Hackaday Links: December 20, 2020

If development platforms were people, Google would be one of the most prolific serial killers in history. Android Things, Google’s attempt at an OS for IoT devices, will officially start shutting down on January 5, 2021, and the plug will be pulled for good a year later. Android Things, which was basically a stripped-down version of the popular phone operating system, had promise, especially considering that Google was pitching it as a secure alternative in the IoT space, where security is often an afterthought. We haven’t exactly seen a lot of projects using Android Things, so the loss is probably not huge, but the list of projects snuffed by Google and the number of developers and users left high and dry by these changes continues to grow. Continue reading “Hackaday Links: December 20, 2020”

Speaker Snitch Tattles On Privacy Leaks

A wise senator once noted that democracy dies with thunderous applause. Similarly, it’s also how privacy dies, as we invite more and more smart devices willingly into our homes that are built by companies that don’t tend to have our best interests in mind. If you’re not willing to toss all of these admittedly useful devices out of the house but still want to keep an eye on what they’re doing, though, [Nick Bild] has a handy project that lets you keep an eye on them when they try to access the network.

The device is built on a Raspberry Pi that acts as a middle man for these devices on his home network. Any traffic they attempt to send gets sent through the Pi which sniffs the traffic via a Python script and is able to detect when they are accessing their cloud services. From there, the Pi sends an alert to an IoT Arduino connected to an LED which illuminates during the time in which the smart devices are active.

The build is an interesting one because many smart devices are known to listen in to day-to-day conversation even without speaking the code phrase (i.e. “Hey Google” etc.) and this is a great way to have some peace-of-mind that a device is inactive at any particular moment. However, it’s not a foolproof way of guaranteeing privacy, as plenty of devices might be accessing other services, and still other devices have¬† even been known to ship with hidden hardware.

Continue reading “Speaker Snitch Tattles On Privacy Leaks”

Roll Your Own Tracking

The smartphone is perhaps the signature device of our modern lives. For most of the population it is never more than an arm’s length away, it’s on your person more than any other device in your life. Smartphones are packed with all sorts of radios and ways to communicate wireless. [Amine Mansouri] built an ESP8266 based tracking device that takes advantage of this.

Most WiFi-enabled devices will send out “probe requests” frames trying to search for the SSIDs they were connected to. These packets contain the device MAC address as well as the SSIDs you’ve connected to. Using about 12 components, [Amine] laid out a small board in Eagle. By putting the ESP8266 in monitor mode, the probe frames can be logged and uploaded. The code can be updated OTA making it easy to service while in the field.

With permission from his local library, eight repeater boards were scattered throughout the building to forward the probe packets to where the tracker could pick them up. A simple web interface was built that allows the library to figure out how many people are in the library and how often they frequent the premises.

While an awesome project with open-source code on Github, it is important to stress how important is it to get permission to do this kind of tracking. While some phones implement MAC randomization, there are still many out in the wild that don’t. While this is similar to another project that listens to radio signals to determine the coming and going of ships and planes, tracking people with this sort of granularity is in a different category altogether.

Thanks [Amine] for sending this one in!

Exploring Custom Firmware On Xiaomi Thermometers

If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.

Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.

You could probably build your own…but why?

It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.

We first brought news of his ambitious project to create an open source firmware for these low-cost sensors last month, and unsurprisingly it generated quite a bit of interest. After all, folks taking existing pieces of hardware, making them better, and sharing how they did it with the world is a core tenet of this community.

Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.

Continue reading “Exploring Custom Firmware On Xiaomi Thermometers”

MQTT Dashboard Uses SHARP Memory LCD

One of the more interesting display technologies of the moment comes from Sharp, their memory display devices share the low power advantages of an e-ink display with the much faster updates we would expect from an LCD or similar. We’ve not seen much of them in our community due to cost, so it’s good to see one used in an MQTT dashboard project from [Raphael Baron].

The hardware puts the display at the top of a relatively minimalist 3D printed encloseure with the LOLIN32 ESP32 development board behind it, and with a plinth containing a small rotary encoder and three clicky key switches in front. The most interesting part of the project is surprisingly not the display though, because despite being based upon an ESP32 development board he’s written its software with the aim of being as platform- and display-independent as possible. To demonstrate this he’s produced it as a desktop application as well as the standalone hardware. A simple graphical user interface allows the selection of a range of available sources to monitor, with the graphical results on the right.

All code and other assets for the project can be found in a handy GitHub repository, and to put the thing through its paces he’s even provided a video that we’ve placed below the break. User interfaces for MQTT-connected devices can talk as well as listen, for example this MQTT remote control.

Continue reading “MQTT Dashboard Uses SHARP Memory LCD”

Shhh… Robot Vacuum Lidar Is Listening

There are millions of IoT devices out there in the wild and though not conventional computers, they can be hacked by alternative methods. From firmware hacks to social engineering, there are tons of ways to break into these little devices. Now, four researchers at the National University of Singapore and one from the University of Maryland have published a new hack to allow audio capture using lidar reflective measurements.

The hack revolves around the fact that audio waves or mechanical waves in a room cause objects inside a room to vibrate slightly. When a lidar device impacts a beam off an object, the accuracy of the receiving system allows for measurement of the slight vibrations cause by the sound in the room. The experiment used human voice transmitted from a simple speaker as well as a sound bar and the surface for reflections were common household items such as a trash can, cardboard box, takeout container, and polypropylene bags. Robot vacuum cleaners will usually be facing such objects on a day to day basis.

The bigger issue is writing the filtering algorithm that is able to extract the relevant information and separate the noise, and this is where the bulk of the research paper is focused (PDF). Current developments in Deep Learning assist in making the hack easier to implement. Commercial lidar is designed for mapping, and therefore optimized for reflecting off of non-reflective surface. This is the opposite of what you want for laser microphone which usually targets a reflective surface like a window to pick up latent vibrations from sound inside of a room.

Deep Learning algorithms are employed to get around this shortfall, identifying speech as well as audio sequences despite the sensor itself being less than ideal, and the team reports achieving an accuracy of 90%. This lidar based spying is even possible when the robot in question is docked since the system can be configured to turn on specific sensors, but the exploit depends on the ability to alter the firmware, something the team accomplished using the Dustcloud exploit which was presented at DEF CON in 2018.

You don’t need to tear down your robot vacuum cleaner for this experiment since there are a lot of lidar-based rovers out there. We’ve even seen open source lidar sensors that are even better for experimental purposes.

Thanks for the tip [Qes]

Easy IoT Logging Options For The Beginner

If a temperature sensor takes a measurement in the woods but there’s nobody around to read it, is it hot out?¬†

If you’ve got a project that’s collecting data, you might have reasons to put it online. Being able to read your data from anywhere has its perks, after all, and it’s key to building smarter interconnected systems, too. Plus, you can tell strangers the humidity in your living room while you’re out at the pub, and they’ll be really impressed.

Taking the leap into the Internet of Things can be daunting however, with plenty of competing services and options from the basic to the industrial-strength available. Today, we’re taking a look at two options for logging data online that are accessible to the beginner. Continue reading “Easy IoT Logging Options For The Beginner”