This Week In Security: The UK Wants Your ICloud, Libarchive Wasn’t Ready, And AWS

February 14, 2025 by Jonathan Bennett 14 Comments

There’s a constant tension between governments looking for easier ways to catch criminals, companies looking to actually protect their users’ privacy, and individuals who just want their data to be truly private. The UK government has issued an order that threatens to drastically change this landscape, at least when it comes to Apple’s iCloud backups. The order was issued in secret, and instructed Apple to provide a capability for the UK officials to access iCloud backups that use the Advanced Data Protection (ADP) system. ADP is Apple’s relatively new end-to-end encryption scheme that users can opt-into to make their backups more secure. The key feature here is that with ADP turned on, Apple themselves don’t have access to decrypted user data.

If this order wasn’t onerous enough, it seems to explicitly include all ADP-protected data, regardless of the country of origin. This should ring alarm bells. The UK government is attempting to force a US company to add an encryption backdoor to give them access to US customer data. Cryptographer [Matthew Green] has thoughts on this situation. One of the slightly conspiratorial theories he entertains is that portions of the US government are quietly encouraging this new order because the UK has weaker protections against unreasonable search and seizure of data. The implication here is that those elements in the US would use this newfound UK data access capability to sidestep Fourth Amendment protections of citizens’ data. This doesn’t seem like much of a stretch.

[Matthew] does have a couple of suggestions. The first is passing laws that would make it illegal for a US company to add backdoors to their systems, specifically at the request of foreign nations. We’ve seen first-hand how such backdoors can backfire once accessed by less-friendly forces. In an ironic turn of fate, US agencies have even started recommending that users use end-to-end encrypted services to be safe against such backdoors. Technically, if this capability is added, the only recourse will be to disable iCloud backups altogether. Thankfully Apple has pushed back rather forcefully against this order, threatening to simply turn off ADP for UK users, rather than backdoor the rest of the world. Either way, it’s a scary bit of overreach.

Continue reading “This Week In Security: The UK Wants Your ICloud, Libarchive Wasn’t Ready, And AWS” →

Hackaday Links: February 25, 2024

February 25, 2024 by Dan Maloney 15 Comments

When all else fails, blame it on the cloud? It seems like that’s the script for just about every outage that makes the news lately, like the Wyze camera outage this week that kept people from seeing feeds from their cameras for several hours. The outage went so far that some users’ cameras weren’t even showing up in the Wyze app, and there were even reports that some people were seeing thumbnails for cameras they don’t own. That’s troubling, of course, and Wyze seems to have taken action on that quickly by disabling a tab on the app that would potentially have let people tap into camera feeds they had no business seeing. Still, it looks like curiosity got the better of some users, with 1,500 tapping through when notified of motion events and seeing other people walking around inside unknown houses. The problem was resolved quickly, with blame laid on an “AWS partner” even though there were no known AWS issues at the time of the outage. We’ve said it before and we’ll say it again: security cameras, especially mission-critical ones, have no business being connected with anything but Ethernet or coax, and exposing them to the cloud is a really, really bad idea.

Continue reading “Hackaday Links: February 25, 2024” →

Ordering Pizza While Racing

October 9, 2023 by Matthew Carlson 6 Comments

As [Matt Stele] prepared to bike a local 300-mile (~480km) race in addition to training, he had to prepare for food. A full day of riding was ahead on gravel trails, and one of the best options for him was Casey’s General Store pizza. However, as it was a race, other riders were much faster than him. So, all the hot slices were gone when he arrived. With the help of a serverless GPS tracker, some cloud lambdas, and some good old-fashioned web scraping, [Matt] had a system that could order him a fresh pizza at the precise moment he needed. Continue reading “Ordering Pizza While Racing” →

Machine Learning Gives Cats One More Way To Control Their Humans

August 26, 2022 by Dan Maloney 9 Comments

For those who choose to let their cats live a more or less free-range life, there are usually two choices. One, you can adopt the role of servant and run for the door whenever the cat wants to get back inside from their latest bird-murdering jaunt. Or two, install a cat door and let them come and go as they please, sometimes with a “present” for you in their mouth. Heads you win, tails you lose.

There’s another way, though: just let the cat ask to be let back in. That’s the approach that [Tennis Smith] took with this machine-learning kitty doorbell. It’s based on a Raspberry Pi 4, which lives inside the house, and a USB microphone that’s outside the front door. The Pi uses Tensorflow Lite to classify the sounds it picks up outside, and when one of those sounds fits the model of a cat’s meow, a message is dispatched to AWS Lambda. From there a text message is sent to alert [Tennis] that the cat is ready to come back in.

There’s a ton of useful information included in the repo for this project, including step-by-step instructions for getting Amazon Web Services working on the Pi. If you’re a dog person, fear not: changing from meows to barks is as simple as tweaking a single line of code. And if you’d rather not be at the beck and call of a cat but still want to avoid the evidence of a prey event on your carpet, machine learning can help with that too.

[via Tom’s Hardware]

Comfortable, wearable packaging for biometric device for monitoring physiological data and pushing the data to the cloud

A DIY Biometric Device With Some Security Considerations

December 11, 2021 by Orlando Hoilett 8 Comments

Biohacking projects are not new to Hackaday and it’s certainly a genre that really piques our interest. Our latest biohacking device comes courtesy of [Manivannan] who brings his flavor of a wearable biosensor with some security elements built-in through AWS.

The hardware is composed of some impressive components we have seen. He has an AD8232 electrocardiogram front end, the MAX30102 integrated pulse oximeter IC for determining blood oxygen and heart rate, and the ever-popular LM35 for measuring body temperature. Either of these chips would be perfect for your next DIY biosensor project though you might try the MAX30205 body temperature sensor given its 0.1-degree Celsius accuracy. However, what really piqued our interest was the use of Microchip’s AVR-IoT WA Development Board. Now we’ve talked about this board before and also mentioned you could probably do all the same things with an ESP-device, but perhaps now we get to see the board a bit more in action.

[Manivannan] walks the reader through the board’s setup and everything looks to be pretty straightforward. He ultimately rigged together a very primitive dashboard for viewing all his vitals in real-time, demonstrating how you could put together your own patient dashboard for remote monitoring of vitals or other sensor signals. He emphasizes that all this is powered through AWS, giving him some added security layers that are critical for protecting his data from unwanted viewers.

Though [Manivannan’s] security implementation doesn’t rise to the standard of medical devices, maybe it will serve as a case study in the growing open-source medical device movement.

Continue reading “A DIY Biometric Device With Some Security Considerations” →

If Coffee == True {

March 7, 2020 by Bryan Cockfield 14 Comments

Having a shared coffee maker in the workplace is both a blessing and a curse. It’s nice to have constant access to coffee, but it can be frustrating to find the coffee pot emptied right as you walk in to the break room. To solve this problem in their office, [Vitort] and co. built an IOT solution that notifies everyone of the current coffee status on a Slack channel.

This project wasn’t built just as a convenience for the office, either. It makes extensive use of AWS SNS, the simple notification system from Amazon Web Services because they wanted to learn to use this technology specifically. Besides the notification system, the device itself is based on a NodeMCU/ESP8266, communicating over WiFi, and is a simple push-button design which coffee drinkers push when a fresh pot is made, and then push again when the coffee is empty.

While relatively straightforward, this project is a good one to look at if you’ve been interested in AWS at all, especially the simple notification system. It’s a pretty versatile tool, and all of the code used in the project is available on the project page for your reading pleasure. If you’re more interested in the coffee aspect of this project, we have a special coffee maker for you too.

Train All The Things Contest Update

March 3, 2020 by Dan Maloney 2 Comments

Back in January when we announced the Train All the Things contest, we weren’t sure what kind of entries we’d see. Machine learning is a huge and rapidly evolving field, after all, and the traditional barriers that computationally intensive processes face have been falling just as rapidly. Constraints are fading away, and we want you to explore this wild new world and show us what you come up with.

Where Do You Run Your Algorithms?

To give your effort a little structure, we’ve come up with four broad categories:

Machine Learning on the Edge
- Edge computing, where systems reach out to cloud resources but run locally, is all the rage. It allows you to leverage the power of ~~other people’s computers~~ the cloud for training a model, which is then executed locally. Edge computing is a great way to keep your data local.
Machine Learning on the Gateway
- Pi’s, old routers, what-have-yous – we’ve all got a bunch of devices laying around that bridge space between your local world and the cloud. What can you come up with that takes advantage of this unique computing environment?
Machine Learning in the Cloud
- Forget about subtle — this category unleashes the power of the cloud for your application. Whether it’s Google, Azure, or AWS, show us what you can do with all that raw horsepower at your disposal.
Artificial Intelligence Blinky
- Everyone’s “hardware ‘Hello, world'” is blinking an LED, and this is the machine learning version of that. We want you to use a simple microprocessor to run a machine learning algorithm. Amaze us with what you can make an Arduino do.

These Hackers Trained Their Projects, You Should Too!

We’re a little more than a month into the contest. We’ve seen some interesting entries bit of course we’re hungry for more! Here are a few that have caught our eye so far:

Intelligent Bat Detector – [Tegwyn☠Twmffat] has bats in his… backyard, so he built this Jetson Nano-powered device to capture their calls and classify them by species. It’s a fascinating adventure at the intersection of biology and machine learning.
Blackjack Robot – RAIN MAN 2.0 is [Evan Juras]’ cure for the casino adage of “The house always wins.” We wouldn’t try taking the Raspberry Pi card counter to Vegas, but it’s a great example of what YOLO can do.
AI-enabled Glasses – AI meets AR in ShAIdes, [Nick Bild]’s sunglasses equipped with a camera and Nano to provide a user interface to the world. Wave your hand over a lamp and it turns off. Brilliant!

You’ve got till noon Pacific time on April 7, 2020 to get your entry in, and four winners from each of the four categories will be awarded a $100 Tindie gift card, courtesy of our sponsor Digi-Key. It’s time to ramp up your machine learning efforts and get a project entered! We’d love to see more examples of straight cloud AI applications, and the AI blinky category remains wide open at this point. Get in there and give machine learning a try!