Another IoT Debacle: Charter Offers Home Insecurity

January 18, 2020 by Al Williams 38 Comments

If you are a glass-half-empty person, you’ll view Charter’s announcement that they will shutter their home security and smart home service on February 5th as another reason not to buy into closed-source IoT devices. If you are a glass-half-full person though, you’ll see the cable company’s announcement as a sign that a lot of Zigbee hardware will soon flood the surplus market. Ars Technica reports that after investigation it appears that some of the devices may connect to a standard Zigbee hub after a factory reset, but many others will definitely not.

As you might expect, users were less than thrilled. Especially those that shelled out thousands of dollars on sensors and cameras. This sort of thing might be expected if a company goes out of business, but Charter just doesn’t want to be in the home security business anymore.

Continue reading “Another IoT Debacle: Charter Offers Home Insecurity” →

This Owner Took Control Of Their Proprietary Alarm System

April 27, 2019 by Jenny List 22 Comments

When a tip comes in and the tipster feels they have to reassure us that despite appearances their subject is not facilitating crime, it certainly gets our attention. [Flam2006] has a Brinks home security system which can only be configured using a special device only available to installers, and though they managed to secure one through an eBay sale they went to the trouble of reverse engineering its protocol and writing a software emulator in Python. When an owner hacks their own security system to gain full control of something they own, that’s right up our street.

The communication is via an RS485 serial line, and follows a packetised structure with binary rather than ASCII data. There is an almost plug-and-play system for identifying devices connected to a controller, though it is restricted to those devices which the controller already knows about. There is a video of the official method of programming the controller, as well as one of the software in action. We’ve posted them below the break for your delectation.

The ability to perform these tasks on your own property is an important right that has at times been placed under threat by legislation such as the DMCA. We’ve touched upon it countless times, but probably the most high-profile example that we and the wider media have covered are those stories concerning the parts lockdown on John Deere tractors.

Continue reading “This Owner Took Control Of Their Proprietary Alarm System” →

Keep The Burglars Away With Some Pi

May 9, 2017 by Jamie Navarro 32 Comments

Ten years ago, we never imagined we would be able to ward off burglars with Pi. However, that is exactly what [Nick] is doing with his Raspberry Pi home security system.

We like how, instead of using a standard siren, [Nick] utilized his existing stereo system to play a custom audio file that he created. (Oh the possibilities!) How many off the shelf alarm systems can you do that with?

The Pi is the brains of the operation, running an open source software program called Home Assistant. If any of the Z-Wave sensors in his house are triggered while the alarm system is armed, the system begins taking several actions. The stereo system is turned on via IR so that the digital alarm audio file can be played. Lights flash on and off. An IP camera takes several snapshots and emails them to [Nick].

Home Assistant didn’t actually have the ability to send images in an email inline at the time that [Nick] was putting together his system. What did [Nick] do about that? He wrote some code to give it that ability, and submitted it through GitHub. That new code was put into a later version of the program. Ah, the beauty of open source software.

Perhaps the most important part of this project is that there were steps taken to help keep the wife-approval factor of the system on the positive side. For example, he configured one of the scripts so that even if the alarm is tripped multiple times in succession, the alarm won’t play over itself repeatedly.

This isn’t [Nick’s] first time being featured here. Check out another project of his which involves a couple of Pi’s communicating with each other via lasers.

Turn That Pi Zero Into A Streaming Camera, Step-by-Step

March 26, 2017 by Donald Papp 30 Comments

What makes [mwagner1]’s Raspberry Pi Zero-based WiFi camera project noteworthy isn’t so much the fact that he’s used the hardware to make a streaming camera, but that he’s taken care to document every step in the process from soldering to software installation. Having everything in one place makes it easier for curious hobbyists to get those Pi units out of a drawer and into a project. In fact, with the release of the Pi Zero W, [mwagner1]’s guide has become even simpler since the Pi Zero W now includes WiFi.

Using a Raspberry Pi as the basis for a WiFi camera isn’t new, but it is a project that combines many different areas of knowledge that can be easy for more experienced people to take for granted. That’s what makes it a good candidate for a step-by-step guide; a hobbyist looking to use their Pi Zero in a project may have incomplete knowledge of any number of the different elements involved in embedding a Pi such as basic soldering, how to provide appropriate battery power, or how to install and configure the required software. [mwagner1] plans to use the camera as part of a home security system, so stay tuned.

If Pi Zero camera projects catch your interest but you want something more involved, be sure to check out the PolaPi project for a fun, well-designed take on a Pi Zero based Polaroid-inspired camera.

Cheap Modules Upgrade Home Security System

March 19, 2017 by Lewin Day 6 Comments

[gw0udm] had an ancient monitored alarm system fitted to their home, and decided it was time to upgrade to something a little more modern. They chose a system from Texecom, but when it came time to hook it up to their computer, they were alarmed at the costs – £40 for what amounted to a USB-to-Serial cable! There were other overpriced modules too. But [gw0udm] wanted to upgrade, so it was time to hack the system.

The first step was grabbing a £4 USB-to-Serial board and wiring it up – a simple job for the skilled hacker. As we always say – everything speaks serial. [gw0udm] then set their sights higher – they wanted the Ethernet interface but weren’t about to cough up the coin. After some research, it was determined that a Raspberry Pi could be used with a utility called ser2net with the existing serial interface to do pretty much the same job. It was a simple matter of figuring out the parity and messaging format to get things up and running.

From there, the project moves on to tackling the creation of a GSM module for monitoring in the absence of a local network, and on flashing the firmware of the system itself. It’s great to see a project continually grow and expand the functionality of a product over time.

We see a lot of security systems here at Hackaday – high prices and proprietary hardware tend to inspire the hacker spirit. Check out this reverse engineering of an obsolete 1980s system, resplendent with Eurostile font.

Stupid Security In A Security System

August 28, 2014 by Brian Benchoff 66 Comments

alarm

[Yaehob]’s parents have a security system in their house, and when they wanted to make a few changes to their alarm rules – not arming the bathroom at night – an installer would come out, plug a box into the main panel, press a few buttons, and charge 150 €. Horrified at the aspect of spending that much money to flip a few bits, [yaehob] set out to get around the homeowner lockout on the alarm system, and found security where he wasn’t expecting.

Opening the main panel for the alarm system, [yaehob] was greeted with a screeching noise. This was the obvious in retrospect tamper-evident seal on the alarm box, easily silenced by entering a code on the keypad. The alarm, however, would not arm anymore, making the task of getting ‘installer-level’ access on the alarm system a top priority.

After finding a DE-9 serial port on the main board, [yaehob] went to the manufacturer’s website thinking he could download some software. The website does have the software available, but only for authorized distributors, installers, and resellers. You can register as one, though, and no, there is no verification the person filling out a web form is actually a distributor, installer, or reseller. dist

Looking at the installer and accompanying documentation, [yaehob] could see everything, but could not modify anything. To do that would require the installer password, which, according to the documentation was between four and six characters. The system also responded quickly, so brute force was obviously the answer here.

After writing up a quick script to go through all the possible passwords, [yaehob] started plugging numbers into the controller board. Coming back a bit later, he noticed something familiar about what was returned when the system finally let him in. A quick peek at where his brute force app confirmed his suspicions; the installer’s code was his postal code.

From the installer’s point of view, this somewhat makes sense. Any tech driving out to punch a few numbers into a computer and charge $200 will always know the postal code of where he’s driving to. From a security standpoint, holy crap this is bad.

Now that [yaehob]’s parents are out from under the thumb of the alarm installer, he’s also tacked on a little bit of security of his own; the installer’s code won’t work anymore. It’s now changed to the house number.

Stealth Peephole Camera Watches Your Front Door

September 17, 2013 by James Hobson 33 Comments

In this week’s links post we mentioned an over-powered DSLR peephole that purportedly cost $4000. So when we saw this tip regarding a relatively inexpensive digital peephole, we thought some of you might be a bit more interested.

The hardware is quite simple; a decent webcam, a Raspberry Pi, and a powered USB hub. The camera gets stripped down to its PCB and hidden inside the door itself. Even if you see this from the inside it’s just a suspicious-looking wire which wouldn’t make most people think a camera was in use.

On the software side of things, [Alex] set up his Raspberry Pi as a 24/7 webcam server to stream the video online. Unlike using a cheap wireless CCTV camera, his video signals are secure. He then runs Motion, a free software motion detector to allow the camera to trigger events when someone comes sneaking by. It can be setup to send you a text, call you, play an alarm, take a picture, record a video… the list goes on. His blog has a full DIY guide if you want to replicate this system. We just hope you have a stronger door!

We covered a similar project back in 2011, but it had made use of real server instead of an inexpensive Raspberry Pi.

[Thanks Alex!]