Get ready for another step towards our dystopian future as scientists have invented a way to track and monitor what we eat. This 2mm x 2mm wireless sensor can be mounted on to teeth and can track everything that goes into your mouth. Currently it can monitor salt, glucose, and alcohol intake. The sensor then communicates wirelessly to a mobile device that tracks the data. Future revisions are predicted to monitor a wide range of nutrients and chemicals that can get ingested.
It uses an interesting method to both sense the target chemicals and communicate its data. It consists of a sandwich of three layers with the central layer being a biosensor that reacts to certain chemicals. The complete sandwich forms a tiny RFID antenna and when RF signals are transmitted to the device, some of the signal gets absorbed by the antenna and the rest reflected back.
The mechanism is similar to how chromatography works for chemical analysis where certain chemicals absorb light wavelengths of specific frequencies. Passing a calibrated light source through a gas column and observing the parts of the spectrum that get absorbed allows researchers to identify certain chemicals inside the column.
This technology is based on previous research with”tooth tatoos” that could be used by dentists to monitor your oral health. Now this tiny wireless sensor has evolved to monitoring the dietary intake of people for health purposes but we’re pretty sure Facebook is eyeing it for more nefarious purposes too.
LoRa and LPWANs (Low Power Wide Area Networks) are all the range (tee-hee!) in wireless these days. LoRa is a sub 1-GHz wireless technology using sophisticated signal processing and modulation techniques to achieve long-range communications.
With that simplified introduction, [Omkar Joglekar] designed his own LoRa node used for outdoor sensor monitoring based on the HopeRF RFM95 LoRa module. It’s housed in an IP68 weatherproof enclosure and features an antenna that was built from scratch using repurposed copper rods. He wrote up the complete build, materials, and description which makes it possible for others to try their hand at putting together their own complete LoRa node for outdoor monitoring applications.
Undoubtedly, the ESP8266’s biggest selling point is its WiFi capability for a ridiculously low price. Paranoid folks probably await the day its closed-source firmware bits will turn against humanity in a giant botnet, but until then, hobbyists and commercial vendors alike will proceed putting them in their IoT projects and devices. One of those devices is the Yeelight desk lamp that lets you set its color temperature and brightness via mobile app.
[fvollmer] acquired such a lamp, and while he appreciated its design and general concept, he wasn’t happy that it communicates with external servers. So he did the only reasonable thing and wrote his own firmware that resembles the original functionality, but leaves out the WiFi part. After all, the ESP8266 has still a lot to offer in its core essence: a full-blown 32-bit microcontroller with support for the most common, hobbyist-friendly SDKs.
Sometimes the best part of building something is getting to rebuild it again a little farther down the line. Don’t tell anyone, but sometimes when we start a project we don’t even know where the end is going to be. It’s a starting point, not an end destination. Who wants to do something once when you could do it twice? Maybe even three times for good measure?
That’s what happened when [Ryan] decided to build a wireless “party button” for his kids. Tied into his Home Assistant automation system, a smack of the button plays music throughout the house and starts changing the colors on his Philips Hue lights. His initial version worked well enough, but in the video after the break, he walks through the evolution of this one-off gadget into a general purpose IoT interface he can use for other projects.
The general idea is pretty simple, the big physical button on the top of the device resets the internal ESP8266, which is programmed to connect to his home WiFi and send a signal to his MQTT server. In the earlier versions of the button there was quite a bit of support electronics to handle converting the momentary action of the button to a “hard” power control for the ESP8266. But as the design progressed, [Ryan] realized he could put the ESP8266 to deep sleep after it sends the signal, and just use the switch to trigger a reset on the chip.
Additional improvements in the newer version of the button include switching from alkaline AA batteries to a rechargeable lithium-ion pack, and even switching over to a bare ESP8266 rather than the NodeMCU development board he was using for the first iteration.
Back in the olden days, when the Wire library still sucked, the Arduino was just a microcontroller. Now, we have single board computers and cheap microcontrollers with WiFi built in. As always, there’s a need to make programming and embedded development more accessible and more widely supported among the hundreds of devices available today.
At the Embedded Linux Conference this week, [Massimo Banzi] announced the beginning of what will be Arduino’s answer to the cloud, online IDEs, and a vast ecosystem of connected devices. It’s Arduino Create, an online IDE that allows anyone to develop embedded projects and manage them remotely.
As demonstrated in [Massimo]’s keynote, the core idea of Arduino Create is to put a connected device on the Internet and allow over-the-air updates and development. As this is Arduino, the volumes of libraries available for hundreds of different platforms are leveraged to make this possible. Right now, a wide variety of boards are supported, including the Raspberry Pi, BeagleBone, and several Intel IoT boards.
The focus of this development is platform-agnostic and focuses nearly entirely on ease of use and interoperability. This is a marked change from the Arduino of five years ago; there was a time when the Arduino was an ATmega328p, and that’s about it. A few years later, you could put Arduino sketches on an ATtiny85. A lot has changed since then. We got the Raspberry Pi, we got Intel stepping into the waters of IoT devices, we got a million boards based on smartphone SoCs, and Intel got out of the IoT market.
While others companies and organizations have already made inroads into an online IDE for Raspberry Pis and other single board computers, namely the Adafruit webIDE and Codebender, this is a welcome change that already has the support of the Arduino organization.
If you have not had children, stop reading now, we implore you. Because before you’ve had kids, you can’t know how supremely important it is that they take care of going to the bathroom by themselves. [David Gouldin] knows how it is. But unlike most of us, he resorted to using an Amazon IoT button and Twilio. No, we are not kidding.
The problem he was trying to solve is when his younger child would need to use the potty in the middle of the night, calling out for assistance would wake the older child. [David] said it best himself:
Behind the smiling emoji facade is an Amazon IoT button, a variant of Amazon’s dash button. When my kid presses this button, it triggers an AWS Lambda function that uses Twilio’s Python Helper Library to call my iPhone from a Twilio number. The Twilio number is stored in my contacts with “emergency bypass” turned on, so even when it’s 2am and I’m on “do not disturb” I still get the call.
Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.
We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.
This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.
So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.
Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway. And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.