didn’t want to take the entire thing apart just to install a button. There’s already a whole host of applications for the Dash button, so with a little Node.js work on the Raspberry Pi he was able to configure a remote-reset button for his mirror.

This is a similar problem for most Raspberry Pi owners, so if you want to follow [Zach]’s work he has done a great job detailing his process on his project site. If you’re looking for other uses for these convenient network-enabled buttons, he also links to a Github site with lots of other projects. This pizza button is probably our favorite, though.