Keep An Eye On The Neighborhood With This Passive Radar

If your neighborhood is anything like ours, walking across the street is like taking your life in your own hands. Drivers are increasingly unconcerned by such trivialities as speed limits or staying under control, and anything goes when they need to connect Point A to Point B in the least amount of time possible. Monitoring traffic with this passive radar will not do a thing to slow drivers down, but it’s a pretty cool hack that will at least yield some insights into traffic patterns.

The principle behind active radar – the kind police use to catch speeders in every neighborhood but yours – is simple: send a microwave signal towards a moving object, measure the frequency shift in the reflected signal, and do a little math to calculate the relative velocity. A passive radar like the one described in the RTL-SDR.com article linked above is quite different. Rather than painting a target with an RF signal, it relies on signals from other transmitters, such as terrestrial TV or radio outlets in the area. Two different receivers are used, both with directional antennas. One points to the area to be monitored, while the other points directly to the transmitter. By comparing signals reflected off moving objects received by the former against the reference signal from the latter, information about the distance and velocity of objects in the target area can be obtained.

The RTL-SDR test used a pair of cheap Yagi antennas for a nearby DVB-T channel to feed their KerberosSDR four-channel coherent SDR, a device we last looked at when it was still in beta. Essentially four SDR dongles on a common board, it’s available now for $149. Using it to build a passive radar might not save the neighborhood, but it could be a lot of fun to try.

Remotely Get Root On Most Smart TVs With Radio Signals

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from  IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.
Continue reading “Remotely Get Root On Most Smart TVs With Radio Signals”

Hackaday Prize Entry: Bypassing TV Broadcasting Restrictions

It’s a common problem faced by TV viewers, the programming they want to watch is being broadcast, but not to their location. TV content has traditionally been licensed for transmission by geography, and this has sometimes put viewers at odds with broadcasters.

The viewing public have not always taken this restriction of their programming choice lying down, and have adopted a variety of inventive solutions with varying degrees of legality and success. Many years ago you might have seen extreme-length UHF antennas to catch faraway transmitters, more recently these efforts have been in the digital domain. It was said in the 1990s that Sky’s Videocrypt satellite TV smart cards were cracked because German Star Trek Next Generation fans were unable to buy subscriptions for non-UK addresses, for example. You can argue in the comments over whether [Patrick Stewart] et al being indirectly responsible for a decryption coup is an urban legend, but it is undeniable that serial smart card emulators and dodgy DOS software for Sky decryption were sold all over Europe at the time.

Modern-day efforts to break the geographic wall on TV broadcasting have turned to the Internet. Services such as the ill-fated Aereo and the Slingbox set-top streaming products have taken the TV broadcast in a particular area and transported it to other locations for viewing online. But they are not the only Internet self-streaming option, if the idea of paying a subscription or tying yourself to a commercial service does not appeal then you can build an off-air streamer for yourself.

[Solenoid]’s project is an off-air streamer using a Raspberry Pi 3 with a USB DVB-T tuner. It uses Tvheadend to power the streaming, and OpenVPN to provide security. His build logs detail his efforts to ensure that power consumption is not too high and that the Pi is not running too hot, and provides instructions on how to set up and use the software. It’s not an overly complex piece of hardware, but it could provide a useful service for any of you who wish to keep up-to-date with your home TV when you are off on your travels.

Why You Should Care About Software Defined Radio

It hasn’t become a household term yet, but Software-Defined Radio (SDR) is a major player on the developing technology front. Whether you’re building products for mass consumption, or just playing around for fun, SDR is worth knowing something about and I’ll prove it to you.

Continue reading “Why You Should Care About Software Defined Radio”

From Vacuum Cleaner Hacking To Weather Station Reverse Engineering

spectrum

[Spock] wanted to do a little reverse engineering of his Miele brand remote control vacuum cleaner, so he broke out his DVB-T SDR dongle to use as a spectrum analyser. Sure enough, he found a 433.83Mhz signal that his vacuum cleaner remote control was using, but to his surprise, he found a stray QAM256 signal when he expected an ASK  only one.

After a little detective work, [Spock] eventually tracked it down to a cheap weather station he had forgotten about. The protocol for the weather station was too compelling for him to go back to his vacuum cleaner, though. After downloading an rc-switch Arduino library and making a quick stop at his local radio shack to get a 433.92 radio receiver to decode the signal, he reverse engineered the weather station so he could digitally record the temperature output. The Arduino rc-switch library proved unable to decode the signal, but some Python work helped him get to the bottom of it.

With software defined radio becoming more accessible and common place, hacks like these are a nice reminder just how wired our houses are becoming.