Remember the TiVo? The set-top DVR that was once so popular of a hacking target that Hackaday had a dedicated subdomain for it has today largely faded into obscurity as time-shifted viewing has given way to Internet streaming services like Netflix and Hulu. But make no mistake, while the TiVo may no longer be the centerpiece of the average home entertainment center, there’s a diehard group of antennaed aficionados that are still rocking (and hacking) them.
One such TiVotee is [Thomas McQueen], who recently discovered his TiVo-powered Virgin Media V6 DVR was listening for commands on the network. After finding some official documentation for the protocol and firing off a couple of test commands from his computer’s telnet client, he realized he had an opportunity to flex his microcontroller muscle and create a library that would allow controlling the set-top box with the ESP8266 or other network-capable MCU.
[Thomas] built his project on-top of the basic Arduino WiFi library, making every effort to make it as generalized as possible so it could work on a multitude of platforms and with various targets. He even made sure to give all his functions friendly names that won’t leave users scratching their head when they read through example code down the road. We’ve seen far too many software projects that were poorly documented or obtusely programmed, so it’s always good to see somebody putting some forethought into their code.
The library makes it easy to add TiVo control to your project, but [Thomas] went one step further and came up with an example application that provides a web interface on the ESP8266 or ESP32. Any device with a web browser, such as a smartphone, can connect to the UI and fire off commands to the TiVo. His next step is to combine his library with some code to talk to Amazon’s Alexa so he’ll be able to control playback with his voice.
We’ll hand it to these TiVo users, they’re a tenacious lot. Earlier in the year, we covered how one dedicated TiVo fan managed to brute-force the child lock on his DVR using the Arduino and an IR LED.
After a tough summer of botnet attacks by Internet-of-Things things came to a head last week and took down many popular websites for folks in the eastern US, more attention has finally been paid to what to do about this mess. We’ve wracked our brains, and the best we can come up with is that it’s the manufacturers’ responsibility to secure their devices.
Chinese DVR manufacturer Xiongmai, predictably, thinks that the end-user is to blame, but is also consenting to a recall of up to
300 million 4.3 million of their pre-2015 vintage cameras — the ones with hard-coded factory default passwords. (You can cut/paste the text into a translator and have a few laughs, or just take our word for it. The company’s name gets mis-translated frequently throughout as “male” or “masculine”, if that helps.)
Xiongmai’s claim is that their devices were never meant to be exposed to the real Internet, but rather were designed to be used exclusively behind firewalls. That’s apparently the reason for the firmware-coded administrator passwords. (Sigh!) Anyone actually making their Internet of Things thing reachable from the broader network is, according to Xiongmai, being irresponsible. They then go on to accuse a tech website of slander, and produce a friendly ruling from a local court supporting this claim.
Whatever. We understand that Xiongmai has to protect its business, and doesn’t want to admit liability. And in the end, they’re doing the right thing by recalling their devices with hard-coded passwords, so we’ll cut them some slack. Is the threat of massive economic damage from a recall of insecure hardware going to be the driver for manufacturers to be more security conscious? (We kinda hope so.)
Meanwhile, if you can’t get enough botnets, here is a trio of recent articles (one, two, and three) that are all relevant to this device recall.
[Benoit Frigon]’s builds are a tribute to tidiness: both his HTPC and media server are elegant creations packed full of features. He has quite the knack for clean builds in this form factor; his PBX server was met with high praise earlier this summer.
For the HTPC, [Benoit] gutted and cleaned an old DVR case and modified it to house a Mini-ITX board. He added standoff mounts to support the motherboard, then sketched up a template for the IO shield as a guide for cutting the back panel. The front of the DVR case originally had a 4-digit 7-segment display and a few simple buttons. Though he kept the original button layout, [Benoit] chose to replace the segment displays with a 20×2 character LCD. The new display is controlled via a python script on the HTPC, which runs an OpenElec Linux distro with XBMC 12.0.
The HTPC’s hard drive bay is a bit lighter these days, because [Benoit] decided to migrate his media storage to a separate server. Inside the new home media server is yet another Mini-ITX motherboard with an embedded Atom N2800 that runs Ubuntu Server. Live television streams via a WinTV HVR-2550 TV tuner and TVHeadend software. The case originally suspended the tuner from the IO bracket on the back (and nowhere else), which left the rest of the card dangerously unsupported inside. [Benoit] solved the problem by building an additional aluminum bracket that firmly holds both the PCIe riser and the tuner. Check out both builds’ pages for downloadable templates, software details and bill of materials.
On a recent trip to New York City, [sherri] noticed the abundant “NYPD Security Camera” signage. She Ò on her little sousveillance tour and did some digging to learn more about the system. According to a recent NY Post article, the city intends to have 2,000 cameras installed by 2009. Each unit has at least two cameras, an onboard DVR, battery backup, a webserver, and wireless connection. The CrimeEye product line is manufactured by Total Recall—the people who brought you BABYWATCH. While the company site doesn’t list any specs, we found a price list that was provided to New York State. Each unit lists for $28-39K. They can have image sensors up to 2 megapixels, hold 30fps video for 5-15days, and transmit wirelessly on the 4.9GHz public safety band.
[sherri] wonders what systems are in place to guarantee the security of the camera network and to make sure the data is handled properly. We’ve seen bad implementations of cameras with webservers
in the past. She suggests a third-party system to verify security, operation, and storage. Right now there’s no reason the government won’t use footage for invasive data mining. As a publicly funded system monitoring public areas, we see no reason why the video streams from these devices shouldn’t be widely available.
[algormor] gave one of the more controversial talks at Notacon. After receiving a few too many inspection slips and destroyed baggage he decided to find out what was going on behind the scenes. First, he purchased a cheap bag from Walmart with a zipable liner. To record the video, he purchased a SwannGUARD MicroDVR. It’s a palm-sized device that records 128×128 15fps video. It comes with a plastic cover that he mounted to the inside of the bag. A hole was cut for the video camera right above the badge holder. Since the camera is motion triggered, he could slide the badge up, covering the hole, to deactivate the camera. He’s taken the bag on at least four trips. So… what did the footage show?
Continue reading “Notacon 2008: The TSA Bagcam”