IoT

326 Articles

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

April 10, 2026 by 9 Comments

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

Rowhammer attacks attach the electrical characteristics of RAM, using manipulation of the contents of RAM to cause changes in the contents of adjacent memory cells. Bit values are just voltage levels, after all, and if a little charge leaks across from one row to the next, you can potentially pull a bit high by writing repeatedly to its physical neighbors.

The attack was used to allow privilege escalation by manipulating the RAM defining the user data, and later, to allow reading and manipulation of any page in ram by modifying the system page table that maps memory and memory permissions. By 2015 researchers refined the attack to run in pure JavaScript against browsers, and in 2016 mobile devices were shown to be vulnerable. Mitigations have been put in place in physical memory design, CPU design, and in software. However, new attack vectors are still discovered regularly, with DDR4 and DDR5 RAM as well as AMD and RISC-V CPUs being vulnerable.

The GDDR6-Fail attack targets the video ram of modern graphics cards, and is able to trigger similar vulnerabilities in the graphics card itself, culminating in accessing and changing the memory of the PC via the PCI bus and bypassing protections.

For users who fear they are at risk — most likely larger AI customers or shared hosting environments where the code running on the GPU may belong to untrusted users — enabling error correcting (ECC) mode in the GPU reduces the amount of available RAM, but adds protection by performing checksums on the memory to detect corruption or bit flipping. For the average home user, your mileage may vary – there’s certainly easier ways to execute arbitrary code on your PC – like whatever application is running graphics in the first place!

Continue reading “This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool”

If It Ain’t Broke… Add Something To It

November 15, 2025 by 10 Comments

Given that we live in the proverbial glass house, we can’t throw stones at [ellis.codes] for modifying a perfectly fine Vornado fan. He’d picked that fan in the first place because, unlike most fans, it had a DC motor. Of course, DC motors are easier to control with a microcontroller, and next thing you know, it was sporting an ESP32 and a WiFi interface.

The original fan was surprisingly sparse inside. A power supply, of course, and just a tiny PCB for a speed control. Oddly, it looks like the speed control was just a potentiometer and a 24 V supply. It wasn’t clear if the “motor” had some circuitry in it to do PWM control or not. That seems likely, though.

Regardless, the project opted for a digital pot IC to maintain compatibility. One nice thing about the modification is that it replaces the existing board with the same connectors. So if you wanted to revert the fan to normal, you simply have to swap the boards back.

Now the fan talks to home automation software. Luckily, there’s still nothing wrong with it. We love seeing bespoke ESPHome projects. Even if your fan has WiFi, you might not like it communicating with Big Brother.

splashflag iot swimming notification

Splashflag: Raising The Flag On A Pool Party

October 5, 2025 by 7 Comments

Some things are more fun when there are more folks involved, and enjoying time in the pool is one of those activities. Knowing this, [Bert Wagner] started thinking of ways to best coordinate pool activities with his kids and their neighborhood friends. Out of this came the Splashflag, an IoT device built from the ground up that provides fun pool parties and a great learning experience along the way.

The USB-powered Splashflag is housed in a 3D-printed case, with a simple 2×16 LCD mounted on the front to display the notification. There’s also a small servo mounted to the rear that raises a 3D-printed flag when the notification comes in—drawing your attention to it a bit more than just text alone would. Hidden on the back is also a reset button: a long press factory-resets the device to connect to a different Wi-Fi network, and a quick press clears the notification to return the device to its resting state.

Inside is an ESP32-S3 that drives the servo and display and connects to the Wi-Fi. The ESP32 is set up with a captive portal, easing the device’s connection to a wireless network. The ESP32, once connected, joins an MQTT broker hosted by [Bert Wagner], allowing easy sending of notifications via the web app he made to quickly and easily send out invitations.

Thanks, [Bert Wagner], for sharing the process of building this fun, unique IoT device—be sure to read all the details on his website or check out the code and design files available over on his GitHub. Check out some of our other IoT projects if this project has you interested in making your own.

Continue reading “Splashflag: Raising The Flag On A Pool Party”

Walter Is A Tiny Cellular Modem For Your Projects

August 16, 2025 by 22 Comments

It wasn’t that long ago that projects with cellular connectivity were everywhere, but with 2G no longer universally available, glory days of cheap 2G modules seem to be on their way out. So when [Data Slayer] titled his video “You’ve Never Seen Cellular Like This” about a new GSM radio module, we couldn’t help but think that we have — and that we’re glad to see it back.

The module is the Walter, by DPTechnics out of Belgium. It’s fully open-source and contains a ESP32-S3 for WiFi and BLE plus a Sequans Monarch chip for GSM and GNSS connectivity. It’s not the blazing-fast 5G you’re paying your phone carrier for: this is an IoT modem, with LTE-M and NB-IoT. We’re talking speeds in the kbps, not Mbps– but we’re also talking very, very low power usage. Since it’s LTE-M rather than full LTE, you’re probably not going to be bringing back the golden days of Arduino Cellphones,  (since LTE-M doesn’t support VoLTE) but if LoRa isn’t your jam, and you hang out around cell towers, this level of connectivity might interest you.

Walter is actually a drop-in replacement for PyCom’s old GPy module, so if you had a project in mind for that and are frustrated by it being EoL — well, here you are. [Data Slayer] seemed impressed enough with its capabilities as a GPS tracker. We’re impressed with the 9.8 µA consumed in deep sleep mode, and the fact that it has already been certified with the CE, FCC, IC, RCM and UKCA. Those certs mean you could go from prototype to product without getting tangled in red tape, assuming Walter is the only radio onboard.

Our thanks to [Keith Olson] for phoning in the tip. If you have a tip and want to connect, operators are standing by. Continue reading “Walter Is A Tiny Cellular Modem For Your Projects”

BhangmeterV2 Answers The Question “Has A Nuke Gone Off?”

June 18, 2025 by 47 Comments

You might think that a nuclear explosion is not something you need a detector for, but clearly not everyone agrees. [Bigcrimping] has not only built one, the BhangmeterV2, but he has its output publicly posted at hasanukegoneoff.com, in case you can’t go through your day without checking if someone has nuked Wiltshire.

The Bhangmeter is based on an off-the-shelf “nuclear event detector”, the HSN-1000L by Power Device Corporation.

The HSN 1000 Nuclear Event Detector at the heart of the build. We didn’t know this thing existed, never mind that it was still available.

Interfacing to the HSN-1000L is very easy: you give it power, and it gives you a pin that stays HIGH unless it detects the characteristic gamma ray pulse of a nuclear event. The gamma ray pulse occurs at the beginning of a “nuclear event” precedes the EMP by some microseconds, and the blast wave by perhaps many seconds, so the HSN-1000 series seems be aimed at triggering an automatic shutdown that might help preserve electronics in the event of a nuclear exchange.

[Bigcrimping] has wired the HSN-1000L to a Raspberry Pi Pico 2 W to create the BhangmeterV2. In the event of a nuclear explosion, it will log the time the nuclear event detector’s pin goes low, and the JSON log is pushed to the cloud, hopefully to a remote server that won’t be vaporized or bricked-by-EMP along with the BhangmeterV2. Since it is only detecting the gamma ray pulse, the BhangmeterV2 is only sensitive to nuclear events within line-of-sight, which is really not where you want to be relative to a nuclear event. Perhaps V3 will include other detection methods– maybe even a 3D-printed neutrino detector?

If you survive the blast this project is designed to detect, you might need a radiation detector to deal with the fallout. For identifying exactly what radionuclide contamination is present, you might want a gamma-ray spectrometer.

It’s a sad comment on the modern world that this hack feels both cold-war vintage and relevant again today. Thanks to [Tom] for the tip; if you have any projects you want to share, we’d love to hear from you whether they’d help us survive nuclear war or not.

Open Source Framework Aims To Keep Tidbyt Afloat

March 29, 2025 by 10 Comments

We recently got a note in the tips line from [Tavis Gustafson], who is one of the developers of Tronbyt — a replacement firmware and self-hosted backend that breaks the Tidbyt smart display free from its cloud dependency. When they started the project, [Tavis] says the intent was simply to let privacy-minded users keep their data within the local network, which was itself a goal worthy enough to be featured on these pages.

But now that Tidbyt has been acquired by Modal and has announced they’ll no longer be producing new units, things have shifted slightly. While the press release says that the Tidbyt backend is going to stay up and running for existing customers, the writing is clearly on the wall. It’s now possible that the Tronbyt project will be able to keep these devices from ending up in landfills when the cloud service is inevitably switched off, especially if they can get the word out to existing users before then.

What’s that? You say you haven’t heard of Tidbyt? Well, truth be told, neither had we. So we did some digging, and this is where things get really interesting.

Continue reading “Open Source Framework Aims To Keep Tidbyt Afloat”

A Guide To Making The Right Microcontroller Choice

February 14, 2025 by 50 Comments

Starting a new microcontroller project can be pretty daunting. While you have at least a rough idea of where you want to end up, there are so many ways to get there that you can get locked into “analysis paralysis” and never get the project off the ground. Or arguably worse, you just throw whatever dev board you have in the junk bin and deal with the consequences.

While it’s hard to go wrong with relying on a familiar MCU and toolchain, [lcamtuf] argues in this recent guide to choosing microcontrollers that it’s actually not too much of a chore to make the right choice. Breaking the microcontroller universe down into three broad categories makes the job a little easier: simple process control, computationally intensive tasks, and IoT products. Figuring out where your project falls on that spectrum narrows your choices considerably.

For example, if you just need to read some sensors and run a few servos or solenoids, using something like a Raspberry Pi is probably overkill. On the other hand, a Pi or other SBC might be fine for something that you need wireless connectivity. We also appreciate that [lcamtuf] acknowledges that intangible considerations sometimes factor in, such as favoring a new-to-you MCU because you’ll get experience with technology you haven’t used before. It might not override technical considerations by itself, but you can’t ignore the need to stretch your wings once in a while.

There’s nothing earth-shattering here, but we enjoy think pieces like this. It’s a bit like [lcamtuf]’s recent piece on rethinking your jellybean op-amps.