Bats Can No Longer Haunt Apple VR Headsets Via Web Exploit

Bug reporting doesn’t usually have a lot of visuals. Not so with the visionOS bug [Ryan Pickren] found, which fills a user’s area with screeching bats after visiting a malicious website. Even better, closing the browser doesn’t get rid of them! Better still? Doesn’t need to be bats, it could be spiders. Fun!

The bug has been fixed, but here’s how it worked: the Safari browser build for visionOS allowed a malicious website to fill the user’s 3D space with animated objects without interaction or permission. The code to trigger this is remarkably succinct, and is actually a new twist on an old feature: Apple AR Quick Look, an HTML-based feature for rendering 3D augmented reality content in Safari.

How about spiders, instead?

Leveraging this old feature is what lets an untrusted website launch an arbitrary number of animated 3D objects — complete with sound — into a user’s virtual space without any interaction from the user whatsoever. The icing on the cake is that Quick Look is a separate process, so closing Safari doesn’t get rid of the pests.

Providing immersive 3D via a web browser is a valuable way to deliver interactive content on both desktops and VR headsets; a good example is the fantastic virtual BBC Micro which uses WebXR. But on the Apple Vision Pro the user is always involved and there are privacy boundaries that corral such content. Things being launched into a user’s space in an interaction-free way is certainly not intended behavior.

The final interesting bit about this bug (or loophole) was that in a way, it defied easy classification and highlights a new sort of issue. While it seems obvious from a user experience and interface perspective that a random website spawning screeching crawlies into one’s personal space is not ideal, is this a denial-of-service issue? A privilege escalation that technically isn’t? It’s certainly unexpected behavior, but that doesn’t really capture the potential psychological impact such bugs can have. Perhaps the invasion of personal space and user boundaries will become a quantifiable aspect of bugs in these new platforms. What fun.

What Does The Bat Say? Tune In With This Heterodyne Detector

Bats are fascinating animals, and despite all the myth and creepiness surrounding them, they really remind one more of a drunk bird lost in the night sky than the blood-sucking creature they’re often made out to be. Of course, some really fall into that category, and unlike actual birds, bats don’t tend to grace us with their singsong — at least not in ways audible for us humans. But thanks to bat detectors, we can still pick up on it, and [Marcel] recently built a heterodyne bat detector himself.

Bat Detector in its enclosure
The bat detector (and an insight to the beauty of German language, where a bat is a flutter mouse)

The detector is made with a 555, an MCP6004 op amp, and a 4066 analog switch — along with a bunch of passives — and is neatly packed into a 3D-printed case with a potentiometer to set the volume and center frequency for the detection. The bat signal itself is picked up by a MEMS microphone with a frequency range [Marcel] found suitable for the task. His write-up also goes in all the mathematics details regarding heterodyning, and how each component plays into that. The resulting audio can be listened to through a headphone output, and after putting together an adapter, can also be recorded from his smartphone. A sample of how that sounds is added in his write-up, which you can also check out after the break.

In case you want to give it a try yourself, [Marcel] put all the design files and some LTSpice simulations on the project’s GitHub page. If you are curious about bat detectors in general and want to read more about them, follow [Pat Whetman] down that rabbit hole, or have a look at this one made in Python for something more software-focused.

Continue reading “What Does The Bat Say? Tune In With This Heterodyne Detector”

Training Bats In The Random Forest With The Confusion Matrix

When exploring the realm of Machine Learning, it’s always nice to have some real and interesting data to work with. That’s where the bats come in – they’re fascinating animals that emit very particular ultrasonic calls that can be recorded and analysed with computer software to get a fairly good idea of what species they are. When analysed with an FFT spectogram, we can see the individual call shapes very clearly.

Creating an open source classifier for bats is also potentially useful for the world outside of Machine Learning as it could not only enable us to more easily monitor bats themselves, but also the knock on effects of modern farming methods on the natural environment. Bats feed on moths and other night flying insects which themselves have been decimated in numbers. Even in the depths of the countryside here in the UK these insects are a fraction of the population that they used to be 30 years ago, but nobody seems to have monitored this decline.

So getting back to our spectograms, it would be perfectly reasonable to throw these images at a convolutional neural network (CNN) and use an image feature-recognition strategy. But I wanted to explore the depths of the mysterious Random Forest. Continue reading “Training Bats In The Random Forest With The Confusion Matrix”

We Should Stop Here, It’s Bat Country!

[Roland Meertens] has a bat detector, or rather, he has a device that can record ultrasound – the type of sound that bats use to echolocate. What he wants is a bat detector. When he discovered bats living behind his house, he set to work creating a program that would use his recorder to detect when bats were around.

[Roland]’s workflow consists of breaking up a recording from his backyard into one second clips, loading them in to a Python program and running some machine learning code to determine whether the clip is a recording of a bat or not and using this to determine the number of bats flying around. He uses several Python libraries to do this including Tensorflow and LibROSA.

The Python code breaks each one second clip into twenty-two parts. For each part, he determines the max, min, mean, standard deviation, and max-min of the sample – if multiple parts of the signal have certain features (such as a high standard deviation), then the software has detected a bat call. Armed with this, [Roland] turned his head to the machine learning so that he could offload the work of detecting the bats. Again, he turned to Python and the Keras library.

With a 95% success rate, [Roland] now has a bat detector! One that works pretty well, too. For more on detecting bats and machine learning, check out the bat detector in this list of ultrasonic projects and check out this IDE for working with Tensorflow and machine learning.

Hacklet 91: Ultrasonic Projects

Ultrasound refers to any audio signal above the range of human hearing. Generally that’s accepted as 20 kHz and up. Unlike electromagnetic signals, ultrasonics are still operating in a medium – generally the air around us. Plenty of animals take advantage of ultrasonics every day. So do hackers, makers, and engineers who have built thousands of projects based upon these high frequency signals. This weeks Hacklet is all about the best ultrasonic projects on Hackaday.io!

spambakeWe start with [spambake] and World’s Smallest Bat Detector. [Spambake] is interested in bats. These amazing creatures have poor eyesight, but that doesn’t slow them down. Bats use echolocation to determine their surroundings. Ultrasonic chirps bounce off obstacles. The bat listens to the echos and changes its flight path accordingly. While we can’t hear most of the sounds bats make, electronics can. [Spambake] cooked this circuit up starting with a MEMs microphone. These microphones pick up human sounds, but unlike our ears, they can hear plenty above the 20 kHz range. The audio signal is passed through an amplifier which boosts the it up around 10,000 times. The signal is filtered and then used to trigger LEDs that indicate a bat is present. The final circuit works quite well! Check out [spambake’s] video to see the bat detector in action!

movvaNext up is [Neil Movva] with Pathfinder – Haptic Navigation. Pathfinder uses ultrasonic transducers to perform echolocation similar to bats. The received data is then passed on to a human wearer. [Neil’s] idea is to use Pathfinder to help the visually disabled and blind navigate the world around them. Pathfinder was a 2015 Hackaday Prize finalist. The ultrasonic portion of Pathfinder uses the ubiquitous HC-SR04 distance sensor, which can be found for as little as $2 USD on eBay and Alibaba. These sensors send out a 60 kHz signal and listen for the echos. A microcontroller can then measure the time delay and determine the distance from the sensor to an obstacle. Finally the data is passed on to the user by a vibrating pager motor. [Neal] was kind enough to give a talk about Pathfinder at the 2015 Hackaday SuperCon.

levitate[HoboMunching] likes his ultrasonic devices ultra powerful, and that’s just what he’s got with Ultrasonic Levitation Rig. Inspired by a similar project from Mike, [HoboMunching] had to build his own levitation setup. Ultrasonic levitation used to be a phenomenon studied only in the laboratory. Cheap transducers designed for the industrial world have made this experiment practical for the home hackers. [HoboMunching] was able to use his rig to levitate up to 8 tiny balls on the nulls between the 28.5 kHz sound waves produced by his transducer. The speed of sound can be verified by measuring the distance between the balls. Purists will be happy to hear that [HoboMunching]’s circuit was all based upon the classic 555 timer.

speaker-arrayFinally we have [Alan Green] with Ultrasonic Directional Speaker V1. Most audio signals are not very directional, due to wavelength and practical limitations on speaker size. Ultrasonics don’t have this limitation. Couple this with the fact that ultrasonic signals can be made to demodulate in air, and you have the basis for a highly directional speaker setup. “Sound lasers” based on this system have been around for years, used in everything from targeted advertising to defensive weapons. [Alan] is just getting started on this project. Much of his research is based upon [Joe Pompei’s] work at the MIT media lab. [Alan] plans to use an array of ultrasonic transducers to produce a directional signal which will then demodulate and be heard by a human. This project has a hard deadline though:  [Alan] plans to help his son [Mitchell] with a musical performance that is scheduled for May, 2016. The pair hope to have a prototype in place by March.

If you want to see more ultrasonic projects, check out our new ultrasonic projects list! If I missed your project, don’t be shy! Just drop me a message on Hackaday.io. That’s it for this week’s Hacklet. As always, see you next week. Same hack time, same hack channel, bringing you the best of Hackaday.io!

Build A Simple Bat Detector


[Tony Messina] had been fascinated with bat’s echolocation since he was a kid. After he retired, he decided to act on this fascination and built a simple bat detector.

The simple bat detector uses frequency division to lower the bat’s chirping to a frequency we can hear. For example, if a bat is calling at 91kHz the system will divide it by 16 and put out 5.7kHz. The system is digital, so all amplitude is lost. You’ll just hear clicks like a Geiger counter. Being digital has its advantages though. Unlike similar analog devices that have to be tuned to a small frequency range, the simple bat detector can detect a much wider window.

Continue reading “Build A Simple Bat Detector”