We’ve all seen the stories about IoT devices with laughably poor security. Both within our community as fresh vulnerabilities are exposed and ridiculed, and more recently in the wider world as stories of easily compromised baby monitors have surfaced in mass media outlets. It’s a problem with its roots in IoT device manufacturers treating their products as appliances rather than software, and in a drive to produce them at the lowest possible price.
The Australian government have announced that IoT security is now firmly in their sights, announcing a possible certification scheme with a logo that manufacturers would be able to use if their products meet a set of requirements. Such basic security features as changeable, non-guessable, and non-default passwords are being mentioned, though we’re guessing that would also include a requirement not to expose ports to the wider Internet. Most importantly it is said to include a requirement for software updates to fix known vulnerabilities. It is reported that they are also in talks with other countries to harmonize some of these standards internationally.
It is difficult to see how any government could enforce such a scheme by technical means such as disallowing Internet connection to non-compliant devices, and if that was what was being proposed it would certainly cause us some significant worry. Therefore it’s likely that this will be a consumer certification scheme similar to for example the safety standards for toys, administered as devices are imported and through enforcement of trading standards legislation. The tone in which it’s being sold to the public is one of “Think of the children” in terms of compromised baby monitors, but as long-time followers of Hackaday will know, that’s only a small part of the wider problem.
Thanks [Bill Smith] for the tip.
Baby monitor picture: Binatoneglobal [CC BY-SA 3.0].
If you hail from somewhere to which Australian beers have been exported, you could be forgiven for forming a view of the country based solely on TV adverts for Foster’s, or Castlemaine XXXX. Entertaining 30-second stories of wily young Aussies, and their inventive schemes to get their hands on a cool glass of the Amber Nectar.
Whether it’s an accurate depiction or not is something you’d have to ask an Australian, but it seems to provide a blueprint for at least some real-life stories. An Australian man in Sunbury, west of Melbourne, is to face a fine of up to A$9000 for using his multirotor to pick up a sausage in a bun from a stall in a superstore car park, and deliver it to him relaxing in his hot tub.
From one perspective the video of the event which we’ve posted below the break is a very entertaining film. We see the flight over houses and a main road to a local branch of Bunnings, an Australian hardware store chain. Their sausage sizzle is a weekly institution in which local non-profit groups sell barbecued sausages from a stall in the car park as a fundraiser. The drone lowers a bag on a string over people queuing, with a note saying “Please buy snag(Aussie slang for sausage) and put in bag, here’s $10”. Someone complies, and the tasty treat is flown back over suburbia to our hero in his tub. It’s fairly obviously a production with many takes and supporting actors rather than a real continuous flight, but the Australian Civil Aviation Safety Authority is nevertheless investigating it. Breaches of the rules are reported as being use of a drone within 30 metres of people, as well as flight beyond the line of sight and over a populated area. The original video has been taken down, but it lives on courtesy of Australian tech site EFTM.
Aside from providing our readership with entertainment courtesy of our Australian friends there is an important message to take away from this story. It’s likely that if they can adequately prove that their flight was never out of the line of sight they can escape some of the charges, but even so they have strayed into difficult territory. We’ve written about drone hysteria on the part of authorities before, and we are living in an age during which twitchy agencies have shown themselves willing to view what we know to be little more than grown-up toys as something akin to terror weapons. Of course people who use multirotors for wilful endangerment should be brought to book in no uncertain terms, but the line between that and innocuous use feels sometimes to have been shifted in an alarming direction. Please keep entertaining us with your multirotor exploits and hacks, but never take your eye off how what you are doing could be misconstrued by those in authority. We’d prefer not to be writing up drone stories involving fines.
Continue reading “Drone Snags A Snag, Pilot Faces Fine”
[Brad Robinson] was feeling a bit nostalgic for his Microbee, so he rebuilt it in an FPGA. Not once, but three times. For the uninitiated, the Applied Technology Microbee was a Z80 based computer 1980’s. Designed in Australia, the Microbee did not see much popularity outside its home continent. Even so, the introduction to home computers many Australians was on a Microbee. [Brad] actually wrote several programs for the Microbee, including some games sold by Applied Technology themselves.
Fast forward to 2012, [Brad] is learning FPGAs, and wants to build a Microbee in VHDL. The FPGAbee was born. The first iteration of the FPGAbee began with the CPU, which came from the T80 open source VHDL Z80 core. Around this core [Brad] added the video controller, keyboard, and sound. When he started adding disk functionality, [Brad] ran into some problems. He wanted to use a FAT formatted SD card for cassette and hard disk emulation.
The relative complexities of the FAT format meant he would have to use some custom software to make this work. [Brad] decided to run this software on a second Z80 core. Both cores would need access to memory, and this is where [Brad] learned what he calls “a hard lesson in cross domain clocks” on FPGAs. Multiple clock nets can cause major propagation delay issues. [Brad] was able to work through the problems, but it caused him to step back and re-evaluate the entire design. This was the start of FPGABee2.
Continue reading “Build an FPGA Microbee in Three (Not so) Easy Steps”
Where would be the best place to test out an unhackable netbook? The NSW department of education in Australia thinks that college is perfect . They plan on distributing netbooks, preloaded with Windows 7,and iTunes. They also have bios level tracking and security, allowing them to be remotely shut down on command. With 20,000 of these in circulation, we would think that we’ll see someone proving the “unhackable” statement wrong. We can only hope.