Exposing Private Facebook Photos With A Malicious App

March 20, 2015 by Rick Osgood 21 Comments

[Laxman] is back again with another hack related to Facebook photos. This hack revolves around the Facebook mobile application’s “sync photos” function. This feature automatically uploads every photo taken on your mobile device to your Facebook account. These photos are automatically marked as private so that only the user can see them. The user would have to manually update the privacy settings on each photo later in order to make them available to friends or the public.

[Laxman] wanted to put these privacy restrictions to the test, so he started poking around the Facebook mobile application. He found that the Facebook app would make an HTTP GET request to a specific URL in order to retrieve the synced photos. This request was performed using a top-level access token. The Facebook server checked this token before sending down the private images. It sounds secure, but [Laxman] found a fatal flaw.

The Facebook server only checked the owner of the token. It did not bother to check which Facebook application was making the request. As long as the app had the “user_photos” permission, it was able to pull down the private photos. This permission is required by many applications as it allows the apps to access the user’s public photos. This vulnerability could have allowed an attacker access to the victim’s private photos by building a malicious application and then tricking victims into installing the app.

At least, that could have been the case if Facebook wasn’t so good about fixing their vulnerabilities. [Laxman] disclosed his finding to Facebook. They had patched the vulnerability less than an hour after acknowledging the disclosure. They also found this vulnerability severe enough to warrant a $10,000 bounty payout to [Laxman]. This is in addition to the $12,500 [Laxman] received last month for a different Facebook photo-related vulnerability.

Caption CERN Contest

February 3, 2015 by Adam Fabio 17 Comments

To say Hackaday has passionate folks in our comments section would be an understatement. You’ve made us laugh, made us cry, and made us search high and low for the edit button. From the insightful to the humorous, Hackaday’s comments have it all. So, we’re putting you to work helping out an organization that has done incredible work for science over the years.

The European Organization for Nuclear Research (CERN) has quite a storied 60 year history. CERN has been involved in pursuits as varied as the discovery of neutral currents, to Higgs boson research, to the creation of the World Wide Web. Like any research scientists, CERN staff have always been good about documenting their work. Many of these records are in the form of photographs: hundreds of thousands of them. The problem is that no one kept records as to what each photograph depicts!

The folks at CERN are trying to remedy this by publishing over 120,000 unknown photos taken between 1955 and 1985. The hope is that someone out there recognizes the people and equipment in the photos, and can provide some insight as to what exactly we’re looking at.

Here at Hackaday we think these photos should be seen and discussed, and we’re going to have some fun doing it. To that end, we’re hosting the Caption CERN Contest on Hackaday.io. Each week we’ll add a project log with a new image from CERN’s archives. If you know what the image is, click on CERN’s discussion link for the photo and let them know! If you don’t know, take a shot at a humorous caption. Hackaday staff will pick the best caption each week. Winners will get a shirt from The Hackaday Store.

Here’s how it will work: A new project log will go up every week on Tuesday night at around 9pm PDT. The project log will contain an image from CERN’s archives. You have until the following Tuesday at 9pm PDT to come up with a caption, and drop it in the comments. One entry per user: if you post multiple entries, we’ll only consider the last one.

The first image is up, so head over and start writing those captions!

Good Luck!

A Single Pixel Digital Camera With Arduino

January 31, 2015 by Rick Osgood 29 Comments

[Jordan] managed to cobble together his own version of a low resolution digital camera using just a few components. The image generated is pretty low resolution and is only in grey scale, but it’s pretty impressive what can be done with some basic hardware.

The heart of the camera is the image sensor. Most consumer digital cameras have tons of tiny receptors all jammed into the sensor. This allows for a larger resolution image, capturing more detail in a smaller space. Unfortunately this also usually means a higher price tag. [Jordan’s] sensor includes just a single pixel. The sensor is really just an infrared photodiode inside of a tube. The diode is connected to an analog input pin on an Arduino. The sensor can be pointed at an object, and the Arduino can sense the brightness of that one point.

In order to compile an actual image, [Jordan] needs to obtain readings of multiple points. Most cameras do this using the large array of pixels. Since [Jordan’s] camera only has a single pixel, he has to move it around and take each reading one at a time. To accomplish this, the Arduino is hooked up to two servo motors. This allows the sensor to be aimed horizontally and vertically. The Arduino slowly scans the sensor in a grid, taking readings along the way. A Processing application then takes each reading and compiles the final image.

Since this camera compiles an image so slowly, it sometimes has a problem with varying brightness. [Jordan] noticed this issue when clouds would pass over while he was taking an image. To fix this problem, he added an ambient light sensor. The Arduino can detect the amount of overall ambient light and then adjust each reading to compensate. He says it’s not perfect but the results are still an improvement. Maybe next time he can try it in color.

CAMdrive Is An Open Source Time-lapse Photography Controller

January 29, 2015 by Rick Osgood 9 Comments

[Nightflyer] has been working on an open source project he calls CAMdrive. CAMdrive is designed to be a multi-axis controller for time-lapse photography. It currently only supports a single axis, but he’s looking for help in order to expand the functionality.

You may already be familiar with the idea of time-lapse photography. The principal is that your camera takes a photo automatically at a set interval. An example may be once per minute. This can be a good way to get see gradual changes over a long period of time. While this is interesting in itself, time-lapse videos can often be made more interesting by having the camera move slightly each time a photo is taken. CAMdrive aims to aid in this process by providing a framework for building systems that can pan, tilt, and slide all automatically.

The system is broken out into separate nodes. All nodes can communicate with each other via a communication bus. Power is also distributed to each node along the bus, making wiring easier. The entire network can be controlled via Bluetooth as long as any one of the nodes on the bus include a Bluetooth module. Each node also includes a motor controller and corresponding motor. This can either be a stepper motor or DC motor.

The system can be controlled using an Android app. [Nightflyer’s] main limitation at the moment is with the app. He doesn’t have much experience programming apps for Android and he’s looking for help to push the project forward. It seems like a promising project for those photography geeks out there. Continue reading “CAMdrive Is An Open Source Time-lapse Photography Controller” →

A Remote For CHDK Cameras Made Possible With Arduino

January 26, 2015 by Rick Osgood 9 Comments

[AlxDroidDev] built himself a nice remote control box for CHDK-enabled cameras. If you haven’t heard of CHDK, it’s a pretty cool software modification for some Canon cameras. CHDK adds many new features to inexpensive cameras. In this case, [AlxDroidDev] is using a feature that allows the camera shutter to be activated via USB. CHDK can be run from the SD card, so no permanent modifications need to be made to the camera.

[AlxDroidDev’s] device runs off of an ATMega328p with Arduino. It operates from a 9V battery. The circuit contains an infrared receiver and also a Bluetooth module. This allows [AlxDroidDev] to control his camera using either method. The device interfaces to the camera using a standard USB connector and cable. It contains three LEDs, red, green, and blue. Each one indicates the status of a different function.

The Arduino uses Ken Shirrif’s IR Remote library to handle the infrared remote control functions. SoftwareSerial is used to connect to the Bluetooth module. The Arduino code has built-in functionality for both Canon and Nikon infrared remote controls. To control the camera via Bluetooth, [AlxDroidDev] built a custom Android application. The app can not only control the camera’s shutter, but it can also control the level of zoom.

Simple Photo Flash Trigger For Water Balloon Photography

October 2, 2014 by Rick Osgood 33 Comments

Water Balloon Photography

There have been countless projects to make custom photo flash trigger circuits. Usually the circuits react to sound, triggering the camera flash at the moment a certain sound is triggered. That type of trigger can be used to detect the popping of a balloon or shattering of glass. Other triggers detect motion, like a projectile crossing a laser beam for example. [Udo’s] friend had a fun idea to take photos of water balloons popping. Unfortunately neither of those trigger methods would be well suited for this situation. That’s when [Udo] had to get creative.

[Udo] built a unique trigger circuit that uses the water inside the balloon as the trigger. The core component of the circuit is an Arduino. One of the Arduino’s analog pins is configured to enable the internal pull-up resistor. If nothing else is connected to the pin, the Arduino will read 5 volts there. The pin is connected to a needle on the end of a stick. There is a second needle on the same stick, just a short distance away from the first. When these needles pierce the balloon’s skin, the water inside allows for a brief moment of conductivity between the two pins. The voltage on the analog pin then drops slightly, and the Arduino can detect that the balloon has popped.

[Udo] already had a flash controller circuit. He was able to trigger it with the Arduino by simply trying the flash controller’s trigger pin to one of the Arduino’s pins. If the Arduino pulls the pin to ground, it closes the switch on the flash controller and the flash is triggered. Both circuits must share a common ground in order for this to work.

All of the code for [Udo’s] project is freely available. With such spectacular photographs, it’s only a matter of time before we see more of these floating around.

Reverse Engineering A Wireless Studio Lighting Remote

October 1, 2014 by Rick Osgood 3 Comments

If you want to take a photograph with a professional look, proper lighting is going to be critical. [Richard] has been using a commercial lighting solution in his studio. His Lencarta UltraPro 300 studio strobes provide adequate lighting and also have the ability to have various settings adjusted remotely. A single remote can control different lights setting each to its own parameters. [Richard] likes to automate as much as possible in his studio, so he thought that maybe he would be able to reverse engineer the remote control so he can more easily control his lighting.

[Richard] started by opening up the remote and taking a look at the radio circuitry. He discovered the circuit uses a nRF24L01+ chip. He had previously picked up a couple of these on eBay, so his first thought was to just promiscuously snoop on the communications over the air. Unfortunately the chips can only listen in on up to six addresses at a time, and with a 40-bit address, this approach may have taken a while.

Not one to give up easily, [Richard] chose a new method of attack. First, he knew that the radio chip communicates to a master microcontroller via SPI. Second, he knew that the radio chip had no built-in memory. Therefore, the microcontroller must save the address in its own memory and then send it to the radio chip via the SPI bus. [Richard] figured if he could snoop on the SPI bus, he could find the address of the remote. With that information, he would be able to build another radio circuit to listen in over the air.

Using an Open Logic Sniffer, [Richard] was able to capture some of the SPI communications. Then, using the datasheet as a reference, he was able to isolate the communications that stored information int the radio chip’s address register. This same technique was used to decipher the radio channel. There was a bit more trial and error involved, as [Richard] later discovered that there were a few other important registers. He also discovered that the remote changed the address when actually transmitting data, so he had to update his receiver code to reflect this.

The receiver was built using another nRF24L01+ chip and an Arduino. Once the address and other registers were configured properly, [Richard’s] custom radio was able to pick up the radio commands being sent from the lighting remote. All [Richard] had to do at this point was press each button and record the communications data which resulted. The Arduino code for the receiver is available on the project page.

[Richard] took it an extra step and wrote his own library to talk to the flashes. He has made his library available on github for anyone who is interested.