Speaker Snitch Tattles On Privacy Leaks

December 9, 2020 by Bryan Cockfield 33 Comments

A wise senator once noted that democracy dies with thunderous applause. Similarly, it’s also how privacy dies, as we invite more and more smart devices willingly into our homes that are built by companies that don’t tend to have our best interests in mind. If you’re not willing to toss all of these admittedly useful devices out of the house but still want to keep an eye on what they’re doing, though, [Nick Bild] has a handy project that lets you keep an eye on them when they try to access the network.

The device is built on a Raspberry Pi that acts as a middle man for these devices on his home network. Any traffic they attempt to send gets sent through the Pi which sniffs the traffic via a Python script and is able to detect when they are accessing their cloud services. From there, the Pi sends an alert to an IoT Arduino connected to an LED which illuminates during the time in which the smart devices are active.

The build is an interesting one because many smart devices are known to listen in to day-to-day conversation even without speaking the code phrase (i.e. “Hey Google” etc.) and this is a great way to have some peace-of-mind that a device is inactive at any particular moment. However, it’s not a foolproof way of guaranteeing privacy, as plenty of devices might be accessing other services, and still other devices have even been known to ship with hidden hardware.

Continue reading “Speaker Snitch Tattles On Privacy Leaks” →

Roll Your Own Tracking

December 8, 2020 by Matthew Carlson 35 Comments

The smartphone is perhaps the signature device of our modern lives. For most of the population it is never more than an arm’s length away, it’s on your person more than any other device in your life. Smartphones are packed with all sorts of radios and ways to communicate wireless. [Amine Mansouri] built an ESP8266 based tracking device that takes advantage of this.

Most WiFi-enabled devices will send out “probe requests” frames trying to search for the SSIDs they were connected to. These packets contain the device MAC address as well as the SSIDs you’ve connected to. Using about 12 components, [Amine] laid out a small board in Eagle. By putting the ESP8266 in monitor mode, the probe frames can be logged and uploaded. The code can be updated OTA making it easy to service while in the field.

With permission from his local library, eight repeater boards were scattered throughout the building to forward the probe packets to where the tracker could pick them up. A simple web interface was built that allows the library to figure out how many people are in the library and how often they frequent the premises.

While an awesome project with open-source code on Github, it is important to stress how important is it to get permission to do this kind of tracking. While some phones implement MAC randomization, there are still many out in the wild that don’t. While this is similar to another project that listens to radio signals to determine the coming and going of ships and planes, tracking people with this sort of granularity is in a different category altogether.

Thanks [Amine] for sending this one in!

Exploring Custom Firmware On Xiaomi Thermometers

December 8, 2020 by Tom Nardi 55 Comments

If we’ve learned anything over the years, it’s that hackers love to know what the temperature is. Seriously. A stroll through the archives here at Hackaday uncovers an overwhelming number of bespoke gadgets for recording, displaying, and transmitting the current conditions. From outdoor weather stations to an ESP8266 with a DHT11 soldered on, there’s no shortage of prior art should you want to start collecting your own environmental data.

Now obviously we’re big fans of DIY it here, that’s sort of the point of the whole website. But there’s no denying that it can be hard to compete with the economies of scale, especially when dealing with imported goods. Even the most experienced hardware hacker would have trouble building something like the Xiaomi LYWSD03MMC. For as little as $4 USD each, you’ve got a slick energy efficient sensor with an integrated LCD that broadcasts the current temperature and humidity over Bluetooth Low Energy.

You could probably build your own…but why?

It’s pretty much the ideal platform for setting up a whole-house environmental monitoring system except for one detail: it’s designed to work as part of Xiaomi’s home automation system, and not necessarily the hacked-together setups that folks like us have going on at home. But that was before Aaron Christophel got on the case.

We first brought news of his ambitious project to create an open source firmware for these low-cost sensors last month, and unsurprisingly it generated quite a bit of interest. After all, folks taking existing pieces of hardware, making them better, and sharing how they did it with the world is a core tenet of this community.

Believing that such a well crafted projected deserved a second look, and frankly because I wanted to start monitoring the conditions in my own home on the cheap, I decided to order a pack of Xiaomi thermometers and dive in.

Continue reading “Exploring Custom Firmware On Xiaomi Thermometers” →

MQTT Dashboard Uses SHARP Memory LCD

November 29, 2020 by Jenny List 7 Comments

One of the more interesting display technologies of the moment comes from Sharp, their memory display devices share the low power advantages of an e-ink display with the much faster updates we would expect from an LCD or similar. We’ve not seen much of them in our community due to cost, so it’s good to see one used in an MQTT dashboard project from [Raphael Baron].

The hardware puts the display at the top of a relatively minimalist 3D printed encloseure with the LOLIN32 ESP32 development board behind it, and with a plinth containing a small rotary encoder and three clicky key switches in front. The most interesting part of the project is surprisingly not the display though, because despite being based upon an ESP32 development board he’s written its software with the aim of being as platform- and display-independent as possible. To demonstrate this he’s produced it as a desktop application as well as the standalone hardware. A simple graphical user interface allows the selection of a range of available sources to monitor, with the graphical results on the right.

All code and other assets for the project can be found in a handy GitHub repository, and to put the thing through its paces he’s even provided a video that we’ve placed below the break. User interfaces for MQTT-connected devices can talk as well as listen, for example this MQTT remote control.

Continue reading “MQTT Dashboard Uses SHARP Memory LCD” →

Shhh… Robot Vacuum Lidar Is Listening

November 27, 2020 by Inderpreet Singh 5 Comments

There are millions of IoT devices out there in the wild and though not conventional computers, they can be hacked by alternative methods. From firmware hacks to social engineering, there are tons of ways to break into these little devices. Now, four researchers at the National University of Singapore and one from the University of Maryland have published a new hack to allow audio capture using lidar reflective measurements.

The hack revolves around the fact that audio waves or mechanical waves in a room cause objects inside a room to vibrate slightly. When a lidar device impacts a beam off an object, the accuracy of the receiving system allows for measurement of the slight vibrations cause by the sound in the room. The experiment used human voice transmitted from a simple speaker as well as a sound bar and the surface for reflections were common household items such as a trash can, cardboard box, takeout container, and polypropylene bags. Robot vacuum cleaners will usually be facing such objects on a day to day basis.

The bigger issue is writing the filtering algorithm that is able to extract the relevant information and separate the noise, and this is where the bulk of the research paper is focused (PDF). Current developments in Deep Learning assist in making the hack easier to implement. Commercial lidar is designed for mapping, and therefore optimized for reflecting off of non-reflective surface. This is the opposite of what you want for laser microphone which usually targets a reflective surface like a window to pick up latent vibrations from sound inside of a room.

Deep Learning algorithms are employed to get around this shortfall, identifying speech as well as audio sequences despite the sensor itself being less than ideal, and the team reports achieving an accuracy of 90%. This lidar based spying is even possible when the robot in question is docked since the system can be configured to turn on specific sensors, but the exploit depends on the ability to alter the firmware, something the team accomplished using the Dustcloud exploit which was presented at DEF CON in 2018.

You don’t need to tear down your robot vacuum cleaner for this experiment since there are a lot of lidar-based rovers out there. We’ve even seen open source lidar sensors that are even better for experimental purposes.

Thanks for the tip [Qes]

Easy IoT Logging Options For The Beginner

November 19, 2020 by Lewin Day 20 Comments

If a temperature sensor takes a measurement in the woods but there’s nobody around to read it, is it hot out?

If you’ve got a project that’s collecting data, you might have reasons to put it online. Being able to read your data from anywhere has its perks, after all, and it’s key to building smarter interconnected systems, too. Plus, you can tell strangers the humidity in your living room while you’re out at the pub, and they’ll be really impressed.

Taking the leap into the Internet of Things can be daunting however, with plenty of competing services and options from the basic to the industrial-strength available. Today, we’re taking a look at two options for logging data online that are accessible to the beginner. Continue reading “Easy IoT Logging Options For The Beginner” →

Robots Can Finally Answer, Are You Talking To Me?

November 8, 2020 by Matthew Carlson 25 Comments

Voice Assistants, love them, or hate them, are becoming more and more commonplace. One problem for voice assistants is the situation of multiple devices listening in the same place. When a command is given, which device should answer? Researchers at CMU’s Future Interfaces Group [Karan Ahuja], [Andy Kong], [Mayank Goel], and [Chris Harrison] have an answer; smart assistants should try to infer if the user is facing the device they want to talk to. They call it direction-of-voice or DoV.

Currently, smart assistants use a simple race to see who heard it first. The reasoning is that the device you are closest to will likely hear it first. However, in situations with echos or when you’re equidistant from multiple devices, the outcome can seem arbitrary to a user.

The implementation of DoV uses an Extra-Trees Classifier from the python sklearn toolkit. Several other machine learning algorithms were considered, but ultimately efficiency won out and Extra-Trees was selected. Another interesting facet of the research was determining what facing really means. The team had humans ‘listeners’ stand in for smart assistants. A ‘talker’ would speak the key phrase while the ‘listener’ determined if the talker was facing them or not. Based on their definition of facing, the system can determine if someone is facing the device with 90% accuracy that rises to 93% with per-room calibration.

Their algorithm as well as the data they collected has been open-sourced on GitHub. Perhaps when you’re building your own voice assistant, you can incorporate DoV to improve wake-word accuracy.

Continue reading “Robots Can Finally Answer, Are You Talking To Me?” →