Say Hello To This Cortana Hologram

Halo’s Cortana enters the real world with this internet appliance. [Jarem Archer] has built an amazing “holographic” home for Cortana of Halo and Windows fame. The display isn’t really a hologram, it uses the age-old Pepper’s ghost illusion. A monitor reflects onto 3 angled half mirrored panels. This creates a convincing 3D effect. Cortana herself is a 3D model. [Jarem’s] wife provided gave Cortana her moves by walking in front of dual Kinect depth-sensing cameras. This motion capture performance drives the 3D Cortana model on the screen.

The brain behind this hack is the standard Windows 10 Cortana voice assistant. Saying “Hey Cortana” wakes the device up. To make the whole experience more interactive, [Jarem] added a face detection camera to the front of the device. When a face is detected, the Cortana model turns toward the user. Even if several people are watching the device, it would seem as if Cortana was “talking to” one person in the audience.

The cherry on top of this hack is the enclosure. [Jarem] 3D printed a black plastic stage. An Arduino drives RGB LEDs whenever Cortana is activated. The LEDs project a blue glue that works well with the Pepper’s ghost illusion. The result is a project that looks like something Microsoft might have cooked up in one of their research labs.

Continue reading “Say Hello To This Cortana Hologram”

How Has Amazon Managed To Make Hackers Love Alexa?

Our hackspace has acquired an Amazon Dot, courtesy of a member. It mostly seems to be used as a source of background music, but it has also spawned a seemingly never-ending new entertainment in which the hackspace denizens ceaselessly bait their new electronic companion with ever more complex and esoteric requests. From endless rephrasing and careful enunciation of obscure early reggae artists to try to settle a musical argument to hilarious mis-hearing on the part of our silicon friend, the fun never stops. “Alexa, **** off!” it seems results in “I’m sorry, I can’t find a device of that name on this network”.

amazon-dot-always-listeningThat is just the experience of one hackspace, but it evidently does not end there. Every other day it seems that new projects using Alexa pass through the Hackaday timeline, so it looks as though Amazon’s online personal assistant has been something of a hit within our community.

Fair enough, you might say, we’re always early adopters of any new technology. But it’s a development over which I wonder; am I alone in finding it surprising? It’s worth taking a moment to look at the subject.

Continue reading “How Has Amazon Managed To Make Hackers Love Alexa?”

How To Control Siri Through Headphone Wires

Last week saw the revelation that you can control Siri and Google Now from a distance, using high power transmitters and software defined radios. Is this a risk? No, it’s security theatre, the fine art of performing an impractical technical achievement while disclosing these technical vulnerabilities to the media to pad a CV. Like most security vulnerabilities it is very, very cool and enough details have surfaced that this build can be replicated.

The original research paper, published by researchers [Chaouki Kasmi] and [Jose Lopes Esteves] attacks the latest and greatest thing to come to smartphones, voice commands. iPhones and Androids and Windows Phones come with Siri and Google Now and Cortana, and all of these voice services can place phone calls, post something to social media, or launch an application. The trick to this hack is sending audio to the microphone without being heard.

googleThe ubiquitous Apple earbuds have a single wire for a microphone input, and this is the attack vector used by the researchers. With a 50 Watt VHF power amplifier (available for under $100, if you know where to look), a software defined radio with Tx capability ($300), and a highly directional antenna (free clothes hangers with your dry cleaning), a specially crafted radio message can be transmitted to the headphone wire, picked up through the audio in of the phone, and understood by Siri, Cortana, or Google Now.

There is of course a difference between a security vulnerability and a practical and safe security vulnerability. Yes, for under $400 and the right know-how, anyone could perform this technological feat on any cell phone. This feat comes at the cost of discovery; because of the way the earbud cable is arranged, the most efficient frequency varies between 80 and 108 MHz. This means a successful attack would sweep through the band at various frequencies; not exactly precision work. The power required for this attack is also intense – about 25-30 V/m, about the limit for human safety. But in the world of security theatre, someone with a backpack, carrying around a long Yagi antenna, pointing it at people, and having FM radios cut out is expected.

Of course, the countermeasures to this attack are simple: don’t use Siri or Google Now. Leaving Siri enabled on a lock screen is a security risk, and most Androids disable Google Now on the lock screen by default. Of course, any decent set of headphones would have shielding in the cable, making inducing a current in the microphone wire even harder. The researchers are at the limits of what is acceptable for human safety with the stock Apple earbuds. Anything more would be seriously, seriously dumb.